Loaded with them

[JohnnyJon]

i did succeed in uninstallingl spybot, i then proceeded with hijackthis, checked the boxes after doing a system scan only, and clicked on "fix checked", i then proceeded by trying to install the mbam-setup.exe, but AGAIN the installing setup does not want to start, i see the hourglass icon again for 4 seconds,and then it disappears, nothing happens, waited 5-6 minutes,still nothing opened

I checked if it was among the running processes, and it was,but not action were detected.

I did howerer produced another HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:56, on 2008-11-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\HPAware.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Documents and Settings\Jonathan\Desktop\mbam-setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://http://proxy.umontreal.ca:443/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe
O4 - HKLM\..\Run: [bofameneki] Rundll32.exe "C:\WINDOWS\system32\wilawibe.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [bofameneki] Rundll32.exe "C:\WINDOWS\system32\wilawibe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bofameneki] Rundll32.exe "C:\WINDOWS\system32\wilawibe.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...9/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://johnnyjonpuc.spaces.msn.com//...d/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\bokiluve.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10680 bytes

[ken545]

Hi,

Did you try running Malwarebytes in Safemode?? If not try it please


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

[JohnnyJon]

i was decided last night on ending this,so i stayed up till 6 am (eastern timezone) and i am already up,left the cpu running. I succeeded in starting mbam setup and installing and also combofix by renaming them both.

here are the copies of the transcripts of the freshly produced logs:

Combofix:

ComboFix 08-11-26.05 - Jonathan 2008-11-27 3:11:58.1 - NTFSx86
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\IE4 Error Log.txt
c:\windows\k.txt
c:\windows\SysNotifier.exe
c:\windows\system32\~.exe
c:\windows\system32\av.dat
c:\windows\system32\bokiluve.dll
c:\windows\system32\crldiiuc.ini
c:\windows\system32\cuiidlrc.dll
c:\windows\system32\ddcCUkkk.dll
c:\windows\system32\dopkfs.dll
c:\windows\system32\doqyjn.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\TDSSpxst.sys
c:\windows\system32\geBqNDSj.dll
c:\windows\system32\getfn32.dll
c:\windows\system32\hoyvxj.dll
c:\windows\system32\hrnpauyh.dll
c:\windows\system32\hyuapnrh.ini
c:\windows\system32\jylttrpn.dll
c:\windows\system32\kbtglm.dll
c:\windows\system32\kkkUCcdd.ini
c:\windows\system32\kkkUCcdd.ini2
c:\windows\system32\mcrh.tmp
c:\windows\system32\mlJYopqP.dll
c:\windows\system32\mpqss.bak1
c:\windows\system32\mpqss.bak2
c:\windows\system32\mpqss.ini
c:\windows\system32\nbvlonbb.dll
c:\windows\system32\odkkakek.dll
c:\windows\system32\ovastfsf.dll
c:\windows\system32\packet.dll
c:\windows\system32\pxeeqaul.ini
c:\windows\system32\relakiva.dll
c:\windows\system32\rnvffg.dll
c:\windows\system32\smwin32.dll
c:\windows\system32\TDSSarxx.dll
c:\windows\system32\TDSSdxcp.dll
c:\windows\system32\TDSSkkao.log
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnvuo.dll
c:\windows\system32\TDSSoitt.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvoqm.dll
c:\windows\system32\TDSSxhyf.log
c:\windows\system32\tkxstipi.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\ycdbjroc.dll
c:\windows\Tasks\wudtxogp.job

----- BITS: Possible infected sites -----

hxxp://www.spiralfrog.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.

