Please help with zlob Virus I think it was called

**Necroelf** · 2008-10-27, 01:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\Impulse\Impulse.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: (no name) - {970796E4-14B9-4C30-AC31-C21091937229} - C:\WINDOWS\system32\khfCtsSm.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O3 - Toolbar: bkqxdons - {BF54CDC2-E0D2-4C75-8BB5-CF71F1DD2AE5} - C:\WINDOWS\TEMP\ac8zt2\bkqxdons.dll (file missing)
O3 - Toolbar: bkqxdons - {EF331C30-03C4-4CC9-B520-E4C41DB9AFAE} - C:\WINDOWS\TEMP\ac8zt2\bkqxdons.dll (file missing)
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [RegistryMechanic] F:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ImpulseFastStart] "C:\Program Files\Stardock\Impulse\Impulse.exe" /fastload
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1215054470233
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215054633498
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - Winlogon Notify: khfCtsSm - C:\WINDOWS\SYSTEM32\khfCtsSm.dll
O20 - Winlogon Notify: SSOExec - %windir%\temp\sso\ssoexec.dll (file missing)
O21 - SSODL: qnflkotm - {B39F06D5-E585-47FF-9890-C9F015D052C3} - \qnflkotm.dll
O21 - SSODL: vwnskbot - {156C30CE-C895-4F00-9B6C-F0FA42E08239} - C:\WINDOWS\vwnskbot.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12786 bytes

**Shaba** · 2008-10-27, 09:35

Hi Necroelf

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

**Necroelf** · 2008-10-27, 12:09

Sorry again that it took so long I ended up having to run combofix 2 times the first time it had found and delted some files, and it did the log but I wasn't able to connect to the internet or anything. So I ran it again adn this is the log from the second time.

