PDA

View Full Version : Rootkit.Agent Help



Icaru
2009-08-21, 03:59
Hey, I am having a bit of a problem with a Win32 rootkit agent trojan, the virus its helping to get in or maybe its the rootkit itself is seriously effecting what I can and cannot open, as well as the usual redirects. I have a log file from just over half an hour ago, but I cannot open the HJT program now. (I have problems getting the net and HJT to work at the same time.), and half the time it prevents me shutting down or restarting the computer.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:26:41, on 21/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpBrowser.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\eset\nodenable.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\DOCUME~1\Sean\LOCALS~1\Temp\PTI43.tmp
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Sean\LOCALS~1\Temp\PTI45.tmp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Microsoft IME (Japanese) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B1BE275B-78BF-4A33-81AB-380699CFF329} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173835372765
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9faa0228a476e) (gupdate1c9faa0228a476e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

ken545
2009-08-21, 23:30
Hello Icaru

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

BitTorrent DNA <--Using programs like this is most likely how you infected your computer.

Read this please
http://forums.spybot.info/showthread.php?t=282


We Need to check for Rootkits with RootRepeal
Please download RootRepeal one of these locations and save it to your desktop
Here (http://ad13.geekstogo.com/RootRepeal.exe)
Here (http://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe)
Here (http://rootrepeal.psikotick.com/RootRepeal.exe)

Open http://billy-oneal.com/forums/rootRepeal/rootRepealDesktopIcon.png on your desktop.
Click the http://billy-oneal.com/forums/rootRepeal/reportTab.png tab.
Click the http://billy-oneal.com/forums/rootRepeal/btnScan.png button.
Check just these boxes:
http://forums.whatthetech.com/uploads/monthly_08_2009/post-75503-1250480183.gif
Push Ok
Check the box for your main system drive (Usually C:, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the http://billy-oneal.com/forums/rootRepeal/saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.

Icaru
2009-08-22, 00:34
Thanks :) I feel I should note that I could only uninstall them through safe mode otherwise the computer crashed, I seriously hope its not through that as I only ever used it to download from certain site to download a mmorpg from their official site.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/21 22:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB785D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A03000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7072000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden Services
-------------------
Service Name: kbiwkmpxmtbbaq
Image Path: C:\WINDOWS\system32\drivers\kbiwkmjbituije.sys

Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACparfyvdplk.sys

==EOF==

ken545
2009-08-22, 00:43
Hi,

I will help you remove Bit Torrent a bit later, more important things to do now. Your infected with TDSS Rootkit

Follow these instructions for renaming Combofix or this rootkit will prevent it from running.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Icaru
2009-08-22, 01:34
I changed the name to Combo-Fix, and stopped my antivirus, but I cannot install combofix, most the time after the initial green bar has went to 100% it just disappears, it only got past that once and gave me an error messages saying I have the wrong OS and need either 2000 or XP, but as my previous posts show I have XP as my OS.

ken545
2009-08-22, 02:27
OK, let me tell ya, the latest threats are getting more sophisticated all the time, its getting harder and harder to remove this junk.

First, lets try running combofix in Safemode


To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

Icaru
2009-08-22, 03:44
Thanks, got it working now.

ComboFix 09-08-20.07 - Sean 22/08/2009 0:52.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1710 [GMT 1:00]
Running from: c:\documents and settings\Sean\Desktop\Combo-Fix.exe
AV: ESET Smart Security 4.0 *On-access scanning diabled* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1315932803-112375414-4076277614-1000
c:\documents and settings\Sean\Application Data\inst.exe
c:\windows\depmc.dll
c:\windows\Installer\167e869.msi
c:\windows\Installer\5cf05.msi
c:\windows\run.log
c:\windows\system32\adngltzhd.dat
c:\windows\system32\adngltzhd_navtmp.dat
c:\windows\system32\drivers\kbiwkmjbituije.sys
c:\windows\system32\drivers\UACparfyvdplk.sys
c:\windows\system32\kbiwkmcxfmscsv.dat
c:\windows\system32\kbiwkmirjikget.dll
c:\windows\system32\kbiwkmlasftenk.dat
c:\windows\system32\kbiwkmwcpxrlxd.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmpxmtbbaq
-------\Legacy_kbiwkmpxmtbbaq
-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 22:06 . 2009-08-21 22:07 -------- d-s---w- C:\malgnone
2009-08-21 22:05 . 2009-08-21 22:06 -------- d-s---w- C:\Antimal
2009-08-21 20:54 . 2009-08-21 20:54 0 ----a-w- c:\documents and settings\Sean\settings.dat
2009-08-21 00:02 . 2009-08-21 00:02 -------- d-----w- c:\program files\ERUNT
2009-08-20 22:56 . 2009-08-20 22:56 -------- d-----w- c:\program files\Trend Micro
2009-08-20 22:48 . 2009-08-20 22:48 -------- d-----w- c:\documents and settings\Sean\DoctorWeb
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-08-20 15:23 . 2009-08-20 15:23 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 14:47 . 2009-08-20 14:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 14:47 . 2009-08-20 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 17:41 . 2009-08-17 17:41 30208 ----a-w- c:\windows\system32\uacrem.dll
2009-08-17 00:29 . 2002-12-02 00:18 142848 ----a-w- c:\windows\gamedelete.exe
2009-08-13 01:42 . 2009-08-13 01:42 -------- d-----w- c:\windows\ServicePackFiles
2009-08-11 01:06 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY.users
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\program files\SogouInput
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY
2009-08-11 00:54 . 2009-08-11 00:54 -------- d-----w- c:\program files\optic
2009-08-10 19:24 . 2009-08-10 19:24 1 ----a-w- c:\windows\AR.DAT
2009-08-10 18:45 . 2004-08-04 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-08-10 18:44 . 2004-08-04 12:00 36927 ----a-w- c:\windows\system32\dllcache\padrs411.dll
2009-08-10 18:01 . 2009-08-11 13:16 -------- d-----w- c:\program files\Microsoft Works
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-07 02:06 . 2009-08-07 02:07 -------- d-----w- C:\e793a28d994623889e46ab28e0089a61
2009-07-31 20:16 . 2009-07-31 22:27 -------- d-----w- c:\program files\Galaxy Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 21:08 . 2007-07-07 21:55 -------- d-----w- c:\documents and settings\Sean\Application Data\BitTorrent
2009-08-21 21:08 . 2007-07-07 21:54 -------- d-----w- c:\program files\BitTorrent
2009-08-21 20:51 . 2008-05-08 15:56 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-21 01:44 . 2008-11-09 17:17 -------- d-----w- c:\documents and settings\Sean\Application Data\Skype
2009-08-19 23:44 . 2009-04-17 23:53 -------- d-----w- c:\program files\Zoom
2009-08-19 20:04 . 2008-11-09 17:19 -------- d-----w- c:\documents and settings\Sean\Application Data\skypePM
2009-08-14 01:37 . 2007-03-14 18:51 62296 ----a-w- c:\documents and settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 19:02 . 2008-03-27 20:07 52392 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 13:27 . 2008-10-13 20:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:21 . 2009-07-21 21:21 -------- d-----w- c:\program files\Lionhead Studios
2009-07-21 21:21 . 2007-03-14 19:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:19 . 2008-10-05 19:40 -------- d-----w- c:\program files\AIMTunes
2009-07-14 13:55 . 2007-11-23 14:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 19:54 . 2007-12-02 16:32 -------- d-----w- c:\program files\NoAdware5.0
2009-07-07 15:04 . 2008-12-02 16:37 -------- d-----w- c:\program files\EA GAMES
2009-07-07 01:44 . 2007-03-14 17:56 7040 ----a-w- c:\documents and settings\Sean\Application Data\wklnhst.dat
2009-07-01 23:05 . 2009-07-01 23:03 -------- d-----w- c:\program files\Google
2009-07-01 23:04 . 2007-07-14 22:12 -------- d-----w- c:\program files\DivX
2009-07-01 23:03 . 2009-07-01 23:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-27 21:46 . 2009-06-27 21:46 -------- d-----w- c:\program files\gPotato.eu
2009-06-25 22:39 . 2009-06-25 22:27 -------- d-----w- c:\program files\Sim File Maid 2
2009-06-25 21:59 . 2008-12-24 23:47 -------- d-----w- c:\program files\SimPE
2009-06-25 20:13 . 2009-06-25 20:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-06-25 20:02 . 2007-03-19 20:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 19:44 . 2009-06-25 19:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-25 17:24 . 2009-06-25 16:52 -------- d-----w- c:\documents and settings\Sean\Application Data\gtk-2.0
2009-06-25 00:30 . 2009-06-25 00:21 -------- d-----w- c:\documents and settings\Sean\Application Data\MilkShape 3D 1.x.x
2009-06-25 00:29 . 2009-06-25 00:29 -------- d-----w- c:\program files\GIMP-2.0
2009-06-25 00:21 . 2009-06-25 00:09 -------- d-----w- c:\program files\MilkShape 3D 1.8.4
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:06 . 2007-03-13 21:37 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2007-03-14 18:55 . 2007-03-14 18:55 338 ----a-w- c:\program files\Shortcut to My Documents.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-02-24 1103216]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-03-21 90112]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"nodenable"="c:\program files\eset\nodenable.exe" [2008-09-23 326823]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-20 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-04-20 258048]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 936960]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe [2007-11-24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"14384:TCP"= 14384:TCP:*:Disabled:SolidNetworkManager
"14384:UDP"= 14384:UDP:*:Disabled:SolidNetworkManager
"58056:TCP"= 58056:TCP:Pando Media Booster
"58056:UDP"= 58056:UDP:Pando Media Booster

