Non-standard win32.wemon.sh

N

Narf the Mouse

New member
It has so far resisted removal by Spybot S&D. I have attempted removal with Avast, but Avast was unable to detect it. The information in the removal page (http://forums.spybot.info/showthread.php?p=378870) was insufficient; no such entry was found in the registry.
I have followed all of the instructions here (http://forums.spybot.info/showthread.php?t=288), save for disabling tea-timer. I did not have it enabled in the first place, because I have no idea what a valid or invalid change would look like, so it was useless for me.

DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by [Name] at 9:07:39.61 on 31/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.688 [GMT -7:00]

AV: avast! antivirus 4.8.1368 [VPS 100731-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ANIWConnService.exe
F:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\CollabNet\Subversion Server\svnserve.exe
F:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\MozyPro\mozyprobackup.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
F:\Program Files\iZ3D Driver\Win32\S3DCService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
F:\Program Files\VMWare\VMWare Player\vmware-authd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\RTHDCPL.EXE
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
F:\Program Files\VMWare\VMWare Player\hqtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\soffice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\MozyPro\mozyprostat.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Documents and Settings\[Name]\Desktop\Portable Apps\FirefoxPortable\FirefoxPortable.exe
C:\Documents and Settings\[Name]\Desktop\Portable Apps\FirefoxPortable\App\firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
Y:\MirandaPortable\MirandaPortable.exe
Y:\MirandaPortable\App\miranda\miranda32.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\[Name]\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SODCPreLoad] f:\program files\ibm\lotus\symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe c:\docume~1\[Name]\ibm\lotus\symphony\.sodc\
uRun: [Steam] "f:\program files\steam\steam.exe" -silent
uRun: [Control center.exe] f:\program files\iz3d driver\Control center.exe /silent
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless 150 USB Adapter DWA-125] c:\program files\d-link\dwa-125 reva\AirGCFG.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [VMware hqtray] "f:\program files\vmware\vmware player\hqtray.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\[Name]\startm~1\programs\startup\erunta~1.lnk - f:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\[Name]\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozypr~1.lnk - f:\program files\mozypro\mozyprostat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\softwa~1.lnk - c:\program files\common files\cloanto\software director\softdir.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll
LSP: f:\program files\vmware\vmware player\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\[Name]\applic~1\mozilla\firefox\profiles\ht5de6vl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\documents and settings\[Name]\application data\mozilla\firefox\profiles\ht5de6vl.default\extensions\gametap@gametap.com\plugins\npGameTapWebUpdater.dll
FF - plugin: c:\program files\gametap web player\bin\release\npGameTapWebPlayer.dll
FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: f:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: f:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-12 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-12 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-12 25160]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;f:\program files\iz3d driver\win32\S3DInjectionDriver.sys [2010-7-27 34968]
R1 mozyproFilter;mozyproFilter;c:\windows\system32\drivers\mozypro.sys [2010-2-5 54776]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 81688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-11-18 116560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-11-18 41424]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2010-4-27 147456]
R2 Apache2.2;Apache2.2;f:\program files\apache software foundation\apache2.2\bin\httpd.exe [2010-3-4 24645]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-12 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-12 138680]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-12 723632]
R2 CSVNsvnserve;CollabNet Subversion svnserve;f:\program files\collabnet\subversion server\svnserve.exe [2009-10-22 114780]
R2 mozyprobackup;MozyPro Backup Service;f:\program files\mozypro\mozyprobackup.exe [2010-1-4 78136]
R2 S3D Service (Win32);S3D Service (Win32);f:\program files\iz3d driver\win32\S3DCService.exe [2010-7-27 360960]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-5-21 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-5-20 539184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-12 352920]
R3 e2eVAWdm;e2eSoft VAudio;c:\windows\system32\drivers\VAud_WDM.sys [2010-5-27 48096]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [2008-11-3 27544]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-4-27 715520]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-11-18 95568]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-11-10 104016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2010-3-5 386784]
S3 catdrive;Catweasel Drive Driver;c:\windows\system32\drivers\catdri2k.sys [2010-5-19 6877]
S3 catjoyst;Catweasel joystick Driver;c:\windows\system32\drivers\catjoy2k.sys [2010-5-19 5520]
S3 catkeybd;Catweasel keyboard Driver;c:\windows\system32\drivers\catkey2k.sys [2010-5-19 9968]
S3 catweasl;Catweasel Driver;c:\windows\system32\drivers\Catwea2k.sys [2010-5-19 89839]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?]
S3 ProfileSharpServer;ProfileSharpServer;f:\program files\softprodigy\profilesharp enterprise edition v1.3\ProfileSharpServer.exe [2006-11-1 73728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2010-07-31 00:59:52 104 ----a-w- c:\windows\CORION2.INI
2010-07-28 14:59:12 0 d-----w- c:\docume~1\alluse~1\applic~1\tBGmcqRI
2010-07-28 13:58:33 0 d-----w- c:\docume~1\[Name]\applic~1\NVIDIA
2010-07-27 22:47:18 185344 ----a-w- c:\windows\system32\PCGW32.DLL
2010-07-27 21:05:37 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-27 21:05:34 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-27 21:05:34 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-27 21:05:34 0 ----a-w- c:\windows\system32\nvdrswr.lk
2010-07-27 20:40:32 0 d-----w- c:\windows\system32\NVIDIA Corporation
2010-07-27 20:31:01 0 d-----w- c:\docume~1\[Name]\applic~1\iZ3D Driver
2010-07-27 20:30:59 0 d-----w- c:\docume~1\alluse~1\applic~1\iZ3D Driver
2010-07-20 21:15:09 882 ----a-w- c:\documents and settings\[Name]\.recently-used.xbel
2010-07-13 21:53:27 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 23:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 23:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 23:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 23:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 23:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll

==================== Find3M ====================

2010-07-28 03:03:31 230736 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-07-07 20:46:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-13 00:29:01 51874 ----a-w- c:\windows\FdUninstall.exe
2010-05-27 02:01:14 20216 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-21 07:39:48 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-05-21 07:39:38 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-05-21 07:38:50 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-05-21 07:37:30 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-05-21 06:13:38 252464 ----a-w- c:\windows\system32\vmnc.dll
2010-05-21 04:19:20 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2005-04-01 05:17:42 40960 ----a-w- c:\program files\Uninstall_CDS.exe

============= FINISH: 9:08:50.20 ===============

I turned on TeaTimer because it occurred to me that knowing the program name that's trying to change a setting would at least tell me something.
 
Last edited by a moderator:
Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds logs (both dds.txt & attach.txt contents).

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
The ComboFix.txt:

ComboFix 10-08-04.04 - [Name] 04/08/2010 15:48:41.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1385 [GMT -7:00]
Running from: c:\documents and settings\[Name]\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100804-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
The following files were disabled during the run:
f:\program files\iZ3D Driver\Win32\S3DOGLInjector.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\[Name]\Application Data\inst.exe
c:\windows\system32\VB6KO.DLL
f:\program files\iZ3D Driver\Win32\S3DOGLInjector.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-01 05:05 . 2010-08-01 05:05 -------- d-----w- c:\documents and settings\[Name]\Application Data\Spacejock Software
2010-07-28 14:59 . 2010-07-28 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\tBGmcqRI
2010-07-28 13:58 . 2010-07-28 13:58 -------- d-----w- c:\documents and settings\[Name]\Application Data\NVIDIA
2010-07-27 22:47 . 2009-04-11 00:19 185344 ----a-w- c:\windows\system32\PCGW32.DLL
2010-07-27 21:05 . 2010-07-27 21:05 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-27 21:05 . 2010-07-27 21:05 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-27 21:05 . 2010-07-27 21:05 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-27 20:40 . 2010-07-27 20:40 -------- d-----w- c:\windows\system32\NVIDIA Corporation
2010-07-27 20:31 . 2010-07-27 20:31 -------- d-----w- c:\documents and settings\[Name]\Application Data\iZ3D Driver
2010-07-27 20:30 . 2010-07-27 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\iZ3D Driver
2010-07-13 21:53 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 23:24 . 2010-07-09 23:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 23:24 . 2010-07-09 23:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 23:24 . 2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:24 . 2010-07-09 23:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 23:24 . 2010-07-09 23:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 23:24 . 2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 22:56 . 2009-05-13 04:31 -------- d-----w- c:\program files\lg_fwupdate
2010-08-04 22:54 . 2010-05-27 03:21 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2010-08-04 22:54 . 2010-05-27 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-08-02 16:57 . 2009-05-20 23:39 1 ----a-w- c:\documents and settings\[Name]\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-01 14:21 . 2009-05-18 07:16 -------- d-----w- c:\program files\SpeedFan
2010-08-01 05:32 . 2009-06-04 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-28 14:57 . 2010-03-12 07:54 -------- d-----w- c:\documents and settings\[Name]\Application Data\uTorrent
2010-07-28 04:12 . 2009-05-14 02:35 -------- d-----w- c:\documents and settings\[Name]\Application Data\TrueCrypt
2010-07-28 03:03 . 2009-05-14 02:32 230736 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-07-27 21:06 . 2009-12-07 19:48 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-27 20:41 . 2010-04-13 16:19 1028064 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1659004503-220523388-725345543-1004-0.dat