ComboFix 08-10-25.01 - Necro 2008-10-27 5:47:31.2 - NTFSx86
Running from: C:\Documents and Settings\Necro\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-26 22:06 . 2008-10-26 22:06 93 --a------ C:\WINDOWS\wininit.ini
2008-10-26 20:07 . 2008-10-26 20:07 <DIR> d-------- C:\WINDOWS\WinRAR
2008-10-26 19:24 . 2008-10-26 19:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 13:37 . 2008-10-24 06:26 344,064 --a------ C:\vwnskbot.dll
2008-10-26 13:37 . 2008-10-24 06:26 327,680 --a------ C:\qnflkotm.dll
2008-10-26 12:54 . 2008-10-26 13:34 <DIR> d-------- C:\Program Files\SinEpisodes
2008-10-26 02:23 . 2008-10-26 02:23 <DIR> d-------- C:\Program Files\JoWooD
2008-10-26 01:05 . 2008-10-26 02:18 <DIR> d-------- C:\Program Files\Steam
2008-10-24 02:29 . 2008-10-24 02:55 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\SPORE
2008-10-24 01:32 . 2008-10-15 11:34 337,408 --a------ C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 03:19 . 2008-10-22 15:13 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-10-22 03:19 . 2008-10-22 03:19 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-10-22 03:06 . 2008-10-22 03:06 <DIR> d-------- C:\Program Files\SpellForce
2008-10-21 11:11 . 2008-10-21 13:31 <DIR> d-------- C:\Program Files\Crysis Warhead
2008-10-20 22:04 . 2008-10-20 22:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-10-20 22:00 . 2008-10-20 22:00 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-20 04:28 . 2008-10-20 04:28 <DIR> d-------- C:\Program Files\DIFX
2008-10-20 04:20 . 2008-10-20 04:20 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-10-20 00:17 . 2008-10-20 00:17 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Friday's games
2008-10-20 00:15 . 2008-10-20 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Saved Games
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\iWin
2008-10-19 23:24 . 2008-10-19 23:24 0 --a------ C:\WINDOWS\Game.INI
2008-10-19 16:19 . 2007-12-03 14:35 340,040 --a------ C:\WINDOWS\CSWSKAX5.OCX
2008-10-19 07:18 . 2008-10-19 07:18 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-10-19 03:16 . 2008-10-19 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-10-18 23:16 . 2008-10-18 23:16 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\WildTangent
2008-10-18 04:07 . 2008-10-18 06:12 <DIR> d-------- C:\Program Files\Ground Control II
2008-10-18 04:06 . 2008-10-18 04:06 <DIR> d-------- C:\Sierra
2008-10-15 23:54 . 2008-10-15 23:56 <DIR> d-------- C:\WINDOWS\NV31521380.TMP
2008-10-15 23:54 . 2008-10-07 13:33 201,157 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-10-15 23:53 . 2008-10-15 23:53 <DIR> d-------- C:\NVIDIA
2008-10-15 23:48 . 2008-10-15 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-15 23:33 . 2008-10-15 23:44 <DIR> d-------- C:\WINDOWS\NV27362932.TMP
2008-10-15 18:52 . 2003-03-12 15:48 2,359,352 --a------ C:\WINDOWS\Krypto_BG.bmp
2008-10-15 03:42 . 2008-10-15 03:42 <DIR> d-------- C:\Program Files\CD Projekt
2008-10-15 03:09 . 2008-09-08 05:41 333,824 --a------ C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:08 . 2008-08-14 05:11 2,189,184 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 03:08 . 2008-08-14 05:09 2,145,280 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,066,048 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,023,936 --a------ C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 03:08 . 2008-09-15 07:12 1,846,400 --a------ C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 16:51 . 2008-10-14 16:51 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Disney Interactive Studios
2008-10-14 16:38 . 2008-10-14 16:38 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 16:38 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-10-14 16:38 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-14 16:38 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-10-14 16:38 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-10-14 16:38 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-10-14 16:38 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-14 16:36 . 2008-10-14 16:48 1,049 --a------ C:\WINDOWS\disney.ini
2008-10-13 04:14 . 2008-10-15 04:13 <DIR> d-------- C:\Program Files\Stardock Games
2008-10-13 02:21 . 2008-10-14 03:29 112 --a------ C:\WINDOWS\SpaceForce-RU.cfg
2008-10-13 02:13 . 2008-10-13 02:13 <DIR> d-------- C:\Program Files\Dreamcatcher
2008-10-12 23:35 . 2008-10-27 05:55 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-10-12 23:25 . 2008-10-12 23:25 <DIR> d-------- C:\Program Files\WinCustomize
2008-10-12 23:25 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-10-12 23:25 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-10-12 23:23 . 2008-10-15 19:50 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-10-12 22:50 . 2008-10-12 22:50 0 --a------ C:\WINDOWS\WB.ini
2008-10-12 22:34 . 2008-05-06 15:25 58,616 --a------ C:\WINDOWS\system32\wbload.dll
2008-10-12 22:34 . 2008-04-28 11:35 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-10-12 22:32 . 2003-02-08 13:03 748,544 --a------ C:\WINDOWS\system32\bandvwm.dll
2008-10-12 17:58 . 2008-10-12 17:58 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\CyberLink
2008-10-12 17:40 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-10-12 17:40 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-10-12 17:40 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-10-11 15:08 . 2008-10-11 15:08 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-10-11 04:18 . 2008-10-11 04:18 <DIR> d-------- C:\Program Files\Lighthouse Interactive
2008-10-10 19:37 . 2008-10-10 19:37 <DIR> d-------- C:\Program Files\EA Games
2008-10-10 06:52 . 2008-10-10 06:52 <DIR> d-------- C:\Program Files\Cinemaware
