need help

[aslan442]

hi

ComboFix 07-10-02.2 - mxs10 2007-10-04 0:12:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1455 [GMT 1:00]
Running from: C:\Documents and Settings\mxs10\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\mxs10\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\rtvwa.ini2
C:\WINDOWS\system32\rtvwa.bak2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Ankmjnik
C:\Program Files\lgnklyzs
C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.ini2

.
((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 )))))))))))))))))))))))))))))))
.

2007-10-03 17:13 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2007-10-03 17:13 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2007-10-03 17:13 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-10-03 17:13 10,624 --a------ C:\WINDOWS\system32\dllcache\gameenum.sys
2007-10-03 17:12 73,728 --------- C:\WINDOWS\system\CMedia.dll
2007-10-03 17:12 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2007-10-03 17:12 4,639 --a------ C:\WINDOWS\system32\dllcache\mplayer2.exe
2007-10-03 17:12 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2007-10-03 17:12 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2007-10-03 17:12 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2007-10-03 17:12 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2007-10-03 17:12 <DIR> d-------- C:\Program Files\PCI Audio Applications
2007-10-03 17:11 <DIR> d-------- C:\Program Files\C-Media
2007-10-02 03:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 23:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-01 23:25 <DIR> d-------- C:\Documents and Settings\mxs10\Application Data\SUPERAntiSpyware.com
2007-10-01 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-01 22:11 58 --a------ C:\WINDOWS\sysdat.dll
2007-10-01 22:07 65,536 -ra------ C:\WINDOWS\ctdrvins.exe
2007-10-01 22:07 49,152 -ra------ C:\WINDOWS\system32\wcpin.dll
2007-10-01 22:07 45,056 -ra------ C:\WINDOWS\system32\wcvfw.dll
2007-10-01 22:07 200,968 -ra------ C:\WINDOWS\vfwupd.exe
2007-10-01 22:07 <DIR> d-------- C:\WINDOWS\OvtCam
2007-10-01 22:05 135,680 --a------ C:\WINDOWS\Webdelc.exe
2007-10-01 22:04 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2007-10-01 22:04 <DIR> d-------- C:\Program Files\Creative
2007-10-01 21:36 <DIR> d-------- C:\Program Files\Multimedia Combo Set
2007-09-30 08:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-30 04:29 <DIR> d-------- C:\Program Files\Nero
2007-09-30 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-30 04:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-09-27 14:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-27 13:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-27 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-25 22:54 <DIR> d-------- C:\Program Files\iTunes
2007-09-25 22:54 <DIR> d-------- C:\Program Files\iPod
2007-09-23 12:34 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-09-23 12:34 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-09-20 19:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-20 18:32 <DIR> d-------- C:\Program Files\CCleaner
2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-16 13:57 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-09-16 11:12 23 --a------ C:\WINDOWS\popcinfot.dat
2007-09-15 04:04 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-09-14 15:44 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-09-14 15:43 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-14 15:36 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-09-14 15:34 <DIR> d-------- C:\Program Files\SpywareDetector
2007-09-13 22:49 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-09-13 21:45 <DIR> d-------- C:\Documents and Settings\mxs10\Application Data\Sunbelt Software
2007-09-13 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-09-13 21:44 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-09-09 06:41 <DIR> d-------- C:\RCT3
2007-09-09 06:37 <DIR> d-------- C:\Documents and Settings\mxs10\Application Data\GetRightToGo
2007-09-09 06:25 <DIR> d-------- C:\Program Files\Atari
2007-09-09 05:18 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-09-09 05:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-09 05:18 <DIR> d-------- C:\Program Files\AGEIA Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 00:03 --------- d-------- C:\Program Files\Lx_cats
2007-10-03 21:57 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 21:57 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 21:57 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 21:57 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 21:57 --------- d-------- C:\Program Files\Symantec
2007-10-03 20:04 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-03 16:05 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-03 01:01 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-01 21:36 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-30 04:43 --------- d-------- C:\Program Files\Steam
2007-09-30 04:35 --------- d-------- C:\Program Files\Common Files\Ahead
2007-09-29 15:07 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-25 22:41 --------- d-------- C:\Program Files\Apple Software Update
2007-09-25 18:55 --------- d-------- C:\Program Files\Norton 360
2007-09-24 19:18 --------- d-------- C:\Program Files\The All-Seeing Eye
2007-09-19 06:26 --------- d-------- C:\Program Files\AOL Games
2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-17 16:30 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-17 16:30 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-09-09 15:26 --------- d-------- C:\Documents and Settings\mxs10\Application Data\Bioshock