2010-07-27 20:41 . 2010-04-13 16:19 138902 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2010-07-07 20:46 . 2009-05-12 23:16 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-24 01:29 . 2010-06-24 01:29 -------- d-----w- c:\documents and settings\[Name]\Application Data\Turbine
2010-06-23 22:32 . 2010-06-23 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-23 22:30 . 2010-06-23 22:30 -------- d-----w- c:\program files\Pando Networks
2010-06-20 06:34 . 2010-06-20 06:34 -------- d-----w- c:\documents and settings\[Name]\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2010-06-20 06:34 . 2010-06-20 06:34 -------- d-----w- c:\program files\GOG.com Downloader
2010-06-20 06:33 . 2009-05-17 02:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-20 06:33 . 2010-06-20 06:34 53632 ----a-w- c:\documents and settings\[Name]\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-14 14:31 . 2009-05-12 21:06 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 00:29 . 2010-06-13 00:29 51874 ----a-w- c:\windows\FdUninstall.exe
2010-06-05 08:08 . 2010-06-05 08:08 503808 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c591e4d-n\msvcp71.dll
2010-06-05 08:08 . 2010-06-05 08:08 499712 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c591e4d-n\jmc.dll
2010-06-05 08:08 . 2010-06-05 08:08 348160 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c591e4d-n\msvcr71.dll
2010-06-05 08:08 . 2010-06-05 08:08 61440 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-17cc954a-n\decora-sse.dll
2010-06-05 08:08 . 2010-06-05 08:08 12800 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-17cc954a-n\decora-d3d.dll
2010-06-02 07:53 . 2009-05-12 23:04 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-27 03:13 . 2010-05-27 03:13 921608 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\uninstall.exe
2010-05-27 03:10 . 2010-05-27 03:13 356352 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\module_ws.dll
2010-05-27 03:10 . 2010-05-27 03:13 581632 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\module_core.dll
2010-05-27 03:10 . 2010-05-27 03:13 968752 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\vnetlib64.dll
2010-05-27 03:10 . 2010-05-27 03:13 932400 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\vnetlib64.exe
2010-05-27 03:10 . 2010-05-27 03:13 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\vnetlib.dll
2010-05-27 03:10 . 2010-05-27 03:13 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\vminstutil.dll
2010-05-27 03:10 . 2010-05-27 03:13 707120 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\vnetlib.exe
2010-05-27 02:01 . 2009-10-23 04:10 20216 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-26 04:07 . 2009-11-25 03:22 164880 ---ha-w- c:\documents and settings\[Name]\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2010-05-23 15:14 . 2010-05-23 15:14 503808 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-59ce6679-n\msvcp71.dll
2010-05-23 15:14 . 2010-05-23 15:14 499712 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-59ce6679-n\jmc.dll
2010-05-23 15:14 . 2010-05-23 15:14 348160 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-59ce6679-n\msvcr71.dll
2010-05-21 07:40 . 2010-05-21 07:40 70704 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-05-21 07:40 . 2010-05-21 07:40 854064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-05-21 07:39 . 2010-05-21 07:39 14896 ----a-w- c:\windows\system32\drivers\vmparport.sys
2010-05-21 07:39 . 2010-05-27 03:13 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-05-21 07:39 . 2010-05-27 03:13 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-05-21 07:38 . 2010-05-27 03:12 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-05-21 07:38 . 2010-05-27 03:12 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-05-21 07:37 . 2010-05-21 07:37 32688 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-05-21 07:37 . 2010-05-21 07:37 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-05-21 07:37 . 2010-05-27 03:13 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-05-21 06:40 . 2010-05-21 06:40 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-05-21 06:13 . 2010-05-21 06:13 252464 ----a-w- c:\windows\system32\vmnc.dll