2008-11-27 02:47 . 2008-11-27 02:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-27 02:47 . 2008-11-27 02:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-27 02:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-27 02:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 02:32 . 2008-11-27 02:32 <DIR> d-------- c:\documents and settings\Administrator
2008-11-27 01:44 . 2008-11-27 01:44 299,008 --a------ c:\windows\system32\dllcache\winlz.dll
2008-11-26 13:57 . 2008-11-26 13:57 2,351,283 --a------ C:\mbam-setup.rar
2008-11-23 20:02 . 2008-11-23 20:56 <DIR> d-------- C:\SmitfraudFix
2008-11-23 20:02 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-23 20:02 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-23 20:02 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-23 20:02 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-23 20:02 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-23 20:02 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-23 20:02 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-23 20:02 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-23 20:02 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-23 20:02 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-23 19:46 . 2008-11-23 19:47 1,581,247 --a------ C:\SmitfraudFix.exe
2008-11-23 19:24 . 2008-11-23 19:25 1,734 --a------ C:\HJTInstaller.lnk
2008-11-23 19:23 . 2008-11-23 19:23 <DIR> d-------- c:\program files\Trend Micro
2008-11-23 19:04 . 2008-11-23 19:06 2,372,472 --a------ C:\mbam-setup.exe.exe
2008-11-23 18:56 . 2008-11-23 18:56 812,344 --a------ C:\HijackThis.exe
2008-11-23 17:48 . 2008-11-23 17:48 <DIR> d-------- c:\program files\FileASSASSIN
2008-11-22 21:58 . 2008-11-22 21:58 955 --a------ C:\Spybot - Search & Destroy (for blind users).lnk
2008-11-22 21:50 . 2008-11-22 21:55 14,968,808 --a------ C:\spybotsd160.exe
2008-11-22 21:49 . 2008-11-22 21:49 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-22 21:49 . 2008-11-22 21:49 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-22 21:49 . 2008-11-22 21:49 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-22 21:49 . 2008-11-22 21:49 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-22 19:05 . 2008-11-22 19:05 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-11-22 19:05 . 2008-11-14 11:58 23,096 --a------ c:\windows\system32\drivers\SndTAudio.sys
2008-11-22 19:05 . 2008-11-14 11:58 3,768 --a------ c:\windows\system32\drivers\SndTVideo.sys
2008-11-22 18:17 . 2008-11-23 19:01 <DIR> d-------- c:\program files\Power MP3 WMA Converter
2008-11-22 18:16 . 2008-11-22 18:16 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-22 18:16 . 2008-11-22 18:16 <DIR> d-------- c:\program files\Ahead
2008-11-22 18:16 . 2004-03-22 16:59 1,798,144 --------- c:\windows\UnWMPBurn.exe
2008-11-22 18:16 . 2004-03-23 13:43 33,951 --------- c:\windows\UnWMPBurn.cfg
2008-11-22 02:44 . 2008-11-22 02:44 <DIR> d-------- c:\windows\system32\Logs
2008-11-22 02:44 . 2008-11-22 03:03 <DIR> d-------- c:\documents and settings\Jonathan\Application Data\tunebite
2008-11-22 00:32 . 2008-11-22 00:32 <DIR> d-------- c:\program files\RapidSolution
2008-11-22 00:32 . 2008-11-22 01:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\RapidSolution
2008-11-21 23:58 . 2008-11-21 23:58 2 --a------ c:\windows\system32\RICHTX.DEP
2008-11-21 23:57 . 2008-11-22 00:02 <DIR> d-------- c:\program files\MP3 WAV Converter
2008-11-12 00:30 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 00:29 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 16:19 . 2008-11-25 16:14 <DIR> d-------- c:\program files\SpiralFrog
2008-10-29 15:17 . 2007-02-16 10:31 227,328 --a------ c:\program files\mpTrim.exe
2008-10-29 15:11 . 2007-04-27 13:41 64,512 --a------ c:\program files\mp3val.exe
2008-10-29 15:03 . 2008-10-29 15:03 <DIR> d-------- c:\program files\Aspect one
2008-10-29 15:02 . 2005-08-12 21:23 981,284 --a------ c:\program files\MP3RTSetup.exe
2008-10-29 15:00 . 2007-04-27 13:43 62,464 --a------ c:\program files\mp3val-frontend.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 08:28 200,704 ----a-w c:\windows\SysNotifier.exe
2008-11-26 19:20 38,906 ----a-w c:\documents and settings\Jonathan\Application Data\wklnhst.dat
2008-11-26 18:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-26 18:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-23 03:10 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2008-11-23 02:37 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-23 02:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 02:27 --------- d-----w c:\program files\eBay
2008-11-23 00:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 00:01 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity
2008-11-22 22:38 --------- d-----w c:\program files\LimeWire
2008-11-22 08:26 --------- d-----w c:\documents and settings\Jonathan\Application Data\Azureus
2008-11-15 06:14 --------- d-----w c:\program files\Dl_cats
2008-10-29 20:13 85 ----a-w c:\program files\mp3val-frontend.ini
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 23:34 --------- d-----w c:\program files\AviSynth 2.5
2008-10-21 23:33 --------- d-----w c:\program files\eRightSoft
2008-10-21 23:25 --------- d-----w c:\program files\lame3.98.2
2008-10-18 02:17 --------- d-----w c:\program files\Apple Software Update
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 08:24 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-02-20 05:29 76,112 ----a-w c:\documents and settings\Jonathan\Application Data\GDIPFONTCACHEV1.DAT
2007-05-24 16:25 57 ----a-w c:\program files\What's new.txt
2007-04-27 18:34 201 ----a-w c:\program files\changelog.frontend.txt
2007-04-27 18:28 9,945 ----a-w c:\program files\manual.html
2007-04-27 18:27 1,126 ----a-w c:\program files\changelog.core.txt
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sha-r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CAD29DF-1D6D-41A2-8C55-EAA2C7EDCDEB}]
2008-11-27 01:44 299008 --a------ c:\windows\system32\dllcache\winlz.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 3411968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"Motive SmartBridge"="c:\progra~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-10-22 393216]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-09 180269]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 245760]
"CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-10 41984]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"HP Update Assistant"="c:\windows\system32\HPAware.exe" [2008-05-06 187412]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-06-09 155648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2005-09-01 156784]
AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2005-09-01 250992]
Assistant Internet.lnk - c:\program files\NetAssistant\bin\matcli.exe [2005-09-23 217088]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlz]
2008-11-27 01:44 299008 c:\windows\system32\dllcache\winlz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\NetAssistant\\SmartBridge\\MotiveSB.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\WINDOWS\\system32\\services.exe"=
"c:\\WINDOWS\\system32\\fxssvc.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\McTskshd.exe"=