2008-10-09 21:35 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-10-09 20:47 . 2008-10-09 20:47 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-09 20:09 . 2008-10-20 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-10-09 19:23 . 2008-10-09 19:23 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Activision
2008-10-09 06:14 . 2008-10-09 06:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-09 03:19 . 2008-10-09 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-07 19:16 . 2008-10-07 19:16 <DIR> dr-h----- C:\Documents and Settings\Necro\Application Data\SecuROM
2008-10-07 19:16 . 2008-10-07 19:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-06 17:46 . 2008-10-06 17:58 <DIR> d-------- C:\WINDOWS\NV2252588.TMP
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-06 16:22 . 2008-10-06 16:24 4,156 --a------ C:\fix.reg
2008-10-05 19:27 . 2008-10-12 17:40 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Apple Computer
2008-10-05 19:26 . 2008-10-22 18:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-05 19:15 . 2008-10-05 19:15 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{CB371711-F700-43CC-ACE0-9ADC5CEBBA81}
2008-10-05 19:07 . 2008-10-12 22:36 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Stardock
2008-10-05 19:06 . 2008-10-15 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Stardock
2008-10-05 19:01 . 2008-10-05 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-05 18:57 . 2008-10-05 18:57 <DIR> d-------- C:\Program Files\QuickTime
2008-10-05 18:57 . 2008-10-19 18:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-05 18:57 . 2008-10-19 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-05 16:06 . 2008-04-13 19:11 650,752 --a------ C:\WINDOWS\system32\dot3ui.dll
2008-10-05 16:05 . 2008-04-13 19:11 233,472 --a------ C:\WINDOWS\system32\azroles.dll
2008-10-05 16:05 . 2008-04-13 19:11 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-10-05 01:44 . 2008-10-05 01:44 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-05 01:43 . 2008-10-05 01:43 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-05 00:59 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-10-05 00:59 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-10-05 00:59 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-10-05 00:49 . 2008-10-05 00:49 285 --a------ C:\WINDOWS\vtmb.ini
2008-10-05 00:39 . 2008-10-25 00:51 <DIR> d-------- C:\Program Files\Vuze
2008-10-05 00:32 . 2008-10-05 00:32 361 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-10-05 00:21 . 2008-10-05 00:21 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\InstallShield
2008-10-05 00:01 . 2008-10-05 00:25 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-05 00:01 . 2008-10-05 00:25 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-05 00:00 . 2008-10-05 00:59 <DIR> d-------- C:\Program Files\Symantec
2008-10-05 00:00 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-04 23:49 . 2008-10-04 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-04 23:44 . 2008-10-03 12:41 6,066,176 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-04 23:44 . 2007-04-17 04:32 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-04 23:44 . 2007-03-08 00:10 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-04 23:44 . 2008-08-26 02:24 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-04 23:44 . 2008-08-26 02:24 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-04 23:44 . 2008-08-26 02:24 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-04 23:44 . 2008-08-26 02:24 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-04 23:44 . 2008-08-26 02:24 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-04 23:44 . 2008-08-25 03:38 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-04 23:42 . 2008-04-11 14:04 691,712 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-04 22:12 . 2008-10-04 22:12 1,430,808 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2008-10-04 22:12 . 2008-10-04 22:14 1,024 --a------ C:\WINDOWS\system32\AutoPartNt.let
2008-10-04 21:51 . 2008-10-04 21:51 <DIR> d-------- C:\Program Files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-27 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-26 20:45 --------- d-----w C:\Documents and Settings\Necro\Application Data\Azureus
2008-10-25 05:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-18 09:15 --------- d-----w C:\Documents and Settings\Necro\Application Data\IGN_DLM
2008-10-13 04:02 --------- d-----w C:\Documents and Settings\Necro\Application Data\Yahoo!
2008-10-12 22:56 --------- d--h--w C:\Program Files\Creative Installation Information
2008-10-10 02:35 0 ----a-w C:\Program Files\temp01
2008-10-07 18:33 6,133,856 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-10-06 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-10-05 05:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-05 05:25 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-04 22:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-07-02 07:12 84 --sh--w C:\Program Files\desktop.ini
2008-07-02 05:36 3,022,457 --sha-w C:\Documents and Settings\Necro\rundll32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ImpulseFastStart"="C:\Program Files\Stardock\Impulse\Impulse.exe" [2008-10-14 1717616]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13574144]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" [2004-04-26 270336]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2006-03-17 C:\WINDOWS\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qnflkotm"= {B39F06D5-E585-47FF-9890-C9F015D052C3} - \qnflkotm.dll [2008-10-24 327680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-22 16:59 174328 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SEGA\\Universe At War Earth Assault\\UAWEA.exe"=