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19/03/2009 11:44 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13/01/2009 20:17 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [05/10/2008 20:39 24652]
S2 gupdate1c9faa0228a476e;Google Update Service (gupdate1c9faa0228a476e);c:\program files\Google\Update\GoogleUpdate.exe [02/07/2009 00:03 133104]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys --> c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
.
- - - - ORPHANS REMOVED - - - -

BHO-{B1BE275B-78BF-4A33-81AB-380699CFF329} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-eyeBeam SIP Client - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 01:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d8,f7,ef,71,83,3b,ad,86,57,0d,a1,b2,40,1e,91,0a,4f,28,05,9d,f1,37,e4,
14,1a,c4,a3,ee,0c,a2,c6,53,22,35,fb,2a,a1,fd,2e,e3,96,a0,c8,5e,83,ee,20,95,\
"??"=hex:a4,ee,4a,3b,4b,a3,71,34,58,d2,24,9c,da,5f,85,a2

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:89,4c,3b,87,e6,31,66,1e,1c,33,35,cd,4f,a6,f6,c5,93,c0,47,8b,8d,
74,4c,80,db,80,f2,a2,42,c7,da,3f,0d,a2,a5,99,9f,ca,b0,dd,3b,1d,d7,e9,aa,31,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,55,d4,b7,59,44,
69,58,08,e2,63,26,f1,3f,c8,ff,68,3a,73,bb,94,1c,ae,ff,8e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8d,75,0a,51,3e,
e0,50,0e,6a,9c,d6,61,af,45,84,18,8c,07,4f,db,21,48,ce,32,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,e7,03,b3,54,a2,
a2,6f,a6,ff,7c,85,e0,43,d4,0e,fe,33,6b,37,b7,62,9b,0d,87,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,3e,ca,40,20,d3,
97,2e,a9,86,8c,21,01,be,91,eb,e7,bf,88,df,68,5e,e3,29,fd,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d6,91,fd,ac,68,
89,e0,c6,f5,1d,4d,73,a8,13,5c,05,9a,4e,a2,bf,2b,6f,60,c8,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,03,06,4b,b6,f5,
0d,07,8c,df,20,58,62,78,6b,cf,c8,6b,7d,7a,61,c7,ba,9b,df,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7d,a5,b4,1e,93,
9d,6c,d5,fb,a7,78,e6,12,2f,9a,ea,43,12,9f,72,fc,0e,bc,29,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,9f,00,91,cc,76,
2f,ab,ed,01,3a,48,fc,e8,04,4a,f1,28,a5,48,48,d5,1d,e7,53,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,27,ef,32,f3,9d,
1a,0a,06,f6,0f,4e,58,98,5b,89,c9,22,50,fd,70,3d,ac,73,13,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,40,41,1c,b5,ce,
1d,3f,3f,3d,ce,ea,26,2d,45,aa,78,c8,b5,35,a5,99,4f,63,d9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,d8,3a,7c,d5,0a,
19,f0,1b,2a,b7,cc,b5,b9,7f,41,e7,9b,a8,b7,22,03,9c,bd,09,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,b3,b9,fa,3e,dd,
05,d6,4f,6c,43,2d,1e,aa,22,2f,9c,49,5e,02,d7,a1,0b,65,53,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-08-22 1:17
ComboFix-quarantined-files.txt 2009-08-22 00:16

Pre-Run: 6,515,666,944 bytes free
Post-Run: 8,585,596,928 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

320 --- E O F --- 2009-08-14 01:42

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:32:27, on 22/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CF24083.exe
C:\WINDOWS\PEV.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\CF24083.exe
C:\WINDOWS\PEV.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Microsoft IME (Japanese) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173835372765
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9faa0228a476e) (gupdate1c9faa0228a476e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13895 bytes

ken545
2009-08-22, 14:01
Hi,

A bit more to do.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.




Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::




File::
c:\windows\system32\uacrem.dll
c:\windows\system32\GameMon.des
C:\WINDOWS\PEV.exe

Driver::
XDva189.sys
XDva223.sys
XDva248.sys

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]


FileLook::
C:\WINDOWS\system32\CF24083.exe


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Icaru
2009-08-22, 18:46
Ok done that :)

ComboFix 09-08-21.02 - Sean 22/08/2009 16:07.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1512 [GMT 1:00]
Running from: c:\documents and settings\Sean\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Sean\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.

2009-08-21 20:54 . 2009-08-21 20:54 0 ----a-w- c:\documents and settings\Sean\settings.dat
2009-08-21 00:02 . 2009-08-21 00:02 -------- d-----w- c:\program files\ERUNT
2009-08-20 22:56 . 2009-08-20 22:56 -------- d-----w- c:\program files\Trend Micro
2009-08-20 22:48 . 2009-08-20 22:48 -------- d-----w- c:\documents and settings\Sean\DoctorWeb
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-08-20 15:23 . 2009-08-20 15:23 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 14:47 . 2009-08-20 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 14:47 . 2009-08-20 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 17:41 . 2009-08-17 17:41 30208 ----a-w- c:\windows\system32\uacrem.dll
2009-08-17 00:29 . 2002-12-02 00:18 142848 ----a-w- c:\windows\gamedelete.exe
2009-08-13 01:42 . 2009-08-13 01:42 -------- d-----w- c:\windows\ServicePackFiles
2009-08-11 01:06 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY.users
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\program files\SogouInput
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY
2009-08-11 00:54 . 2009-08-11 00:54 -------- d-----w- c:\program files\optic
2009-08-10 19:24 . 2009-08-10 19:24 1 ----a-w- c:\windows\AR.DAT
2009-08-10 18:45 . 2004-08-04 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-08-10 18:44 . 2004-08-04 12:00 36927 ----a-w- c:\windows\system32\dllcache\padrs411.dll
2009-08-10 18:01 . 2009-08-11 13:16 -------- d-----w- c:\program files\Microsoft Works
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-07 02:06 . 2009-08-07 02:07 -------- d-----w- C:\e793a28d994623889e46ab28e0089a61
2009-07-31 20:16 . 2009-07-31 22:27 -------- d-----w- c:\program files\Galaxy Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 14:54 . 2008-02-26 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-21 21:08 . 2007-07-07 21:55 -------- d-----w- c:\documents and settings\Sean\Application Data\BitTorrent
2009-08-21 21:08 . 2007-07-07 21:54 -------- d-----w- c:\program files\BitTorrent
2009-08-21 20:51 . 2008-05-08 15:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-21 01:44 . 2008-11-09 17:17 -------- d-----w- c:\documents and settings\Sean\Application Data\Skype
2009-08-19 23:44 . 2009-04-17 23:53 -------- d-----w- c:\program files\Zoom
2009-08-19 20:04 . 2008-11-09 17:19 -------- d-----w- c:\documents and settings\Sean\Application Data\skypePM
2009-08-14 01:37 . 2007-03-14 18:51 62296 ----a-w- c:\documents and settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 19:02 . 2008-03-27 20:07 52392 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 13:27 . 2008-10-13 20:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:21 . 2009-07-21 21:21 -------- d-----w- c:\program files\Lionhead Studios
2009-07-21 21:21 . 2007-03-14 19:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:19 . 2008-10-05 19:40 -------- d-----w- c:\program files\AIMTunes
2009-07-14 13:55 . 2007-11-23 14:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 19:54 . 2007-12-02 16:32 -------- d-----w- c:\program files\NoAdware5.0
2009-07-07 15:04 . 2008-12-02 16:37 -------- d-----w- c:\program files\EA GAMES
2009-07-07 01:44 . 2007-03-14 17:56 7040 ----a-w- c:\documents and settings\Sean\Application Data\wklnhst.dat
2009-07-01 23:05 . 2009-07-01 23:03 -------- d-----w- c:\program files\Google
2009-07-01 23:04 . 2007-07-14 22:12 -------- d-----w- c:\program files\DivX
2009-07-01 23:03 . 2009-07-01 23:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-29 16:12 . 2004-08-04 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-27 21:46 . 2009-06-27 21:46 -------- d-----w- c:\program files\gPotato.eu
2009-06-25 22:39 . 2009-06-25 22:27 -------- d-----w- c:\program files\Sim File Maid 2
2009-06-25 21:59 . 2008-12-24 23:47 -------- d-----w- c:\program files\SimPE
2009-06-25 20:13 . 2009-06-25 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-25 20:02 . 2007-03-19 20:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 19:44 . 2009-06-25 19:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-25 17:24 . 2009-06-25 16:52 -------- d-----w- c:\documents and settings\Sean\Application Data\gtk-2.0
2009-06-25 00:30 . 2009-06-25 00:21 -------- d-----w- c:\documents and settings\Sean\Application Data\MilkShape 3D 1.x.x
2009-06-25 00:29 . 2009-06-25 00:29 -------- d-----w- c:\program files\GIMP-2.0
2009-06-25 00:21 . 2009-06-25 00:09 -------- d-----w- c:\program files\MilkShape 3D 1.8.4
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:06 . 2007-03-13 21:37 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2007-03-14 18:55 . 2007-03-14 18:55 338 ----a-w- c:\program files\Shortcut to My Documents.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-02-24 1103216]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-03-21 90112]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"nodenable"="c:\program files\eset\nodenable.exe" [2008-09-23 326823]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-20 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-04-20 258048]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 936960]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe [2007-11-24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"14384:TCP"= 14384:TCP:*:Disabled:SolidNetworkManager
"14384:UDP"= 14384:UDP:*:Disabled:SolidNetworkManager
"58056:TCP"= 58056:TCP:Pando Media Booster
"58056:UDP"= 58056:UDP:Pando Media Booster