S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2008-11-22 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [2008-11-22 3768]
S3 SQTECH907B;EZCam(PID_907B_00);c:\windows\system32\Drivers\Capt907B.sys [2006-05-10 49963]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{921a073a-7695-11dc-ab1f-00038a000015}]
\Shell\AutoRun\command - E:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5668a08-4313-11dd-ad5a-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-27 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (JOHNNY_JON-Jonathan).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 17:18]

2008-11-27 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
.
- - - - ORPHANS REMOVED - - - -

BHO-{085B7C17-AA40-4E5F-9050-F66E81609E27} - c:\windows\system32\ddcCUkkk.dll
BHO-{5485ac49-5205-4658-866f-c250218936cc} - c:\windows\system32\relakiva.dll
BHO-{5909D70A-46D2-4CBE-91A6-6E63224990DB} - (no file)
BHO-{77D3C578-229D-4640-99FE-C12E5588FD6F} - (no file)
BHO-{8495DD20-CB51-46BE-9B63-CB2F76E45C96} - c:\windows\system32\dzhoil.dll
BHO-{8fb7436d-9322-4c7d-adc8-b638f4dfc8f6} - c:\windows\system32\kbtglm.dll
BHO-{E9681C1C-C1DF-4970-97BB-86C3E716AFA3} - c:\windows\system32\geBqNDSj.dll
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-bofameneki - c:\windows\system32\wilawibe.dll
HKLM-Run-StandardInstall - (no file)
ShellExecuteHooks-{E9681C1C-C1DF-4970-97BB-86C3E716AFA3} - c:\windows\system32\geBqNDSj.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\x3dcxjeu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 03:28:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\dllcache\winlz.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\program files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
.
**************************************************************************
.
Completion time: 2008-11-27 3:39:36 - machine was rebooted [Jonathan]
ComboFix-quarantined-files.txt 2008-11-27 08:39:27

Pre-Run: 13,451,456,512 bytes free
Post-Run: 13,415,940,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

335 --- E O F --- 2008-11-12 07:24:02








Latest HiJackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50, on 2008-11-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\HPAware.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://http://proxy.umontreal.ca:443/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...9/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10294 bytes




other logs i put that might not be relevent to analysis:

Quoobox Quarantined files

2008-11-22 01:12:20 A------- 59,904 C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJYopqP.dll.vir
2008-11-22 01:12:23 A------- 300 C:\Qoobox\Quarantine\C\WINDOWS\Tasks\wudtxogp.job.vir
2008-11-22 01:17:23 A------- 307,200 C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcCUkkk.dll.vir
2008-11-22 01:17:30 A------- 599,389 C:\Qoobox\Quarantine\C\WINDOWS\system32\kkkUCcdd.ini.vir
2008-11-22 01:19:00 A------- 120,832 C:\Qoobox\Quarantine\C\WINDOWS\system32\nbvlonbb.dll.vir
2008-11-22 01:19:02 A------- 120,832 C:\Qoobox\Quarantine\C\WINDOWS\system32\doqyjn.dll.vir
2008-11-22 01:34:48 A------- 88,704 C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
2008-11-22 01:34:48 A------- 240,240 C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2008-11-22 01:34:49 A------- 42,512 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2008-11-22 18:40:29 A------- 62,464 C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir
2008-11-22 22:09:49 A------- 120,832 C:\Qoobox\Quarantine\C\WINDOWS\system32\ycdbjroc.dll.vir
2008-11-22 22:09:53 A------- 120,832 C:\Qoobox\Quarantine\C\WINDOWS\system32\dopkfs.dll.vir
2008-11-22 22:11:32 A------- 75,776 C:\Qoobox\Quarantine\C\WINDOWS\system32\tkxstipi.dll.vir
2008-11-23 02:34:52 A------- 599,389 C:\Qoobox\Quarantine\C\WINDOWS\system32\kkkUCcdd.ini2.vir
2008-11-23 03:10:46 A------- 2,935 C:\Qoobox\Quarantine\C\WINDOWS\k.txt.vir
2008-11-23 17:24:07 A------- 60,416 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpxst.sys.vir
2008-11-23 17:24:18 A------- 35,840 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoitt.dll.vir
2008-11-23 17:24:48 A------- 527 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSmtve.dat.vir
2008-11-23 17:24:52 A------- 29,696 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSarxx.dll.vir
2008-11-23 17:24:54 A------- 31,232 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSvoqm.dll.vir
2008-11-23 17:24:56 A------- 73,728 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnvuo.dll.vir
2008-11-23 17:25:02 A------- 2,271 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSdxcp.dll.vir
2008-11-23 17:25:02 A------- 89,614 C:\Qoobox\Quarantine\C\WINDOWS\system32\av.dat.vir
2008-11-23 17:27:00 A------- 75,264 C:\Qoobox\Quarantine\C\WINDOWS\system32\cuiidlrc.dll.vir
2008-11-23 17:27:06 A------- 120 C:\Qoobox\Quarantine\C\WINDOWS\system32\crldiiuc.ini.vir
2008-11-23 17:29:55 A------- 120,320 C:\Qoobox\Quarantine\C\WINDOWS\system32\ovastfsf.dll.vir
2008-11-23 17:29:57 A------- 120,320 C:\Qoobox\Quarantine\C\WINDOWS\system32\hoyvxj.dll.vir
2008-11-23 17:30:10 A------- 14,848 C:\Qoobox\Quarantine\C\WINDOWS\system32\getfn32.dll.vir
2008-11-23 17:30:13 A------- 63,488 C:\Qoobox\Quarantine\C\WINDOWS\system32\smwin32.dll.vir
2008-11-23 17:30:24 A------- 4,446 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSkkao.log.vir
2008-11-27 01:43:52 A------- 120 C:\Qoobox\Quarantine\C\WINDOWS\system32\pxeeqaul.ini.vir
2008-11-27 01:46:48 A------- 120,832 C:\Qoobox\Quarantine\C\WINDOWS\system32\odkkakek.dll.vir
2008-11-27 01:46:49 A------- 120,832 C:\Qoobox\Quarantine\C\WINDOWS\system32\rnvffg.dll.vir
2008-11-27 01:55:46 A------- 120,832 C:\Qoobox\Quarantine\C\WINDOWS\system32\jylttrpn.dll.vir
2008-11-27 01:55:47 A------- 120,832 C:\Qoobox\Quarantine\C\WINDOWS\system32\kbtglm.dll.vir
2008-11-27 01:55:48 A------- 75,776 C:\Qoobox\Quarantine\C\WINDOWS\system32\hrnpauyh.dll.vir
2008-11-27 01:55:49 A------- 120 C:\Qoobox\Quarantine\C\WINDOWS\system32\hyuapnrh.ini.vir
2008-11-27 02:45:47 A------- 162 C:\Qoobox\Quarantine\catchme.log
2008-11-27 03:05:40 A------- 1,123 C:\Qoobox\Quarantine\Registry_backups\Service_TDSSSERV.SYS.reg.dat
2008-11-27 03:17:27 A------- 7,813 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-11-27 03:19:00 A------- 2,036 C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2008-11-27 03:28:25 A------- 200,704 C:\Qoobox\Quarantine\C\WINDOWS\SysNotifier.exe.vir
2008-11-27 03:37:47 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-11-27 03:37:47 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-11-27 03:37:47 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-11-27 03:37:50 A------- 374 C:\Qoobox\Quarantine\Registry_backups\BHO-{085B7C17-AA40-4E5F-9050-F66E81609E27}.reg.dat
2008-11-27 03:37:52 A------- 374 C:\Qoobox\Quarantine\Registry_backups\BHO-{5485ac49-5205-4658-866f-c250218936cc}.reg.dat
2008-11-27 03:37:55 A------- 157 C:\Qoobox\Quarantine\Registry_backups\BHO-{5909D70A-46D2-4CBE-91A6-6E63224990DB}.reg.dat
2008-11-27 03:37:55 A------- 157 C:\Qoobox\Quarantine\Registry_backups\BHO-{77D3C578-229D-4640-99FE-C12E5588FD6F}.reg.dat
2008-11-27 03:37:56 A------- 785 C:\Qoobox\Quarantine\Registry_backups\BHO-{8495DD20-CB51-46BE-9B63-CB2F76E45C96}.reg.dat
2008-11-27 03:37:58 A------- 416 C:\Qoobox\Quarantine\Registry_backups\BHO-{8fb7436d-9322-4c7d-adc8-b638f4dfc8f6}.reg.dat
2008-11-27 03:37:59 A------- 374 C:\Qoobox\Quarantine\Registry_backups\BHO-{E9681C1C-C1DF-4970-97BB-86C3E716AFA3}.reg.dat
2008-11-27 03:38:04 A------- 245 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}.reg.dat
2008-11-27 03:38:10 A------- 151 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-bofameneki.reg.dat
2008-11-27 03:38:10 A------- 160 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NBKeyScan.reg.dat
2008-11-27 03:38:11 A------- 102 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-StandardInstall.reg.dat
2008-11-27 03:38:29 A------- 363 C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{E9681C1C-C1DF-4970-97BB-86C3E716AFA3}.reg.dat