R0 BootScreen;BootScreen;C:\WINDOWS\\SystemRoot\System32\drivers\vidstub.sys []
R3 GameConsoleService;GameConsoleService;C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-10-02 20:20]
R3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 10:00]
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]
R4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.syS []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-21 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Necro.job
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-<NO NAME> - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
R0 -: HKLM-Main,Search Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 05:55:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\COMMON~1\Stardock\sdmcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
.
**************************************************************************
.
Completion time: 2008-10-27 6:03:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-27 11:03:48
ComboFix2.txt 2008-10-27 10:35:07

Pre-Run: 373,169,987,584 bytes free
Post-Run: 373,192,777,728 bytes free

282 --- E O F --- 2008-10-21 09:44:48

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:04, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\Impulse\Impulse.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ImpulseFastStart] "C:\Program Files\Stardock\Impulse\Impulse.exe" /fastload
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1215054470233
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215054633498
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5102/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{11DACA1C-85EB-4833-8366-9596924E65AD}: NameServer = 66.73.20.40 206.141.193.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{11DACA1C-85EB-4833-8366-9596924E65AD}: NameServer = 66.73.20.40 206.141.193.55
O21 - SSODL: qnflkotm - {B39F06D5-E585-47FF-9890-C9F015D052C3} - \qnflkotm.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11241 bytes

**Shaba** · 2008-10-27, 12:18

Please post also contents of that first combofix log; it should be in C:\ and filename ComboFix2.txt