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19/03/2009 11:44 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13/01/2009 20:17 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S2 gupdate1c9faa0228a476e;Google Update Service (gupdate1c9faa0228a476e);c:\program files\Google\Update\GoogleUpdate.exe [02/07/2009 00:03 133104]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys --> c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]

2009-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 23:03]

2009-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 23:03]

2009-08-22 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2009-08-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 16:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d8,f7,ef,71,83,3b,ad,86,57,0d,a1,b2,40,1e,91,0a,4f,28,05,9d,f1,37,e4,
14,1a,c4,a3,ee,0c,a2,c6,53,22,35,fb,2a,a1,fd,2e,e3,96,a0,c8,5e,83,ee,20,95,\
"??"=hex:a4,ee,4a,3b,4b,a3,71,34,58,d2,24,9c,da,5f,85,a2

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:89,4c,3b,87,e6,31,66,1e,1c,33,35,cd,4f,a6,f6,c5,93,c0,47,8b,8d,
74,4c,80,db,80,f2,a2,42,c7,da,3f,0d,a2,a5,99,9f,ca,b0,dd,3b,1d,d7,e9,aa,31,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,55,d4,b7,59,44,
69,58,08,e2,63,26,f1,3f,c8,ff,68,3a,73,bb,94,1c,ae,ff,8e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8d,75,0a,51,3e,
e0,50,0e,6a,9c,d6,61,af,45,84,18,8c,07,4f,db,21,48,ce,32,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,e7,03,b3,54,a2,
a2,6f,a6,ff,7c,85,e0,43,d4,0e,fe,33,6b,37,b7,62,9b,0d,87,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,3e,ca,40,20,d3,
97,2e,a9,86,8c,21,01,be,91,eb,e7,bf,88,df,68,5e,e3,29,fd,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d6,91,fd,ac,68,
89,e0,c6,f5,1d,4d,73,a8,13,5c,05,9a,4e,a2,bf,2b,6f,60,c8,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,03,06,4b,b6,f5,
0d,07,8c,df,20,58,62,78,6b,cf,c8,6b,7d,7a,61,c7,ba,9b,df,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7d,a5,b4,1e,93,
9d,6c,d5,fb,a7,78,e6,12,2f,9a,ea,43,12,9f,72,fc,0e,bc,29,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,9f,00,91,cc,76,
2f,ab,ed,01,3a,48,fc,e8,04,4a,f1,28,a5,48,48,d5,1d,e7,53,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,27,ef,32,f3,9d,
1a,0a,06,f6,0f,4e,58,98,5b,89,c9,22,50,fd,70,3d,ac,73,13,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,40,41,1c,b5,ce,
1d,3f,3f,3d,ce,ea,26,2d,45,aa,78,c8,b5,35,a5,99,4f,63,d9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,d8,3a,7c,d5,0a,
19,f0,1b,2a,b7,cc,b5,b9,7f,41,e7,9b,a8,b7,22,03,9c,bd,09,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,b3,b9,fa,3e,dd,
05,d6,4f,6c,43,2d,1e,aa,22,2f,9c,49,5e,02,d7,a1,0b,65,53,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(588)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-22 16:32
ComboFix-quarantined-files.txt 2009-08-22 15:31
ComboFix2.txt 2009-08-22 00:37

Pre-Run: 7,890,460,672 bytes free
Post-Run: 8,587,804,672 bytes free

307 --- E O F --- 2009-08-14 01:42

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:12, on 22/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Microsoft IME (Japanese) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173835372765
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9faa0228a476e) (gupdate1c9faa0228a476e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13370 bytes

ken545
2009-08-22, 18:55
Hi,

Nothing has changed :confused: I need to look over your log a bit closer.

In the meantime run both of these programs.

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean





Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://forums.whatthetech.com/post_a4255_MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please

Icaru
2009-08-22, 19:33
Malwarebytes' Anti-Malware 1.40
Database version: 2664
Windows 5.1.2600 Service Pack 2

22/08/2009 17:31:15
mbam-log-2009-08-22 (17-31-15).txt

Scan type: Quick Scan
Objects scanned: 96773
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:11, on 22/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Microsoft IME (Japanese) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173835372765
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9faa0228a476e) (gupdate1c9faa0228a476e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13764 bytes

ken545
2009-08-22, 23:14
Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.

@echo off
sc stop npggsvc
sc delete npggsvc

Double-click on fixes.bat file to execute it.

Reboot and post a fresh hjt log.

Icaru
2009-08-22, 23:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:42, on 22/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Microsoft IME (Japanese) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173835372765
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9faa0228a476e) (gupdate1c9faa0228a476e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13644 bytes

ken545
2009-08-22, 23:54
Great :bigthumb:

Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.com (http://www.techsupportforum.com/sectools/sUBs/dds)
DDS.scr (http://download.bleepingcomputer.com/sUBs/dds.scr)
DDS.pif (http://www.forospyware.com/sUBs/dds)

Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results, click no to the Optional_Scan
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)

Icaru
2009-08-23, 00:09
Is it that one your after or the one with the pseudo HJT report?? The first link appears to be broken.

ken545
2009-08-23, 00:14
The first link is broken, thanks for the heads up but the next two are not so run it again and post the log, I dont need the extra one as you attached it already

Icaru
2009-08-23, 00:17
DDS (Ver_09-07-30.01) - NTFSx86
Run by Sean at 21:59:16.62 on 22/08/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1429 [GMT 1:00]

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sean\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [nodenable] c:\program files\eset\nodenable.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [CaISSDT] "c:\program files\ca\etrust internet security suite\caissdt.exe"
mRun: [eTrustPPAP] "c:\program files\ca\etrust internet security suite\etrust pestpatrol anti-spyware\PPActiveDetection.exe"
mRun: [btbb_McciTrayApp] c:\program files\bt broadband desktop help\bin\BTHelpNotifier.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt broadband desktop help\bin\matcli.exe
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173835372765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://cdn1.acclaimdownloads.com/solidstateion.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-3-19 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-13 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 gupdate1c9faa0228a476e;Google Update Service (gupdate1c9faa0228a476e);c:\program files\google\update\GoogleUpdate.exe [2009-7-2 133104]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\c:\docume~1\sean\locals~1\temp\f-secure\blacklight\fsbldrv.sys --> c:\docume~1\sean\locals~1\temp\f-secure\blacklight\fsbldrv.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva223;XDva223;\??\c:\windows\system32\xdva223.sys --> c:\windows\system32\XDva223.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\xdva248.sys --> c:\windows\system32\XDva248.sys [?]

=============== Created Last 30 ================

2009-08-22 01:14 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-08-22 00:39 <DIR> a-dshr-- C:\cmdcons
2009-08-21 23:06 228,864 a------- c:\windows\PEV.exe
2009-08-21 23:06 161,792 a------- c:\windows\SWREG.exe
2009-08-21 23:06 98,816 a------- c:\windows\sed.exe
2009-08-21 21:54 0 a------- c:\documents and settings\sean\settings.dat
2009-08-20 23:56 <DIR> --d----- c:\program files\Trend Micro
2009-08-20 23:48 <DIR> --d----- c:\documents and settings\sean\DoctorWeb
2009-08-20 16:23 <DIR> --d----- c:\docume~1\sean\applic~1\Malwarebytes
2009-08-20 15:47 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 15:47 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-20 15:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-20 15:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 18:41 30,208 a------- c:\windows\system32\uacrem.dll
2009-08-17 18:41 1,110,399 a------- c:\windows\system32\uacmal.db
2009-08-17 01:29 142,848 a------- c:\windows\gamedelete.exe
2009-08-13 02:42 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-11 02:06 <DIR> --d----- c:\docume~1\sean\applic~1\SogouPY.users
2009-08-11 02:05 <DIR> --d----- c:\program files\SogouInput
2009-08-11 02:05 <DIR> --d----- c:\docume~1\sean\applic~1\SogouPY
2009-08-11 01:54 <DIR> --d----- c:\program files\optic
2009-08-10 20:24 1 a------- c:\windows\AR.DAT
2009-08-10 19:45 1,158,818 a------- c:\windows\system32\korwbrkr.lex
2009-08-10 19:44 189,986 a------- c:\windows\system32\dllcache\c_1361.nls
2009-08-10 17:09 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-08-10 17:09 8,704 a------- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-10 17:09 8,192 a------- c:\windows\system32\kbdkor.dll
2009-08-10 17:09 8,192 a------- c:\windows\system32\dllcache\kbdkor.dll
2009-08-10 17:09 6,144 a------- c:\windows\system32\kbd106.dll
2009-08-10 17:09 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2009-08-10 17:09 6,144 a------- c:\windows\system32\kbd101c.dll
2009-08-10 17:09 6,144 a------- c:\windows\system32\dllcache\kbd101c.dll
2009-08-10 17:09 5,632 a------- c:\windows\system32\kbd103.dll
2009-08-10 17:09 5,632 a------- c:\windows\system32\dllcache\kbd103.dll
2009-08-10 17:09 6,144 a------- c:\windows\system32\kbd101b.dll
2009-08-10 17:09 6,144 a------- c:\windows\system32\dllcache\kbd101b.dll
2009-08-07 03:06 <DIR> --d----- C:\e793a28d994623889e46ab28e0089a61
2009-07-31 21:16 <DIR> --d----- c:\program files\Galaxy Online