Add-Remove Programs Log:



ABBYY FineReader 5.0 Sprint Plus
Acoustica Effects Pack
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
AOL (Choose which version to remove)
AOL Connectivity Services
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Archiveur WinRAR
ArcSoft PhotoImpression 5
Assistant Internet
Audacity 1.2.6
AutoUpdate
Azureus
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
Bloqueur de fenêtres pop-up (Windows Live Toolbar)
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Dell Driver Reset Tool
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support Center
Dell System Restore
DellSupport
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
Extension de Windows Live Toolbar (Windows Live Toolbar)
EZCam
FileASSASSIN
Google Video Player
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Installer Yahoo! Messenger
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
iPod for Windows 2006-03-23
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Last.fm 1.5.1.30182
Learn2 Player (Uninstall Only)
LimeWire 4.18.8
Live 6.0.1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Manuel d'utilisation de Creative WebCam Instant (Français)
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee VirusScan
Menus intelligents (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer Administration Kit 5
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Resource Kit
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.0.4)
MP3 Repair Tool v1.5.2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
muvee autoProducer 6.1
Nero Fast CD-Burning Plug-in
neroxml
OneCare Advisor (Windows Live Toolbar)
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
PowerDVD 5.5
QuickTime
RealPlayer
Roxio PhotoSuite 5
Safari
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shareaza version 2.2.5.0
Shockwave
SHOUTcast Source DSP 1.9.0 (remove only)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SonicStage 3.0
Sony Picture Utility
Sony USB Driver
SoulSeek 157 NS 13
SoulSeek Client 156c
SUPER © Version 2008.bld.33 (Sep 2, 2008)
UltraMixer 2.2.1
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VCRedistSetup
VeohTV BETA
VideoLAN VLC media player 0.8.4a
Viewpoint Media Player
Virtual DJ - Atomix Productions
WebCyberCoach 3.2 Dell
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Favorites pour Windows Live Toolbar
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Works Upgrade


The computer actually seems like its running normal, it feels like i've exorcised it, and hopefully it will stay out of harms way and there arent any leftovers, i dont know how many hours i've spent on this

[ken545]

You did very well but still a bit more to do.