**Necroelf** · 2008-10-27, 12:20

ComboFix 08-10-25.01 - Necro 2008-10-27 5:47:31.2 - NTFSx86
Running from: C:\Documents and Settings\Necro\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-26 22:06 . 2008-10-26 22:06 93 --a------ C:\WINDOWS\wininit.ini
2008-10-26 20:07 . 2008-10-26 20:07 <DIR> d-------- C:\WINDOWS\WinRAR
2008-10-26 19:24 . 2008-10-26 19:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 13:37 . 2008-10-24 06:26 344,064 --a------ C:\vwnskbot.dll
2008-10-26 13:37 . 2008-10-24 06:26 327,680 --a------ C:\qnflkotm.dll
2008-10-26 12:54 . 2008-10-26 13:34 <DIR> d-------- C:\Program Files\SinEpisodes
2008-10-26 02:23 . 2008-10-26 02:23 <DIR> d-------- C:\Program Files\JoWooD
2008-10-26 01:05 . 2008-10-26 02:18 <DIR> d-------- C:\Program Files\Steam
2008-10-24 02:29 . 2008-10-24 02:55 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\SPORE
2008-10-24 01:32 . 2008-10-15 11:34 337,408 --a------ C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 03:19 . 2008-10-22 15:13 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-10-22 03:19 . 2008-10-22 03:19 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-10-22 03:06 . 2008-10-22 03:06 <DIR> d-------- C:\Program Files\SpellForce
2008-10-21 11:11 . 2008-10-21 13:31 <DIR> d-------- C:\Program Files\Crysis Warhead
2008-10-20 22:04 . 2008-10-20 22:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-10-20 22:00 . 2008-10-20 22:00 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-20 04:28 . 2008-10-20 04:28 <DIR> d-------- C:\Program Files\DIFX
2008-10-20 04:20 . 2008-10-20 04:20 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-10-20 00:17 . 2008-10-20 00:17 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Friday's games
2008-10-20 00:15 . 2008-10-20 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Saved Games
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\iWin
2008-10-19 23:24 . 2008-10-19 23:24 0 --a------ C:\WINDOWS\Game.INI
2008-10-19 16:19 . 2007-12-03 14:35 340,040 --a------ C:\WINDOWS\CSWSKAX5.OCX
2008-10-19 07:18 . 2008-10-19 07:18 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-10-19 03:16 . 2008-10-19 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-10-18 23:16 . 2008-10-18 23:16 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\WildTangent
2008-10-18 04:07 . 2008-10-18 06:12 <DIR> d-------- C:\Program Files\Ground Control II
2008-10-18 04:06 . 2008-10-18 04:06 <DIR> d-------- C:\Sierra
2008-10-15 23:54 . 2008-10-15 23:56 <DIR> d-------- C:\WINDOWS\NV31521380.TMP
2008-10-15 23:54 . 2008-10-07 13:33 201,157 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-10-15 23:53 . 2008-10-15 23:53 <DIR> d-------- C:\NVIDIA
2008-10-15 23:48 . 2008-10-15 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-15 23:33 . 2008-10-15 23:44 <DIR> d-------- C:\WINDOWS\NV27362932.TMP
2008-10-15 18:52 . 2003-03-12 15:48 2,359,352 --a------ C:\WINDOWS\Krypto_BG.bmp
2008-10-15 03:42 . 2008-10-15 03:42 <DIR> d-------- C:\Program Files\CD Projekt
2008-10-15 03:09 . 2008-09-08 05:41 333,824 --a------ C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:08 . 2008-08-14 05:11 2,189,184 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 03:08 . 2008-08-14 05:09 2,145,280 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,066,048 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,023,936 --a------ C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 03:08 . 2008-09-15 07:12 1,846,400 --a------ C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 16:51 . 2008-10-14 16:51 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Disney Interactive Studios
2008-10-14 16:38 . 2008-10-14 16:38 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 16:38 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-10-14 16:38 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-14 16:38 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-10-14 16:38 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-10-14 16:38 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-10-14 16:38 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-14 16:36 . 2008-10-14 16:48 1,049 --a------ C:\WINDOWS\disney.ini
2008-10-13 04:14 . 2008-10-15 04:13 <DIR> d-------- C:\Program Files\Stardock Games
2008-10-13 02:21 . 2008-10-14 03:29 112 --a------ C:\WINDOWS\SpaceForce-RU.cfg
2008-10-13 02:13 . 2008-10-13 02:13 <DIR> d-------- C:\Program Files\Dreamcatcher
2008-10-12 23:35 . 2008-10-27 05:55 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-10-12 23:25 . 2008-10-12 23:25 <DIR> d-------- C:\Program Files\WinCustomize
2008-10-12 23:25 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-10-12 23:25 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-10-12 23:23 . 2008-10-15 19:50 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-10-12 22:50 . 2008-10-12 22:50 0 --a------ C:\WINDOWS\WB.ini
2008-10-12 22:34 . 2008-05-06 15:25 58,616 --a------ C:\WINDOWS\system32\wbload.dll
2008-10-12 22:34 . 2008-04-28 11:35 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-10-12 22:32 . 2003-02-08 13:03 748,544 --a------ C:\WINDOWS\system32\bandvwm.dll
2008-10-12 17:58 . 2008-10-12 17:58 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\CyberLink
2008-10-12 17:40 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-10-12 17:40 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-10-12 17:40 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-10-11 15:08 . 2008-10-11 15:08 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-10-11 04:18 . 2008-10-11 04:18 <DIR> d-------- C:\Program Files\Lighthouse Interactive
2008-10-10 19:37 . 2008-10-10 19:37 <DIR> d-------- C:\Program Files\EA Games
2008-10-10 06:52 . 2008-10-10 06:52 <DIR> d-------- C:\Program Files\Cinemaware