2007-09-09 05:19 --------- d-------- C:\Program Files\Electronic Arts
2007-08-27 11:26 27120 --a------ C:\WINDOWS\system32\SBBD.exe
2007-08-25 15:42 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-25 15:35 --------- d-------- C:\Program Files\2K Games
2007-08-21 14:07 --------- d-------- C:\Documents and Settings\mxs10\Application Data\Google
2007-08-20 21:23 --------- d-------- C:\Program Files\Google
2007-08-20 21:23 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-08-20 13:02 --------- d-------- C:\Program Files\Sierra
2007-08-20 11:22 --------- d-------- C:\Program Files\Prey
2007-08-20 11:10 --------- d-------- C:\Program Files\Lexmark 4300 Series
2007-08-20 08:17 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-08-18 23:24 --------- d-------- C:\Documents and Settings\mxs10\Application Data\Ahead
2007-08-18 12:36 --------- d-------- C:\Documents and Settings\mxs10\Application Data\Petroglyph
2007-08-18 12:31 --------- d-------- C:\Program Files\LucasArts
2007-08-17 14:20 --------- d-------- C:\Program Files\THQ
2007-08-16 23:28 --------- d-------- C:\Program Files\MSN Messenger
2007-08-16 20:55 --------- d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-08-16 20:52 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-16 20:51 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-08-16 20:19 --------- d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-08-16 18:46 --------- d-------- C:\Program Files\Yahoo!
2007-08-16 09:13 --------- d-------- C:\Program Files\EA Games
2007-08-16 08:32 --------- d-------- C:\Program Files\NovaLogic
2007-08-14 22:17 --------- d-------- C:\Program Files\Zylom Games
2007-08-14 21:24 --------- d-------- C:\Program Files\Codemasters
2007-08-14 21:12 --------- d-------- C:\Program Files\Red Storm Entertainment
2007-08-14 20:51 --------- d-------- C:\Program Files\MSXML 4.0
2007-08-14 20:50 --------- d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-08-13 15:02 --------- d-------- C:\Program Files\Activision
2007-08-12 08:03 --------- d-------- C:\Documents and Settings\mxs10\Application Data\VideoEgg
2007-08-10 16:31 --------- d-------- C:\Program Files\Lexmark Fax Solutions
2007-08-08 20:46 --------- d-------- C:\Documents and Settings\mxs10\Application Data\Zylom
2007-08-08 20:46 --------- d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2007-08-08 11:24 --------- d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2007-08-07 13:22 --------- d-------- C:\Documents and Settings\mxs10\Application Data\MSNInstaller
2007-08-05 09:12 --------- d-------- C:\Documents and Settings\mxs10\Application Data\ATI
2007-08-05 09:12 --------- d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-08-05 09:09 --------- d-------- C:\Program Files\ATI Technologies
2007-08-05 08:52 --------- d-------- C:\Program Files\SystemRequirementsLab
2007-08-05 08:52 --------- d-------- C:\Documents and Settings\mxs10\Application Data\SystemRequirementsLab
2007-08-04 18:53 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-04 18:17 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-04 18:17 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-08-04 18:15 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-08-04 18:06 --------- d-------- C:\Documents and Settings\mxs10\Application Data\Skype
2007-08-04 16:44 --------- d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-08-03 15:38 --------- dr-h----- C:\Documents and Settings\mxs10\Application Data\SecuROM
2007-08-03 15:26 --------- d-------- C:\Program Files\Ubisoft
2007-08-03 15:26 --------- d-------- C:\Documents and Settings\mxs10\Application Data\InstallShield
2007-08-03 15:21 --------- d-------- C:\Program Files\7-Zip
2007-08-03 12:17 --------- d-------- C:\Program Files\Microsoft Works
2007-08-03 12:16 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-03 12:16 --------- d-------- C:\Program Files\Microsoft.NET
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 12:21 186256 --a------ C:\WINDOWS\system32\SymNPPWA.dll
2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-02_14.26.24.35 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 712,704 2001-11-23 04:08:20 C:\WINDOWS\AUDIO3D.DLL
----a-w 23,041 2003-04-03 10:37:32 C:\WINDOWS\cmaudio.dat
----a-w 377,358 2002-11-18 07:51:40 C:\WINDOWS\cmaudio.sys
----a-w 3,360 2002-06-24 07:46:58 C:\WINDOWS\cmiainfo.sys
----a-w 39,279 2003-03-28 06:19:12 C:\WINDOWS\cmijack.dat
----a-w 32,768 2002-10-09 01:38:24 C:\WINDOWS\CMNPROP.DLL
----a-w 135,168 2002-07-11 04:13:26 C:\WINDOWS\cmuninst.dat
----a-w 139,264 2002-07-11 03:24:50 C:\WINDOWS\cmuninst.exe
----a-w 765,952 2000-10-20 10:28:00 C:\WINDOWS\CRLDS3D.DLL
----a-w 1,855,488 2003-03-20 06:21:00 C:\WINDOWS\mixer.exe
----a-w 765,952 2000-10-20 10:28:00 C:\WINDOWS\system\crlds3d.dll
----a-w 712,704 2001-11-23 04:08:20 C:\WINDOWS\system32\a3d.dll
----a-w 712,704 2001-11-23 04:08:20 C:\WINDOWS\system32\Audio3D.dll
----a-w 32,768 2002-10-09 01:38:24 C:\WINDOWS\system32\cmnprop.dll
----a-w 259,264 1998-08-27 01:22:04 C:\WINDOWS\system32\DXTCR.DLL
----a-w 719,120 1998-08-27 03:51:30 C:\WINDOWS\system32\DXTLIPI.DLL
----a-w 346,896 1998-08-27 03:51:36 C:\WINDOWS\system32\DXTMETA.DLL
----a-w 268,048 1998-08-27 03:51:42 C:\WINDOWS\system32\DXTMETA2.DLL
----a-w 181,520 1998-08-27 03:51:46 C:\WINDOWS\system32\DXTMSFTP.DLL
----a-w 169,744 1998-08-27 03:51:50 C:\WINDOWS\system32\DXTSQFX.DLL
----a-w 738,008 1998-08-21 13:51:32 C:\WINDOWS\system32\METASTR.DLL
----a-w 712,704 2001-11-23 04:08:20 C:\WINDOWS\system32\dllcache\a3d.dll
----a-w 377,358 2002-11-18 07:51:40 C:\WINDOWS\system32\drivers\cmaudio.sys
.
.