Remove these with HJT

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://http://proxy.umontreal.ca:443/

O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe




Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

Code:

File::
C:\windows\system32\dllcache\winlz.dll
C:\WINDOWS\system32\HPAware.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CAD29DF-1D6D-41A2-8C55-EAA2C7EDCDEB}]

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

[JohnnyJon]

i did the last changes,here are the results

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:07, on 2008-11-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.umontreal.ca:443/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...9/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10734 bytes













Combofix Log:






ComboFix 08-11-26.05 - Jonathan 2008-11-28 16:25:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.184 [GMT -5:00]
Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe.exe
Command switches used :: c:\documents and settings\Jonathan\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system32\dllcache\winlz.dll
c:\windows\system32\HPAware.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\HPAware.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 03:42 . 2008-11-27 03:42 <DIR> d-------- c:\documents and settings\Jonathan\Application Data\Malwarebytes
2008-11-27 02:47 . 2008-11-27 02:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-27 02:47 . 2008-11-27 02:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-27 02:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-27 02:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 02:32 . 2008-11-27 02:32 <DIR> d-------- c:\documents and settings\Administrator
2008-11-23 20:02 . 2008-11-23 20:56 <DIR> d-------- C:\SmitfraudFix
2008-11-23 20:02 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-23 20:02 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-23 20:02 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-23 20:02 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-23 20:02 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-23 20:02 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-23 20:02 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-23 20:02 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-23 20:02 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-23 20:02 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-23 19:46 . 2008-11-23 19:47 1,581,247 --a------ C:\SmitfraudFix.exe
2008-11-23 19:24 . 2008-11-23 19:25 1,734 --a------ C:\HJTInstaller.lnk
2008-11-23 19:23 . 2008-11-23 19:23 <DIR> d-------- c:\program files\Trend Micro
2008-11-23 18:56 . 2008-11-23 18:56 812,344 --a------ C:\HijackThis.exe
2008-11-23 17:48 . 2008-11-23 17:48 <DIR> d-------- c:\program files\FileASSASSIN
2008-11-22 21:58 . 2008-11-22 21:58 955 --a------ C:\Spybot - Search & Destroy (for blind users).lnk
2008-11-22 21:49 . 2008-11-22 21:49 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-22 21:49 . 2008-11-22 21:49 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-22 21:49 . 2008-11-22 21:49 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-22 21:49 . 2008-11-22 21:49 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-22 19:05 . 2008-11-22 19:05 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-11-22 19:05 . 2008-11-14 11:58 23,096 --a------ c:\windows\system32\drivers\SndTAudio.sys
2008-11-22 19:05 . 2008-11-14 11:58 3,768 --a------ c:\windows\system32\drivers\SndTVideo.sys
2008-11-22 18:17 . 2008-11-23 19:01 <DIR> d-------- c:\program files\Power MP3 WMA Converter
2008-11-22 18:16 . 2008-11-22 18:16 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-22 18:16 . 2008-11-22 18:16 <DIR> d-------- c:\program files\Ahead
2008-11-22 18:16 . 2004-03-22 16:59 1,798,144 --------- c:\windows\UnWMPBurn.exe
2008-11-22 18:16 . 2004-03-23 13:43 33,951 --------- c:\windows\UnWMPBurn.cfg
2008-11-22 02:44 . 2008-11-22 02:44 <DIR> d-------- c:\windows\system32\Logs
2008-11-22 00:32 . 2008-11-22 00:32 <DIR> d-------- c:\program files\RapidSolution
2008-11-22 00:32 . 2008-11-22 01:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\RapidSolution
2008-11-21 23:58 . 2008-11-21 23:58 2 --a------ c:\windows\system32\RICHTX.DEP
2008-11-21 23:57 . 2008-11-22 00:02 <DIR> d-------- c:\program files\MP3 WAV Converter
2008-11-12 00:30 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 00:29 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 16:19 . 2008-11-25 16:14 <DIR> d-------- c:\program files\SpiralFrog
2008-10-29 15:17 . 2007-02-16 10:31 227,328 --a------ c:\program files\mpTrim.exe
2008-10-29 15:11 . 2007-04-27 13:41 64,512 --a------ c:\program files\mp3val.exe
2008-10-29 15:03 . 2008-10-29 15:03 <DIR> d-------- c:\program files\Aspect one
2008-10-29 15:02 . 2005-08-12 21:23 981,284 --a------ c:\program files\MP3RTSetup.exe
2008-10-29 15:00 . 2007-04-27 13:43 62,464 --a------ c:\program files\mp3val-frontend.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 21:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-28 20:43 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-27 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2008-11-26 19:20 38,906 ----a-w c:\documents and settings\Jonathan\Application Data\wklnhst.dat
2008-11-23 02:37 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-23 02:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 02:27 --------- d-----w c:\program files\eBay
2008-11-23 00:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 00:01 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity
2008-11-22 22:38 --------- d-----w c:\program files\LimeWire
2008-11-22 08:26 --------- d-----w c:\documents and settings\Jonathan\Application Data\Azureus
2008-11-15 06:14 --------- d-----w c:\program files\Dl_cats
2008-10-29 20:13 85 ----a-w c:\program files\mp3val-frontend.ini
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 23:34 --------- d-----w c:\program files\AviSynth 2.5
2008-10-21 23:33 --------- d-----w c:\program files\eRightSoft
2008-10-21 23:25 --------- d-----w c:\program files\lame3.98.2
2008-10-18 02:17 --------- d-----w c:\program files\Apple Software Update
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-02-20 05:29 76,112 ----a-w c:\documents and settings\Jonathan\Application Data\GDIPFONTCACHEV1.DAT
2007-05-24 16:25 57 ----a-w c:\program files\What's new.txt
2007-04-27 18:34 201 ----a-w c:\program files\changelog.frontend.txt
2007-04-27 18:28 9,945 ----a-w c:\program files\manual.html
2007-04-27 18:27 1,126 ----a-w c:\program files\changelog.core.txt
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sha-r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 3411968]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"Motive SmartBridge"="c:\progra~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-10-22 393216]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-09 180269]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 245760]
"CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-10 41984]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-06-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\NetAssistant\\SmartBridge\\MotiveSB.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\WINDOWS\\system32\\services.exe"=
"c:\\WINDOWS\\system32\\fxssvc.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\McTskshd.exe"=