2008-10-09 21:35 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-10-09 20:47 . 2008-10-09 20:47 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-09 20:09 . 2008-10-20 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-10-09 19:23 . 2008-10-09 19:23 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Activision
2008-10-09 06:14 . 2008-10-09 06:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-09 03:19 . 2008-10-09 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-07 19:16 . 2008-10-07 19:16 <DIR> dr-h----- C:\Documents and Settings\Necro\Application Data\SecuROM
2008-10-07 19:16 . 2008-10-07 19:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-06 17:46 . 2008-10-06 17:58 <DIR> d-------- C:\WINDOWS\NV2252588.TMP
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-06 16:22 . 2008-10-06 16:24 4,156 --a------ C:\fix.reg
2008-10-05 19:27 . 2008-10-12 17:40 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Apple Computer
2008-10-05 19:26 . 2008-10-22 18:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-05 19:15 . 2008-10-05 19:15 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{CB371711-F700-43CC-ACE0-9ADC5CEBBA81}
2008-10-05 19:07 . 2008-10-12 22:36 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Stardock
2008-10-05 19:06 . 2008-10-15 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Stardock
2008-10-05 19:01 . 2008-10-05 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-05 18:57 . 2008-10-05 18:57 <DIR> d-------- C:\Program Files\QuickTime
2008-10-05 18:57 . 2008-10-19 18:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-05 18:57 . 2008-10-19 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-05 16:06 . 2008-04-13 19:11 650,752 --a------ C:\WINDOWS\system32\dot3ui.dll
2008-10-05 16:05 . 2008-04-13 19:11 233,472 --a------ C:\WINDOWS\system32\azroles.dll
2008-10-05 16:05 . 2008-04-13 19:11 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-10-05 01:44 . 2008-10-05 01:44 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-05 01:43 . 2008-10-05 01:43 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-05 00:59 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-10-05 00:59 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-10-05 00:59 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-10-05 00:49 . 2008-10-05 00:49 285 --a------ C:\WINDOWS\vtmb.ini
2008-10-05 00:39 . 2008-10-25 00:51 <DIR> d-------- C:\Program Files\Vuze
2008-10-05 00:32 . 2008-10-05 00:32 361 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-10-05 00:21 . 2008-10-05 00:21 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\InstallShield
2008-10-05 00:01 . 2008-10-05 00:25 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-05 00:01 . 2008-10-05 00:25 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-05 00:00 . 2008-10-05 00:59 <DIR> d-------- C:\Program Files\Symantec
2008-10-05 00:00 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-04 23:49 . 2008-10-04 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-04 23:44 . 2008-10-03 12:41 6,066,176 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-04 23:44 . 2007-04-17 04:32 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-04 23:44 . 2007-03-08 00:10 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-04 23:44 . 2008-08-26 02:24 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-04 23:44 . 2008-08-26 02:24 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-04 23:44 . 2008-08-26 02:24 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-04 23:44 . 2008-08-26 02:24 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-04 23:44 . 2008-08-26 02:24 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-04 23:44 . 2008-08-25 03:38 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-04 23:42 . 2008-04-11 14:04 691,712 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-04 22:12 . 2008-10-04 22:12 1,430,808 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2008-10-04 22:12 . 2008-10-04 22:14 1,024 --a------ C:\WINDOWS\system32\AutoPartNt.let
2008-10-04 21:51 . 2008-10-04 21:51 <DIR> d-------- C:\Program Files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-27 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-26 20:45 --------- d-----w C:\Documents and Settings\Necro\Application Data\Azureus
2008-10-25 05:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-18 09:15 --------- d-----w C:\Documents and Settings\Necro\Application Data\IGN_DLM
2008-10-13 04:02 --------- d-----w C:\Documents and Settings\Necro\Application Data\Yahoo!
2008-10-12 22:56 --------- d--h--w C:\Program Files\Creative Installation Information
2008-10-10 02:35 0 ----a-w C:\Program Files\temp01
2008-10-07 18:33 6,133,856 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-10-06 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-10-05 05:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-05 05:25 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-04 22:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-07-02 07:12 84 --sh--w C:\Program Files\desktop.ini
2008-07-02 05:36 3,022,457 --sha-w C:\Documents and Settings\Necro\rundll32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ImpulseFastStart"="C:\Program Files\Stardock\Impulse\Impulse.exe" [2008-10-14 1717616]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13574144]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" [2004-04-26 270336]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2006-03-17 C:\WINDOWS\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qnflkotm"= {B39F06D5-E585-47FF-9890-C9F015D052C3} - \qnflkotm.dll [2008-10-24 327680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-22 16:59 174328 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SEGA\\Universe At War Earth Assault\\UAWEA.exe"=