==================== Find3M ====================

2009-08-10 20:02 52,392 a---h--- c:\windows\system32\mlfcache.dat
2009-08-05 10:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 10:11 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 14:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 14:33 3,597,824 a------- c:\windows\system32\dllcache\cache\mshtml.dll
2009-07-19 14:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 19:55 58,880 a------- c:\windows\system32\dllcache\atl.dll
2009-07-17 19:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 14:42 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2009-07-07 02:44 7,040 a------- c:\docume~1\sean\applic~1\wklnhst.dat
2009-06-29 12:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 12:07 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 09:35 634,632 a------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 09:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 09:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-06-16 15:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:55 119,808 a------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 15:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 15:55 82,432 a------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 12:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 12:50 76,288 a------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 15:21 84,992 a------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 15:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 07:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 07:32 132,096 a------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-09 16:06 1,871,872 a------- c:\windows\system32\mstscax.dll
2009-06-09 16:06 1,871,872 a------- c:\windows\system32\dllcache\mstscax.dll
2009-06-03 20:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-03 20:27 1,290,752 a------- c:\windows\system32\dllcache\quartz.dll
2008-07-01 14:10 47,360 a------- c:\docume~1\sean\applic~1\pcouffin.sys
2007-09-20 21:57 32 a----r-- c:\documents and settings\all users\hash.dat
2007-03-14 19:55 338 a------- c:\program files\Shortcut to My Documents.lnk

============= FINISH: 21:59:51.53 ===============

ken545
2009-08-23, 00:35
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Driver::




Driver::
XDva189
XDva223
XDva248

File::
c:\windows\system32\xdva189.sys
c:\windows\system32\xdva223.sys
C:\windows\system32\xdva248.sys

Rootkit::
c:\windows\system32\xdva189.sys
c:\windows\system32\xdva223.sys
C:\windows\system32\xdva248.sys


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif




C:\Nexon\Mabinogi\npkcmsvc.exe <--Do you know what this is?????




You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see.

c:\windows\system32\drivers\ehdrv.sys
c:\windows\system32\uacrem.dll


Post all the reports please

Icaru
2009-08-23, 01:28
From its location I guess its probably an installer for an online game.


a-squared 4.0.0.101 2009.04.13 -
AhnLab-V3 5.0.0.2 2009.04.13 -
AntiVir 7.9.0.138 2009.04.11 -
Antiy-AVL 2.0.3.1 2009.04.13 -
Authentium 5.1.2.4 2009.04.11 -
Avast 4.8.1335.0 2009.04.12 -
AVG 8.5.0.285 2009.04.13 -
BitDefender 7.2 2009.04.13 -
CAT-QuickHeal 10.00 2009.04.13 -
ClamAV 0.94.1 2009.04.13 -
Comodo 1111 2009.04.12 -
DrWeb 4.44.0.09170 2009.04.13 -
eSafe 7.0.17.0 2009.04.12 -
eTrust-Vet 31.6.6450 2009.04.11 -
F-Prot 4.4.4.56 2009.04.11 -
F-Secure 8.0.14470.0 2009.04.13 -
Fortinet 3.117.0.0 2009.04.13 -
GData 19 2009.04.13 -
Ikarus T3.1.1.49.0 2009.04.13 -
K7AntiVirus 7.10.700 2009.04.11 -
Kaspersky 7.0.0.125 2009.04.13 -
McAfee 5582 2009.04.12 -
McAfee+Artemis 5582 2009.04.12 -
McAfee-GW-Edition 6.7.6 2009.04.11 -
Microsoft 1.4502 2009.04.13 -
NOD32 4003 2009.04.13 -
Norman 6.00.06 2009.04.09 -
nProtect 2009.1.8.0 2009.04.13 -
Panda 10.0.0.14 2009.04.12 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.13 -
Rising 21.25.02.00 2009.04.13 -
Sophos 4.40.0 2009.04.13 -
Sunbelt 3.2.1858.2 2009.04.12 -
Symantec 1.4.4.12 2009.04.13 -
TheHacker 6.3.4.0.306 2009.04.12 -
TrendMicro 8.700.0.1004 2009.04.13 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.13.1690 2009.04.13 -
VirusBuster 4.6.5.0 2009.04.12 -
Additional information
File size: 107256 bytes
MD5 : 9456462c1425d2bbf1616edabfaba5f4
SHA1 : a518262513950d759a176acc0050452cd01892a9
SHA256: d11c7582b3eb2993d53c4f28ef77f64f52a918cad3239ea39691761781b28cdb
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1A005
timedatestamp.....: 0x49C22034 (Thu Mar 19 11:36:36 2009)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x14111 0x14200 6.54 d0ecfa41f0747a1503711a0cda70b99e
.rdata 0x16000 0x1134 0x1200 6.56 d7340ba4d779bd8331360fd12fa9bbfa
.data 0x18000 0x1660 0x1200 6.75 89b9924a47e978214e3ff0afae8feebd
INIT 0x1A000 0x9D0 0xA00 5.60 b3cebc7811feb8eecb5571f3365684a0
.rsrc 0x1B000 0x408 0x600 2.44 e3f2c724965f8ef903c009cae56e31fa
.reloc 0x1C000 0xA50 0xC00 5.01 4649e6a093ea0b73f7b333d29e322cb4

( 2 imports )

> hal.dll: KfReleaseSpinLock, KfAcquireSpinLock, KeGetCurrentIrql
> ntoskrnl.exe: IoDeleteDevice, IoDeleteSymbolicLink, RtlInitUnicodeString, IofCompleteRequest, ProbeForWrite, ProbeForRead, ExGetPreviousMode, IoGetCurrentProcess, PsGetCurrentProcessId, KdDebuggerNotPresent, KdDebuggerEnabled, IoCreateSymbolicLink, MmGetSystemRoutineAddress, IoCreateDevice, wcsncpy, InitSafeBootMode, memset, ZwClose, NtSetSecurityObject, ObOpenObjectByPointer, RtlValidSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, SeExports, RtlCreateAcl, KeWaitForSingleObject, KeDelayExecutionThread, KeResetEvent, strncpy, _vsnprintf, strstr, mbstowcs, memmove, memcpy, wcschr, toupper, _strnicmp, _allmul, _aulldiv, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, RtlVolumeDeviceToDosName, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, ZwCreateFile, ExFreePoolWithTag, KeUnstackDetachProcess, KeStackAttachProcess, ObReferenceObjectByHandle, MmSystemRangeStart, ZwQueryDirectoryFile, ZwOpenFile, _wcsnicmp, wcsncmp, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwQueryInformationProcess, ZwOpenProcess, isdigit, isspace, _purecall, ZwOpenKey, RtlCopyUnicodeString, ZwQueryValueKey, ZwQuerySystemInformation, ZwSetInformationFile, ZwReadFile, ZwWriteFile, ZwQueryInformationFile, IofCallDriver, IoBuildSynchronousFsdRequest, IoGetRelatedDeviceObject, RtlCompareUnicodeString, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsTerminateSystemThread, PsCreateSystemThread, KeWaitForMultipleObjects, IoFreeMdl, MmUnlockPages, MmProbeAndLockPages, IoAllocateMdl, MmIsAddressValid, _allshr, sprintf, qsort, KeTickCount, KeBugCheckEx, RtlUnwind, ExAllocatePoolWithTag, KeInitializeEvent, ObfDereferenceObject, KeSetEvent

( 0 exports )
TrID : File type identification
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 1536:y+E5kq2ME0GdcCJaFb7pi+CFQWYdAEUBiuA1XOv8BvPpabMcTSaM0j6QeFaDSxA2:ydO8ndAmUv8FVc2aM0NeFaaA5pI+A
PEiD : -
RDS : NSRL Reference Data Set
-


a-squared 4.5.0.24 2009.08.21 Trojan-Spy.Win32.Chadem!IK
AhnLab-V3 5.0.0.2 2009.08.21 -
AntiVir 7.9.1.3 2009.08.21 TR/TDss.BI
Antiy-AVL 2.0.3.7 2009.08.21 -
Authentium 5.1.2.4 2009.08.21 W32/SuspPack.AK.gen!Eldorado
Avast 4.8.1335.0 2009.08.21 Win32:Rootkit-gen
AVG 8.5.0.406 2009.08.22 -
BitDefender 7.2 2009.08.22 -
CAT-QuickHeal 10.00 2009.08.21 -
ClamAV 0.94.1 2009.08.21 -
Comodo 2052 2009.08.22 -
DrWeb 5.0.0.12182 2009.08.21 -
eSafe 7.0.17.0 2009.08.20 Suspicious File
eTrust-Vet 31.6.6694 2009.08.21 -
F-Prot 4.4.4.56 2009.08.21 W32/SuspPack.AK.gen!Eldorado
F-Secure 8.0.14470.0 2009.08.21 -
Fortinet 3.120.0.0 2009.08.22 W32/TDSSPack.A
GData 19 2009.08.22 Win32:Rootkit-gen
Ikarus T3.1.1.68.0 2009.08.21 Trojan-Spy.Win32.Chadem
Jiangmin 11.0.800 2009.08.21 -
K7AntiVirus 7.10.824 2009.08.21 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.08.22 -
McAfee 5716 2009.08.21 Generic.dx!dnz
McAfee+Artemis 5716 2009.08.21 Generic.dx!dnz
McAfee-GW-Edition 6.8.5 2009.08.21 Trojan.TDss.BI
Microsoft 1.4903 2009.08.21 -
NOD32 4357 2009.08.21 -
Norman 6.01.09 2009.08.21 W32/FakeAV.IIT
nProtect 2009.1.8.0 2009.08.22 -
Panda 10.0.0.14 2009.08.21 Trj/CI.A
PCTools 4.4.2.0 2009.08.21 -
Prevx 3.0 2009.08.22 Medium Risk Malware
Rising 21.43.50.00 2009.08.22 -
Sophos 4.44.0 2009.08.22 Mal/TDSSPack-A
Sunbelt 3.2.1858.2 2009.08.22 -
Symantec 1.4.4.12 2009.08.22 Packed.Generic.200
TheHacker 6.3.4.3.385 2009.08.22 -
TrendMicro 8.950.0.1094 2009.08.21 -
VBA32 3.12.10.9 2009.08.22 -
ViRobot 2009.8.22.1896 2009.08.22 -
VirusBuster 4.6.5.0 2009.08.21 -
Additional information
File size: 30208 bytes
MD5 : 11d25ad294010312df8641b965319c3c
SHA1 : c331659363318f43a993b90798123bf5255b555a
SHA256: 0d77f06a87914cb1f9ce9ac14553e52e443c01bfaf2ba9ec555a10a68c99f8d8
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1346
timedatestamp.....: 0x4A82C9CE (Wed Aug 12 15:55:26 2009)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.itext 0x1000 0x3000 0x3000 7.04 afbd0550dbc8e905dda03c583b2da247
.lrt2l1 0x4000 0x7000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.lrt1l1 0xB000 0x6000 0x5600 7.95 e33767a497e7dd6dc612c8337f610d6f
.idata 0x11000 0x1268 0x800 1.24 e649e8dffb96eef65e2e8e8ffe14f0d2
.rsrc 0x13000 0x1000 0x400 6.31 de452cda9b52871154e4a5a5c8de9dc3