 

[aslan442]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 00:47]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-28 00:47]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 14:00 C:\WINDOWS\system32\bthprops.cpl]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"HostManager"="C:\Program Files\Common Files\AOL\1186247821\ee\AOLSoftware.exe" [2006-04-13 21:36]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 13:46]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-15 18:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 15:38]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2004-07-01 09:40]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [1999-10-11 02:01]
"C-Media Mixer"="Mixer.exe" [2003-03-20 07:21 C:\WINDOWS\mixer.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 21:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-20 21:23:15]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-20 21:23:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
S0 FGXSCSI;FGXSCSI;C:\WINDOWS\system32\DRIVERS\fgxscsi.sys
S0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
S3 cdrmkaun;cdrmkaun;\??\C:\DOCUME~1\mxs10\LOCALS~1\Temp\cdrmkaun.sys
S3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21;C:\WINDOWS\system32\DRIVERS\xusb21.sys
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-09-25 21:41:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-03 23:04:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 00:14:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-04 0:15:32
C:\ComboFix-quarantined-files.txt ... 2007-10-04 00:15
C:\ComboFix2.txt ... 2007-10-03 04:29
C:\ComboFix3.txt ... 2007-10-02 14:28
.
--- E O F ---

 

[aslan442]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 03, 2007 10:10:27 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 3/10/2007
Kaspersky Anti-Virus database records: 426564
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 415774
Number of viruses found: 3
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 04:51:38

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-09092003-205703.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\BB3EB699.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C04518FE.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\mxs10\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\mxs10\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\mxs10\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\mxs10\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\mxs10\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\mxs10\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\mxs10\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{2321957D-69AB-47C8-B518-A7D1A6815A5A} Object is locked skipped
C:\Documents and Settings\mxs10\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\mxs10\Local Settings\History\History.IE5\MSHist012007100320071004\index.dat Object is locked skipped
C:\Documents and Settings\mxs10\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\mxs10\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\mxs10\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\mxs10\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\qoobox\Quarantine\C\divuqpw.exe.vir/EXE-file Infected: Trojan-Spy.Win32.Agent.ir skipped
C:\qoobox\Quarantine\C\divuqpw.exe.vir Embedded EXE: infected - 1 skipped
C:\qoobox\Quarantine\C\divuqpw.exe.vir UPX: infected - 1 skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\RACLE~1\nѕlookup.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\qoobox\Quarantine\C\Program Files\setup.exe.vir/data0007 Infected: Trojan-Downloader.Win32.Zlob.ckl skipped
C:\qoobox\Quarantine\C\Program Files\setup.exe.vir NSIS: infected - 1 skipped
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP2\A0000010.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP4\A0000100.exe/EXE-file Infected: Trojan-Spy.Win32.Agent.ir skipped
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP4\A0000100.exe Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP4\A0000100.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP4\A0000101.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.ckl skipped
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP4\A0000101.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{F8142CB4-51E0-4E88-A43D-0ADE85F69AD1}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\JET590C.tmp Object is locked skipped
C:\WINDOWS\TEMP\JET5989.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

[steamwiz]

Hi

nearly there ...

Please go here :- C:\qoobox ... this is the quarantine folder for Combofix, & the KASPERSKY ONLINE SCANNER is finding entries in there ... they are no problem, but you can delete the folder ... so right click on qoobox and select delete ... then empty your recycle bin ...

The other entries KASPERSKY is finding are in your system restore folder, so now that the rest of your computer is clean, we'll purge system restore...

This will clear all your infected restore points...

Turn off (Disable) System Restore in XP :-

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

Then...

Turn on (enable) System Restore :-

Follow the same procedure, but this time uncheck Turn off System Restore

if you have any problem with this... here's a link to instructions :-


Disabling or enabling Windows XP System Restore >

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

-
Now run another KASPERSKY scan (it should be the last one you need to do)

& this time it should say :-

Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0

steam

 

[aslan442]

thank you

Hi thank you so much for the time you have spent helping me, its been very much appercaited
here is the last scan

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 05, 2007 5:00:14 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 5/10/2007
Kaspersky Anti-Virus database records: 427437
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 416965
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 04:54:07

 

[steamwiz]

HI

Excellent... you're very welcome...

If your problems are now resolved...

Happy surfing

steam