R0 BootScreen;BootScreen;C:\WINDOWS\\SystemRoot\System32\drivers\vidstub.sys []
R3 GameConsoleService;GameConsoleService;C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-10-02 20:20]
R3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 10:00]
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]
R4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.syS []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-21 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Necro.job
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-<NO NAME> - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
R0 -: HKLM-Main,Search Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 05:55:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\COMMON~1\Stardock\sdmcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
.
**************************************************************************
.
Completion time: 2008-10-27 6:03:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-27 11:03:48
ComboFix2.txt 2008-10-27 10:35:07

Pre-Run: 373,169,987,584 bytes free
Post-Run: 373,192,777,728 bytes free

282 --- E O F --- 2008-10-21 09:44:48

**Shaba** · 2008-10-27, 13:08

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

**Necroelf** · 2008-10-27, 17:39

Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
AppCore
Apple Software Update
AT&T Yahoo! Applications
AV
BootSkin
Born of Blood
ccCommon
Component Tray
Creative EAX Console
Creative MediaSource
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
DarkCrusade
Data Lifeguard Tools
Dawn of War - Soulstorm
Desktop Gadgets
DesktopX
Download Manager 2.3.6
EA Download Manager
Galactic Civilizations II
GalCiv II - Dark Avatar
GalCiv II - Twilight of the Arnor
getPlus(R) for Adobe
Ground Control
Ground Control II
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
HP Deskjet 3900 series
HP Extended Capabilities 5.0
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
IconDeveloper
IconPackager 4
IconX
Impulse
Impulse
Keyboard Launchpad
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech GamePanel Software 2.02
Logitech Gaming Software 5.02
LogonStudio
MagicTune Premium
Mercenaries 2: World in Flames(tm)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Natural Color Pro
neroxml
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
NVIDIA Drivers
NVIDIA PhysX v8.04.25
NVIDIA WDM Drivers
Object Desktop Documentation
Object Desktop Launchpad
ObjectBar
ObjectDock Plus
OceanDive 1.2
PowerISO
Pure
QuickTime
Registry Mechanic 5.1
RightClick
Seagate*DiscWizard
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
SkinStudio 6 Professional
SkinStudio Professional
Sound Blaster Audigy
SoundPackager
Space Rangers 2
Space Rangers 2: Reboot
SpaceForce Rogue Universe
SPBBC 32bit
SpellForce
Spellforce 2 - Dragon Storm
SpellForce 2 - Shadow Wars
SpellForce 2 Update v1.02
Spelling Dictionaries Support For Adobe Reader 9
SPORE™
Stardock Virtual Desktops
Starscape
Steam
System Requirements Lab
Tab LaunchPad
The Witcher: Enhanced Edition
Theme Manager
Three thrixx Games v32
Universe at War Earth Assault
Universe at War Earth Assault
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Vampire - The Masquerade Bloodlines
Vuze
WildTangent Games
WinCustomize Browser
WindowBlinds 6
WindowFX
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Mail Advisor

**Shaba** · 2008-10-27, 17:47

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Vuze

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.

**Necroelf** · 2008-10-27, 17:55

Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
AppCore
Apple Software Update
AT&T Yahoo! Applications
AV
BootSkin
Born of Blood
ccCommon
Component Tray
Creative EAX Console
Creative MediaSource
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
DarkCrusade
Data Lifeguard Tools
Dawn of War - Soulstorm
Desktop Gadgets
DesktopX
Download Manager 2.3.6
EA Download Manager
Galactic Civilizations II
GalCiv II - Dark Avatar
GalCiv II - Twilight of the Arnor
getPlus(R) for Adobe
Ground Control
Ground Control II
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
HP Deskjet 3900 series
HP Extended Capabilities 5.0
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
IconDeveloper
IconPackager 4
IconX
Impulse
Impulse
Keyboard Launchpad
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech GamePanel Software 2.02
Logitech Gaming Software 5.02
LogonStudio
MagicTune Premium
Mercenaries 2: World in Flames(tm)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Natural Color Pro
neroxml
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
NVIDIA Drivers
NVIDIA PhysX v8.04.25
NVIDIA WDM Drivers
Object Desktop Documentation
Object Desktop Launchpad
ObjectBar
ObjectDock Plus
OceanDive 1.2
PowerISO
Pure
QuickTime
Registry Mechanic 5.1
RightClick
Seagate*DiscWizard
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
SkinStudio 6 Professional
SkinStudio Professional
Sound Blaster Audigy
SoundPackager
Space Rangers 2
Space Rangers 2: Reboot
SpaceForce Rogue Universe
SPBBC 32bit
SpellForce
Spellforce 2 - Dragon Storm
SpellForce 2 - Shadow Wars
SpellForce 2 Update v1.02
Spelling Dictionaries Support For Adobe Reader 9
SPORE™
Stardock Virtual Desktops
Starscape
Steam
System Requirements Lab
Tab LaunchPad
The Witcher: Enhanced Edition
Theme Manager
Three thrixx Games v32
Universe at War Earth Assault
Universe at War Earth Assault
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Vampire - The Masquerade Bloodlines
WildTangent Games
WinCustomize Browser
WindowBlinds 6
WindowFX
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Mail Advisor

**Shaba** · 2008-10-27, 18:51

Open notepad and copy/paste the text in the codebox below into it:

Code:

File::
C:\vwnskbot.dll
C:\qnflkotm.dll
C:\Documents and Settings\Necro\rundll32.exe

Folder::
C:\Program Files\Vuze
C:\Documents and Settings\Necro\Application Data\Azureus

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qnflkotm"=-

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Thread: Please help with zlob Virus I think it was called

Thread Tools

Display

Please help with zlob Virus I think it was called

Sorry it took so long

this is the only combofix I see so I hope it's the right one :)

Save List Fle From HijackThis

It's unistalled

Posting Permissions