( 2 imports )

> kernel32.dll: GetProcAddress, GetCurrentProcess, MoveFileExA, VirtualProtectEx, ExitProcess
> user32.dll: CharUpperA, CheckMenuItem, EmptyClipboard, DeferWindowPos

( 1 exports )

> Xabjdhqii
TrID : File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=11d25ad294010312df8641b965319c3c
ssdeep: 768:0h6RU3pWhnWecf0OUxH2gywdyC+dEsjheeTzmHZnEZT:0SU3+nWecf0OUQgY/7Ye25EZ
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=AD6869BC00C4076A762A0071B2A9C8001B358E85
PEiD : -
RDS : NSRL Reference Data Set
-

Icaru
2009-08-23, 01:51
Oh had a quick look in the Mabinogi folder, it icons description says "nProtect KeyCrypt manager service" Should I delete it? Or is it harmless?

ken545
2009-08-23, 02:05
nProtect KeyCrypt manager service <-- Not sure on this one.

Open Hijackthis
Go to Misc Tools> Open Uninstall Manager.
Click on Save List.
The list will open in Notepad.
Copy and Paste the List into this thread

Need to see the new Combofix log please

Icaru
2009-08-23, 02:20
Sorry I had forgotten about that. I'm not sure but if I remember right that file was installed with a nexon game to prevent people from stealing the accounts username and password online.

ComboFix 09-08-20.07 - Sean 22/08/2009 0:52.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1710 [GMT 1:00]
Running from: c:\documents and settings\Sean\Desktop\Combo-Fix.exe
AV: ESET Smart Security 4.0 *On-access scanning diabled* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1315932803-112375414-4076277614-1000
c:\documents and settings\Sean\Application Data\inst.exe
c:\windows\depmc.dll
c:\windows\Installer\167e869.msi
c:\windows\Installer\5cf05.msi
c:\windows\run.log
c:\windows\system32\adngltzhd.dat
c:\windows\system32\adngltzhd_navtmp.dat
c:\windows\system32\drivers\kbiwkmjbituije.sys
c:\windows\system32\drivers\UACparfyvdplk.sys
c:\windows\system32\kbiwkmcxfmscsv.dat
c:\windows\system32\kbiwkmirjikget.dll
c:\windows\system32\kbiwkmlasftenk.dat
c:\windows\system32\kbiwkmwcpxrlxd.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmpxmtbbaq
-------\Legacy_kbiwkmpxmtbbaq
-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 22:06 . 2009-08-21 22:07 -------- d-s---w- C:\malgnone
2009-08-21 22:05 . 2009-08-21 22:06 -------- d-s---w- C:\Antimal
2009-08-21 20:54 . 2009-08-21 20:54 0 ----a-w- c:\documents and settings\Sean\settings.dat
2009-08-21 00:02 . 2009-08-21 00:02 -------- d-----w- c:\program files\ERUNT
2009-08-20 22:56 . 2009-08-20 22:56 -------- d-----w- c:\program files\Trend Micro
2009-08-20 22:48 . 2009-08-20 22:48 -------- d-----w- c:\documents and settings\Sean\DoctorWeb
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-08-20 15:23 . 2009-08-20 15:23 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 14:47 . 2009-08-20 14:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 14:47 . 2009-08-20 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 17:41 . 2009-08-17 17:41 30208 ----a-w- c:\windows\system32\uacrem.dll
2009-08-17 00:29 . 2002-12-02 00:18 142848 ----a-w- c:\windows\gamedelete.exe
2009-08-13 01:42 . 2009-08-13 01:42 -------- d-----w- c:\windows\ServicePackFiles
2009-08-11 01:06 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY.users
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\program files\SogouInput
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY
2009-08-11 00:54 . 2009-08-11 00:54 -------- d-----w- c:\program files\optic
2009-08-10 19:24 . 2009-08-10 19:24 1 ----a-w- c:\windows\AR.DAT
2009-08-10 18:45 . 2004-08-04 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-08-10 18:44 . 2004-08-04 12:00 36927 ----a-w- c:\windows\system32\dllcache\padrs411.dll
2009-08-10 18:01 . 2009-08-11 13:16 -------- d-----w- c:\program files\Microsoft Works
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-07 02:06 . 2009-08-07 02:07 -------- d-----w- C:\e793a28d994623889e46ab28e0089a61
2009-07-31 20:16 . 2009-07-31 22:27 -------- d-----w- c:\program files\Galaxy Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 21:08 . 2007-07-07 21:55 -------- d-----w- c:\documents and settings\Sean\Application Data\BitTorrent
2009-08-21 21:08 . 2007-07-07 21:54 -------- d-----w- c:\program files\BitTorrent
2009-08-21 20:51 . 2008-05-08 15:56 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-21 01:44 . 2008-11-09 17:17 -------- d-----w- c:\documents and settings\Sean\Application Data\Skype
2009-08-19 23:44 . 2009-04-17 23:53 -------- d-----w- c:\program files\Zoom
2009-08-19 20:04 . 2008-11-09 17:19 -------- d-----w- c:\documents and settings\Sean\Application Data\skypePM
2009-08-14 01:37 . 2007-03-14 18:51 62296 ----a-w- c:\documents and settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 19:02 . 2008-03-27 20:07 52392 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 13:27 . 2008-10-13 20:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:21 . 2009-07-21 21:21 -------- d-----w- c:\program files\Lionhead Studios
2009-07-21 21:21 . 2007-03-14 19:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:19 . 2008-10-05 19:40 -------- d-----w- c:\program files\AIMTunes
2009-07-14 13:55 . 2007-11-23 14:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 19:54 . 2007-12-02 16:32 -------- d-----w- c:\program files\NoAdware5.0
2009-07-07 15:04 . 2008-12-02 16:37 -------- d-----w- c:\program files\EA GAMES
2009-07-07 01:44 . 2007-03-14 17:56 7040 ----a-w- c:\documents and settings\Sean\Application Data\wklnhst.dat
2009-07-01 23:05 . 2009-07-01 23:03 -------- d-----w- c:\program files\Google
2009-07-01 23:04 . 2007-07-14 22:12 -------- d-----w- c:\program files\DivX
2009-07-01 23:03 . 2009-07-01 23:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-27 21:46 . 2009-06-27 21:46 -------- d-----w- c:\program files\gPotato.eu
2009-06-25 22:39 . 2009-06-25 22:27 -------- d-----w- c:\program files\Sim File Maid 2
2009-06-25 21:59 . 2008-12-24 23:47 -------- d-----w- c:\program files\SimPE
2009-06-25 20:13 . 2009-06-25 20:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-06-25 20:02 . 2007-03-19 20:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 19:44 . 2009-06-25 19:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-25 17:24 . 2009-06-25 16:52 -------- d-----w- c:\documents and settings\Sean\Application Data\gtk-2.0
2009-06-25 00:30 . 2009-06-25 00:21 -------- d-----w- c:\documents and settings\Sean\Application Data\MilkShape 3D 1.x.x
2009-06-25 00:29 . 2009-06-25 00:29 -------- d-----w- c:\program files\GIMP-2.0
2009-06-25 00:21 . 2009-06-25 00:09 -------- d-----w- c:\program files\MilkShape 3D 1.8.4
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:06 . 2007-03-13 21:37 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2007-03-14 18:55 . 2007-03-14 18:55 338 ----a-w- c:\program files\Shortcut to My Documents.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-02-24 1103216]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-03-21 90112]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"nodenable"="c:\program files\eset\nodenable.exe" [2008-09-23 326823]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-20 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-04-20 258048]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 936960]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe [2007-11-24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"14384:TCP"= 14384:TCP:*:Disabled:SolidNetworkManager
"14384:UDP"= 14384:UDP:*:Disabled:SolidNetworkManager
"58056:TCP"= 58056:TCP:Pando Media Booster
"58056:UDP"= 58056:UDP:Pando Media Booster

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19/03/2009 11:44 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13/01/2009 20:17 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [05/10/2008 20:39 24652]
S2 gupdate1c9faa0228a476e;Google Update Service (gupdate1c9faa0228a476e);c:\program files\Google\Update\GoogleUpdate.exe [02/07/2009 00:03 133104]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys --> c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
.
- - - - ORPHANS REMOVED - - - -