S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2008-11-22 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [2008-11-22 3768]
S3 SQTECH907B;EZCam(PID_907B_00);c:\windows\system32\Drivers\Capt907B.sys [2006-05-10 49963]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{921a073a-7695-11dc-ab1f-00038a000015}]
\Shell\AutoRun\command - E:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5668a08-4313-11dd-ad5a-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-28 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (JOHNNY_JON-Jonathan).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 17:18]

2008-11-28 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 16:30:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-28 16:34:32
ComboFix-quarantined-files.txt 2008-11-28 21:33:20
ComboFix2.txt 2008-11-27 08:39:43

Pre-Run: 13,157,015,552 bytes free
Post-Run: 13,145,182,208 bytes free

218 --- E O F --- 2008-11-12 07:24:02

[ken545]

Looking good

You had or still have these two programs installed.

Soulseek
LimeWire

P2P (File Sharing Programs) have become the latest avenue of attack by malware writers . Read this please. I would strongly urge you to stay away from any programs like these

We have noticed that many people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we changed our malware forum's policy on the use of P2P file sharing programs.

• If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
• If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programs, volunteer analysts will refuse their help.

We do not ask you to do this without reason.


P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realize. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

This article from InfoWorld illustrates the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Please download ATF Cleaner by Atribune to your desktop.

• This program is for XP and Windows 2000 only
• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

• Your Java is out of date and leaving your system vulnerable.
• Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
• It should have an icon next to it:
  
  Select it and click Remove.
• Reboot your system.
• Then go to the Sun Microsystems and install the update
• Java SE Runtime Environment (JRE) 6 Update 10 <--This is what you need to download and install.
• If you chose the online installation, it will prompt you to run the program.
• If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
• Then after install you can verify your installation here Sun Java Verify

I like to to do the offline installation and save the setup file in case I may need it in the future


How are things running now???