BHO-{B1BE275B-78BF-4A33-81AB-380699CFF329} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-eyeBeam SIP Client - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 01:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d8,f7,ef,71,83,3b,ad,86,57,0d,a1,b2,40,1e,91,0a,4f,28,05,9d,f1,37,e4,
14,1a,c4,a3,ee,0c,a2,c6,53,22,35,fb,2a,a1,fd,2e,e3,96,a0,c8,5e,83,ee,20,95,\
"??"=hex:a4,ee,4a,3b,4b,a3,71,34,58,d2,24,9c,da,5f,85,a2

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:89,4c,3b,87,e6,31,66,1e,1c,33,35,cd,4f,a6,f6,c5,93,c0,47,8b,8d,
74,4c,80,db,80,f2,a2,42,c7,da,3f,0d,a2,a5,99,9f,ca,b0,dd,3b,1d,d7,e9,aa,31,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,55,d4,b7,59,44,
69,58,08,e2,63,26,f1,3f,c8,ff,68,3a,73,bb,94,1c,ae,ff,8e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8d,75,0a,51,3e,
e0,50,0e,6a,9c,d6,61,af,45,84,18,8c,07,4f,db,21,48,ce,32,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,e7,03,b3,54,a2,
a2,6f,a6,ff,7c,85,e0,43,d4,0e,fe,33,6b,37,b7,62,9b,0d,87,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,3e,ca,40,20,d3,
97,2e,a9,86,8c,21,01,be,91,eb,e7,bf,88,df,68,5e,e3,29,fd,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d6,91,fd,ac,68,
89,e0,c6,f5,1d,4d,73,a8,13,5c,05,9a,4e,a2,bf,2b,6f,60,c8,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,03,06,4b,b6,f5,
0d,07,8c,df,20,58,62,78,6b,cf,c8,6b,7d,7a,61,c7,ba,9b,df,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7d,a5,b4,1e,93,
9d,6c,d5,fb,a7,78,e6,12,2f,9a,ea,43,12,9f,72,fc,0e,bc,29,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,9f,00,91,cc,76,
2f,ab,ed,01,3a,48,fc,e8,04,4a,f1,28,a5,48,48,d5,1d,e7,53,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,27,ef,32,f3,9d,
1a,0a,06,f6,0f,4e,58,98,5b,89,c9,22,50,fd,70,3d,ac,73,13,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,40,41,1c,b5,ce,
1d,3f,3f,3d,ce,ea,26,2d,45,aa,78,c8,b5,35,a5,99,4f,63,d9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,d8,3a,7c,d5,0a,
19,f0,1b,2a,b7,cc,b5,b9,7f,41,e7,9b,a8,b7,22,03,9c,bd,09,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,b3,b9,fa,3e,dd,
05,d6,4f,6c,43,2d,1e,aa,22,2f,9c,49,5e,02,d7,a1,0b,65,53,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-08-22 1:17
ComboFix-quarantined-files.txt 2009-08-22 00:16

Pre-Run: 6,515,666,944 bytes free
Post-Run: 8,585,596,928 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

320 --- E O F --- 2009-08-14 01:42

ABBYY FineReader 5.0 Sprint
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agere Systems PCI Soft Modem
AIM 6
Aim Plugin for QQ Games
AIM Toolbar 5.0
AIMTunes
Allok AVI DivX MPEG to DVD Converter 2.2.0429
Apple Mobile Device Support
Apple Software Update
AVS DVDMenu Editor 1.2.1.19
AVS Video Tools 5.6
Axara Video Converter 3.3.1
Black & White® 2 Demo
Black and White
Bonjour
Borland C++BuilderX
BT Broadband Desktop Help
Build Your Own Net Dream (remove only)
Build-a-lot
CA eTrust PestPatrol
Carnival Mania
CDex extraction audio
CEP (Color Enable Package) v.9.2 (beta)
Choice Guard
C-Media WDM Audio Driver
Critical Update for Windows Media Player 11 (KB959772)
DeepBurner v1.8.0.224
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Download Manager 2.3.6
Driving Test Success 2006/7
EA Download Manager
Easy Coder (7.0.0.1-english)
ERUNT 1.1j
ÊýÂ뱦±´
FaxTools
FLV to MP3 Converter 1.5
Galaxy Online
GIMP 2.6.6
Google Chrome
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Intel(R) Extreme Graphics 2 Driver
iTunes
Janes Hotel
Japanese Language Support
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Lexmark 1200 Series
Look 1320 V2
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Works
MilkShape 3D 1.8.4
MobileMe Control Panel
Movie DVD Maker 2.4.0408
MS Access 97 SP2
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
My Tribe
Nero 7 Essentials
NVIDIA Drivers
OLYMPUS Master 2
OLYMPUS muvee theaterPack
Pando Media Booster
PDF Settings
Poket Script 1.2
PopCap Browser Plugin
QQ Games
QuickTime
RealPlayer
RegCure 1.5.0.0
RPGƒcƒN[ƒ‹2003 - Tdz digimon rpg
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Shockwave
Sim File Maid 2 1.0.2
SimPE 0.72 (alpha)
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
Sogou Pinyin 3.5 Olympic Version
Solid State ION Internet Explorer Plugin
SPORE™
SPORE™ Creepy & Cute Parts Pack
Spybot - Search & Destroy
Switch Sound File Converter
Tasty Planet
The Sims 2
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
TwistedBrush
Ulead Video ToolBox Basic
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
USB PC Camera (SN9C102)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VeohTV BETA
Video DVD Maker Free v2.11.0.74
Video DVD Maker v3.7.0.15
Virtual Villagers 3 The Secret City
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Wings 3D 0.99.00b
WinRAR archiver
WolfTeam
Xfire (remove only)
Xvid 1.1.2 final uninstall
Yahoo! Messenger
Yahoo! Toolbar
Zoo Tycoon Demo
Zoom ADSL Modem
Zoom ADSL Modem

ken545
2009-08-23, 02:54
I need to see the latest Combofix log, you posted one that you posted already

Icaru
2009-08-23, 03:36
Sorry about that.

ComboFix 09-08-22.06 - Sean 23/08/2009 1:10:33.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1474 [GMT 1:00]
Running from: C:\Documents and Settings\Sean\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Sean\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point

FILE ::
"c:\windows\system32\xdva189.sys"
"c:\windows\system32\xdva223.sys"
"C:\windows\system32\xdva248.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA189
-------\Legacy_XDVA223
-------\Legacy_XDVA248
-------\Service_XDva189
-------\Service_XDva223
-------\Service_XDva248


((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-21 20:54:57 . 2009-08-21 20:54:57 0 ----a-w- C:\Documents and Settings\Sean\settings.dat
2009-08-21 00:02:27 . 2009-08-21 00:02:28 0 d-----w- C:\Program Files\ERUNT
2009-08-20 22:56:36 . 2009-08-20 22:56:36 0 d-----w- C:\Program Files\Trend Micro
2009-08-20 22:48:49 . 2009-08-20 22:48:49 0 d-----w- C:\Documents and Settings\Sean\DoctorWeb
2009-08-20 15:54:54 . 2009-08-20 15:54:54 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
2009-08-20 15:54:54 . 2009-08-20 15:54:54 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2009-08-20 15:23:18 . 2009-08-20 15:23:18 0 d-----w- C:\Documents and Settings\Sean\Application Data\Malwarebytes
2009-08-20 14:47:09 . 2009-08-03 12:36:28 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-08-20 14:47:08 . 2009-08-20 14:47:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-20 14:47:08 . 2009-08-03 12:36:06 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-08-20 14:47:07 . 2009-08-20 15:01:24 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-17 17:41:17 . 2009-08-17 17:41:17 30208 ----a-w- C:\WINDOWS\system32\uacrem.dll
2009-08-17 00:29:16 . 2002-12-02 00:18:00 142848 ----a-w- C:\WINDOWS\gamedelete.exe
2009-08-13 01:42:50 . 2009-08-13 01:42:50 0 d-----w- C:\WINDOWS\ServicePackFiles
2009-08-11 01:06:23 . 2009-08-11 01:06:24 0 d-----w- C:\Documents and Settings\Sean\Application Data\SogouPY.users
2009-08-11 01:05:53 . 2009-08-11 01:06:29 0 d-----w- C:\Program Files\SogouInput
2009-08-11 01:05:53 . 2009-08-11 01:06:28 0 d-----w- C:\Documents and Settings\Sean\Application Data\SogouPY
2009-08-11 00:54:20 . 2009-08-11 00:54:20 0 d-----w- C:\Program Files\optic
2009-08-10 19:24:44 . 2009-08-10 19:24:44 1 ----a-w- C:\WINDOWS\AR.DAT
2009-08-10 18:45:59 . 2004-08-04 12:00:00 70656 ----a-w- C:\WINDOWS\system32\korwbrkr.dll
2009-08-10 18:44:55 . 2004-08-04 12:00:00 36927 ----a-w- C:\WINDOWS\system32\dllcache\padrs411.dll
2009-08-10 18:01:26 . 2009-08-11 13:16:32 0 d-----w- C:\Program Files\Microsoft Works
2009-08-10 16:09:50 . 2001-08-17 21:36:18 8704 ----a-w- C:\WINDOWS\system32\kbdjpn.dll
2009-08-10 16:09:50 . 2001-08-17 21:36:18 8704 ----a-w- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2009-08-10 16:09:50 . 2001-08-17 21:36:18 8192 ----a-w- C:\WINDOWS\system32\kbdkor.dll
2009-08-10 16:09:50 . 2001-08-17 21:36:18 8192 ----a-w- C:\WINDOWS\system32\dllcache\kbdkor.dll
2009-08-10 16:09:50 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\kbd106.dll
2009-08-10 16:09:50 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\dllcache\kbd106.dll
2009-08-10 16:09:49 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\kbd101c.dll
2009-08-10 16:09:49 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\dllcache\kbd101c.dll
2009-08-10 16:09:49 . 2001-08-17 13:55:56 5632 ----a-w- C:\WINDOWS\system32\kbd103.dll
2009-08-10 16:09:49 . 2001-08-17 13:55:56 5632 ----a-w- C:\WINDOWS\system32\dllcache\kbd103.dll
2009-08-10 16:09:46 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\kbd101b.dll
2009-08-10 16:09:46 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\dllcache\kbd101b.dll
2009-08-07 02:06:39 . 2009-08-07 02:07:04 0 d-----w- C:\e793a28d994623889e46ab28e0089a61
2009-07-31 20:16:38 . 2009-07-31 22:27:39 0 d-----w- C:\Program Files\Galaxy Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 14:54:54 . 2008-02-26 19:34:12 0 d-----w- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-21 21:08:41 . 2007-07-07 21:55:32 0 d-----w- C:\Documents and Settings\Sean\Application Data\BitTorrent
2009-08-21 21:08:38 . 2007-07-07 21:54:53 0 d-----w- C:\Program Files\BitTorrent
2009-08-21 20:51:59 . 2008-05-08 15:56:37 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-21 01:44:44 . 2008-11-09 17:17:09 0 d-----w- C:\Documents and Settings\Sean\Application Data\Skype
2009-08-19 23:44:28 . 2009-04-17 23:53:22 0 d-----w- C:\Program Files\Zoom
2009-08-19 20:04:08 . 2008-11-09 17:19:23 0 d-----w- C:\Documents and Settings\Sean\Application Data\skypePM
2009-08-14 01:37:49 . 2007-03-14 18:51:27 62296 ----a-w- C:\Documents and Settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 19:02:49 . 2008-03-27 20:07:30 52392 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2009-08-05 09:11:47 . 2004-08-04 12:00:00 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-08-01 13:27:45 . 2008-10-13 20:47:31 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-07-21 21:21:25 . 2009-07-21 21:21:25 0 d-----w- C:\Program Files\Lionhead Studios
2009-07-21 21:21:16 . 2007-03-14 19:15:09 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-07-17 18:55:28 . 2004-08-04 12:00:00 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2009-07-14 17:19:59 . 2008-10-05 19:40:48 0 d-----w- C:\Program Files\AIMTunes
2009-07-14 13:55:28 . 2007-11-23 14:58:29 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-07-13 22:43:24 . 2004-08-04 12:00:00 286208 ----a-w- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 19:54:57 . 2007-12-02 16:32:20 0 d-----w- C:\Program Files\NoAdware5.0
2009-07-07 15:04:56 . 2008-12-02 16:37:30 0 d-----w- C:\Program Files\EA GAMES
2009-07-07 01:44:42 . 2007-03-14 17:56:52 7040 ----a-w- C:\Documents and Settings\Sean\Application Data\wklnhst.dat
2009-07-01 23:05:19 . 2009-07-01 23:03:08 0 d-----w- C:\Program Files\Google
2009-07-01 23:04:45 . 2007-07-14 22:12:11 0 d-----w- C:\Program Files\DivX
2009-07-01 23:03:37 . 2009-07-01 23:03:08 0 d-----w- C:\Program Files\Common Files\DivX Shared
2009-06-29 16:12:20 . 2004-08-04 12:00:00 827392 ------w- C:\WINDOWS\system32\wininet.dll
2009-06-29 16:12:14 . 2004-08-04 12:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-06-29 16:12:14 . 2004-08-04 12:00:00 17408 ------w- C:\WINDOWS\system32\corpol.dll
2009-06-27 21:46:25 . 2009-06-27 21:46:25 0 d-----w- C:\Program Files\gPotato.eu
2009-06-25 22:39:34 . 2009-06-25 22:27:57 0 d-----w- C:\Program Files\Sim File Maid 2
2009-06-25 21:59:03 . 2008-12-24 23:47:27 0 d-----w- C:\Program Files\SimPE
2009-06-25 20:13:13 . 2009-06-25 20:13:13 0 d-----w- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-06-25 20:02:09 . 2007-03-19 20:13:21 0 d-----w- C:\Program Files\Common Files\Adobe
2009-06-25 19:44:54 . 2009-06-25 19:44:54 0 d-----w- C:\Program Files\Common Files\Macrovision Shared
2009-06-25 17:24:47 . 2009-06-25 16:52:22 0 d-----w- C:\Documents and Settings\Sean\Application Data\gtk-2.0
2009-06-25 00:30:06 . 2009-06-25 00:21:06 0 d-----w- C:\Documents and Settings\Sean\Application Data\MilkShape 3D 1.x.x
2009-06-25 00:29:29 . 2009-06-25 00:29:24 0 d-----w- C:\Program Files\GIMP-2.0
2009-06-25 00:21:09 . 2009-06-25 00:09:45 0 d-----w- C:\Program Files\MilkShape 3D 1.8.4
2009-06-16 14:55:16 . 2004-08-04 12:00:00 82432 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-16 14:55:16 . 2004-08-04 12:00:00 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-12 11:50:53 . 2004-08-04 12:00:00 76288 ----a-w- C:\WINDOWS\system32\telnet.exe
2009-06-10 14:21:48 . 2004-08-04 12:00:00 84992 ----a-w- C:\WINDOWS\system32\avifil32.dll
2009-06-10 06:32:40 . 2004-08-04 12:00:00 132096 ----a-w- C:\WINDOWS\system32\wkssvc.dll
2009-06-09 15:06:50 . 2007-03-13 21:37:27 1871872 ----a-w- C:\WINDOWS\system32\mstscax.dll
2009-06-03 19:27:58 . 2004-08-04 12:00:00 1290752 ----a-w- C:\WINDOWS\system32\quartz.dll
2007-03-14 18:55:30 . 2007-03-14 18:55:30 338 ----a-w- C:\Program Files\Shortcut to My Documents.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 18:51:28 3885408]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24:37 1694208]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 19:43:14 95800]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2009-02-24 18:20:06 1103216]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 09:18:24 3660848]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2009-04-29 17:55:24 3338240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-03-21 18:41:50 90112]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 16:34:18 4347120]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 15:21:06 50472]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-23 14:17:06 21755688]
"nodenable"="C:\Program Files\eset\nodenable.exe" [2008-09-23 15:48:39 326823]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 02:35:40 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 02:32:24 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 02:36:20 114688]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-12-07 06:59:49 935936]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 17:39:04 40960]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 07:07:30 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-20 19:35:23 185896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22:00 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22:00 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27:04 144784]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42:24 165416]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-04-20 18:17:36 258048]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 13:34:08 936960]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-15 13:21:54 675840]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40:44 155648]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 16:27:40 177472]
"fssui"="C:\Program Files\Windows Live\Family Safety\fsui.exe" [2009-02-06 18:08:58 454000]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2009-03-19 10:44:28 2029640]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 15:18:48 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-03-12 19:56:58 342312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 16:10:28 35696]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 12:00:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 12:00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 12:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 12:00:00 455168]
"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2006-10-22 11:22:00 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-11-24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"14384:TCP"= 14384:TCP:*:Disabled:SolidNetworkManager
"14384:UDP"= 14384:UDP:*:Disabled:SolidNetworkManager
"58056:TCP"= 58056:TCP:Pando Media Booster
"58056:UDP"= 58056:UDP:Pando Media Booster

R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [19/03/2009 11:44:34 107256]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\ekrn.exe [19/03/2009 11:44:50 731840]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\drivers\fssfltr_tdi.sys [13/01/2009 20:17:16 55136]
R2 fsssvc;Windows Live Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08:58 533360]
S2 gupdate1c9faa0228a476e;Google Update Service (gupdate1c9faa0228a476e);C:\Program Files\Google\Update\GoogleUpdate.exe [02/07/2009 00:03:22 133104]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\C:\DOCUME~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys --> C:\DOCUME~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys --> E:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57:18 . 2008-07-30 12:34:12]

2009-08-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-01 23:03:22 . 2009-07-01 23:03:10]

2009-08-22 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-01 23:03:22 . 2009-07-01 23:03:10]

2009-08-23 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 16:20:34 . 2007-08-02 16:20:34]

2009-08-20 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 16:20:34 . 2007-08-02 16:20:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

ken545
2009-08-23, 04:03
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Rootkit::




Rootkit::
c:\windows\system32\uacrem.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]



Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Icaru
2009-08-23, 04:59
ComboFix 09-08-22.06 - Sean 23/08/2009 2:24.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1493 [GMT 1:00]
Running from: c:\documents and settings\Sean\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Sean\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA189
-------\Legacy_XDVA223
-------\Legacy_XDVA248
-------\Service_XDva189
-------\Service_XDva223
-------\Service_XDva248


((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-21 20:54 . 2009-08-21 20:54 0 ----a-w- c:\documents and settings\Sean\settings.dat
2009-08-21 00:02 . 2009-08-21 00:02 -------- d-----w- c:\program files\ERUNT
2009-08-20 22:56 . 2009-08-20 22:56 -------- d-----w- c:\program files\Trend Micro
2009-08-20 22:48 . 2009-08-20 22:48 -------- d-----w- c:\documents and settings\Sean\DoctorWeb
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-08-20 15:23 . 2009-08-20 15:23 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 14:47 . 2009-08-20 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 14:47 . 2009-08-20 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 00:29 . 2002-12-02 00:18 142848 ----a-w- c:\windows\gamedelete.exe
2009-08-13 01:42 . 2009-08-13 01:42 -------- d-----w- c:\windows\ServicePackFiles
2009-08-11 01:06 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY.users
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\program files\SogouInput
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY
2009-08-11 00:54 . 2009-08-11 00:54 -------- d-----w- c:\program files\optic
2009-08-10 19:24 . 2009-08-10 19:24 1 ----a-w- c:\windows\AR.DAT
2009-08-10 18:45 . 2004-08-04 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-08-10 18:44 . 2004-08-04 12:00 36927 ----a-w- c:\windows\system32\dllcache\padrs411.dll
2009-08-10 18:01 . 2009-08-11 13:16 -------- d-----w- c:\program files\Microsoft Works
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-07 02:06 . 2009-08-07 02:07 -------- d-----w- C:\e793a28d994623889e46ab28e0089a61
2009-07-31 20:16 . 2009-07-31 22:27 -------- d-----w- c:\program files\Galaxy Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 14:54 . 2008-02-26 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-21 21:08 . 2007-07-07 21:55 -------- d-----w- c:\documents and settings\Sean\Application Data\BitTorrent
2009-08-21 21:08 . 2007-07-07 21:54 -------- d-----w- c:\program files\BitTorrent
2009-08-21 20:51 . 2008-05-08 15:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-21 01:44 . 2008-11-09 17:17 -------- d-----w- c:\documents and settings\Sean\Application Data\Skype
2009-08-19 23:44 . 2009-04-17 23:53 -------- d-----w- c:\program files\Zoom
2009-08-19 20:04 . 2008-11-09 17:19 -------- d-----w- c:\documents and settings\Sean\Application Data\skypePM
2009-08-14 01:37 . 2007-03-14 18:51 62296 ----a-w- c:\documents and settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 19:02 . 2008-03-27 20:07 52392 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 13:27 . 2008-10-13 20:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:21 . 2009-07-21 21:21 -------- d-----w- c:\program files\Lionhead Studios
2009-07-21 21:21 . 2007-03-14 19:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:19 . 2008-10-05 19:40 -------- d-----w- c:\program files\AIMTunes
2009-07-14 13:55 . 2007-11-23 14:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 19:54 . 2007-12-02 16:32 -------- d-----w- c:\program files\NoAdware5.0
2009-07-07 15:04 . 2008-12-02 16:37 -------- d-----w- c:\program files\EA GAMES
2009-07-07 01:44 . 2007-03-14 17:56 7040 ----a-w- c:\documents and settings\Sean\Application Data\wklnhst.dat
2009-07-01 23:05 . 2009-07-01 23:03 -------- d-----w- c:\program files\Google
2009-07-01 23:04 . 2007-07-14 22:12 -------- d-----w- c:\program files\DivX
2009-07-01 23:03 . 2009-07-01 23:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-29 16:12 . 2004-08-04 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-27 21:46 . 2009-06-27 21:46 -------- d-----w- c:\program files\gPotato.eu
2009-06-25 22:39 . 2009-06-25 22:27 -------- d-----w- c:\program files\Sim File Maid 2
2009-06-25 21:59 . 2008-12-24 23:47 -------- d-----w- c:\program files\SimPE
2009-06-25 20:13 . 2009-06-25 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-25 20:02 . 2007-03-19 20:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 19:44 . 2009-06-25 19:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-25 17:24 . 2009-06-25 16:52 -------- d-----w- c:\documents and settings\Sean\Application Data\gtk-2.0
2009-06-25 00:30 . 2009-06-25 00:21 -------- d-----w- c:\documents and settings\Sean\Application Data\MilkShape 3D 1.x.x
2009-06-25 00:29 . 2009-06-25 00:29 -------- d-----w- c:\program files\GIMP-2.0
2009-06-25 00:21 . 2009-06-25 00:09 -------- d-----w- c:\program files\MilkShape 3D 1.8.4
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:06 . 2007-03-13 21:37 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2007-03-14 18:55 . 2007-03-14 18:55 338 ----a-w- c:\program files\Shortcut to My Documents.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-02-24 1103216]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-03-21 90112]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"nodenable"="c:\program files\eset\nodenable.exe" [2008-09-23 326823]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-20 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-04-20 258048]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 936960]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe [2007-11-24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"14384:TCP"= 14384:TCP:*:Disabled:SolidNetworkManager
"14384:UDP"= 14384:UDP:*:Disabled:SolidNetworkManager
"58056:TCP"= 58056:TCP:Pando Media Booster
"58056:UDP"= 58056:UDP:Pando Media Booster

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19/03/2009 11:44 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13/01/2009 20:17 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S2 gupdate1c9faa0228a476e;Google Update Service (gupdate1c9faa0228a476e);c:\program files\Google\Update\GoogleUpdate.exe [02/07/2009 00:03 133104]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys --> c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]

2009-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 23:03]

2009-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 23:03]

2009-08-23 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2009-08-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 02:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d8,f7,ef,71,83,3b,ad,86,57,0d,a1,b2,40,1e,91,0a,4f,28,05,9d,f1,37,e4,
14,1a,c4,a3,ee,0c,a2,c6,53,22,35,fb,2a,a1,fd,2e,e3,96,a0,c8,5e,83,ee,20,95,\
"??"=hex:a4,ee,4a,3b,4b,a3,71,34,58,d2,24,9c,da,5f,85,a2

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:89,4c,3b,87,e6,31,66,1e,1c,33,35,cd,4f,a6,f6,c5,93,c0,47,8b,8d,
74,4c,80,db,80,f2,a2,42,c7,da,3f,0d,a2,a5,99,9f,ca,b0,dd,3b,1d,d7,e9,aa,31,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,55,d4,b7,59,44,
69,58,08,e2,63,26,f1,3f,c8,ff,68,3a,73,bb,94,1c,ae,ff,8e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8d,75,0a,51,3e,
e0,50,0e,6a,9c,d6,61,af,45,84,18,8c,07,4f,db,21,48,ce,32,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,e7,03,b3,54,a2,
a2,6f,a6,ff,7c,85,e0,43,d4,0e,fe,33,6b,37,b7,62,9b,0d,87,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,3e,ca,40,20,d3,
97,2e,a9,86,8c,21,01,be,91,eb,e7,bf,88,df,68,5e,e3,29,fd,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d6,91,fd,ac,68,
89,e0,c6,f5,1d,4d,73,a8,13,5c,05,9a,4e,a2,bf,2b,6f,60,c8,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,03,06,4b,b6,f5,
0d,07,8c,df,20,58,62,78,6b,cf,c8,6b,7d,7a,61,c7,ba,9b,df,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7d,a5,b4,1e,93,
9d,6c,d5,fb,a7,78,e6,12,2f,9a,ea,43,12,9f,72,fc,0e,bc,29,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,9f,00,91,cc,76,
2f,ab,ed,01,3a,48,fc,e8,04,4a,f1,28,a5,48,48,d5,1d,e7,53,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,27,ef,32,f3,9d,
1a,0a,06,f6,0f,4e,58,98,5b,89,c9,22,50,fd,70,3d,ac,73,13,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,40,41,1c,b5,ce,
1d,3f,3f,3d,ce,ea,26,2d,45,aa,78,c8,b5,35,a5,99,4f,63,d9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,d8,3a,7c,d5,0a,
19,f0,1b,2a,b7,cc,b5,b9,7f,41,e7,9b,a8,b7,22,03,9c,bd,09,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,b3,b9,fa,3e,dd,
05,d6,4f,6c,43,2d,1e,aa,22,2f,9c,49,5e,02,d7,a1,0b,65,53,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\BT Broadband Desktop Help\bin\mpbtn.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-08-23 2:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 01:54
ComboFix2.txt 2009-08-22 15:32
ComboFix3.txt 2009-08-22 00:37

Pre-Run: 8,542,302,208 bytes free
Post-Run: 8,585,822,208 bytes free

330 --- E O F --- 2009-08-14 01:42


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:55:35, on 23/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Microsoft IME (Japanese) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173835372765
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9faa0228a476e) (gupdate1c9faa0228a476e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13524 bytes

ken545
2009-08-23, 13:35
Hi,

If you know what this is and use it than leave it be otherwise remove it with HJT
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab



RegCure <--Registry cleaners are not recommended, remove the wrong entries and you can severely damage your computer, if it removes not needed entries you will see no difference in system performance.



Lets update your Java to make your system more secure

Download the latest version Here (http://java.sun.com/javase/downloads/index.jsp) save it, do not install it yet.

Java SE Runtime Environment (JRE)JRE 6 Update 15 <--The wording is confusing but this is what you need


Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version

You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)



The rest of your logs look fine, lets run an online virus scanner to make sure we got it all.

Please run this free online virus scanner from ESET (http://www.eset.eu/online-scanner)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Icaru
2009-08-23, 21:30
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=6278d20e83ee89429cfd3fe3fdc3cb31
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-08-23 06:02:45
# local_time=2009-08-23 07:02:45 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8201 21 100 100 87757656250
# scanned=184282
# found=0
# cleaned=0
# scan_time=8333
# nod_component=V3 Build:0x30000000

ken545
2009-08-23, 22:53
Great :bigthumb:

How are things running now ?

Icaru
2009-08-23, 23:00
Much faster and smoother now, thanks for the help. :thanks:

ken545
2009-08-23, 23:35
Great :bigthumb:

Your Operating System is badly outdated , you need to open IE and go to Tools> Windows Updates and download and install all critical updates including SP3 Service Pack 3 and Internet Explorer 8



RootRepeal <--Drag it to the trash

ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

RootRepeal <--Drag it to the trash

TFC <--Yours to keep, run it about once aweek to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system


Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png


When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



Safe Surfn
Ken

Icaru
2009-08-24, 00:15
Once again thank you, for your help :)

ken545
2009-08-24, 01:47
Your very welcome,

Take Care,

Ken :)