2010-05-21 04:19 . 2010-05-21 04:19 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-05-21 04:19 . 2010-05-21 04:19 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-05-21 04:19 . 2010-05-21 04:19 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-05-21 04:19 . 2010-05-21 04:19 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-05-17 22:46 . 2009-05-18 02:42 21760 ----a-w- c:\documents and settings\[Name]\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 20:02 . 2010-05-28 03:02 48096 ----a-w- c:\windows\system32\drivers\VAud_WDM.sys
2005-04-01 05:17 . 2009-05-13 04:23 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro]
@="{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}"
[HKEY_CLASSES_ROOT\CLSID\{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}]
2010-01-04 19:33 2848568 ----a-w- f:\program files\MozyPro\mozyproshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro2]
@="{CBAFE103-79DA-46ca-BD9A-63CBF6282882}"
[HKEY_CLASSES_ROOT\CLSID\{CBAFE103-79DA-46ca-BD9A-63CBF6282882}]
2010-01-04 19:33 2848568 ----a-w- f:\program files\MozyPro\mozyproshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro3]
@="{8B99EA55-1AFF-4539-80A0-A71C6011CD84}"
[HKEY_CLASSES_ROOT\CLSID\{8B99EA55-1AFF-4539-80A0-A71C6011CD84}]
2010-01-04 19:33 2848568 ----a-w- f:\program files\MozyPro\mozyproshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SODCPreLoad"="f:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe" [2010-01-19 40960]
"Steam"="f:\program files\steam\steam.exe" [2010-07-16 1238352]
"Control center.exe"="f:\program files\iZ3D Driver\Control center.exe" [2010-03-19 4547584]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-09 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-06-10 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless 150 USB Adapter DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-04-22 1683456]
"VMware hqtray"="f:\program files\VMWare\VMWare Player\hqtray.exe" [2010-05-21 64048]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-28 1800464]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\[Name]\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - f:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-12-2 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyPro Status.lnk - f:\program files\MozyPro\mozyprostat.exe [2010-1-4 2893624]
Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2009-7-29 288136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2007-08-31 00:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"f:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"f:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"f:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\[Name]\\My Documents\\Visual Studio 2008\\Projects\\ChatProgramTest\\ChatProgramTest\\bin\\Debug\\ChatProgramTest.vshost.exe"=
"f:\\Program Files\\JetBrains\\dotTrace 3.1\\JetBrains.dotTrace.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Sun\\VirtualBox\\VirtualBox.exe"=
"f:\\Program Files\\MicroProse Software\\Civilization II Multiplayer Gold Edition\\civ2.exe"=
"f:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"f:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.20090525-1200\\win32\\x86\\symphony.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\SlimTune Profiler\\SlimTuneUI.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\VMWare\\VMWare Player\\vmware-authd.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"f:\\Program Files\\Steam\\Steam.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"f:\\Program Files\\Steam\\steamapps\\narf_the_mouse\\half-life\\hl.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56322:TCP"= 56322:TCP:Pando Media Booster
"56322:UDP"= 56322:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/05/2009 3:55 PM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12/05/2009 4:01 PM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/05/2009 4:01 PM 25160]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;f:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [27/07/2010 3:47 PM 34968]
R1 mozyproFilter;mozyproFilter;c:\windows\system32\drivers\mozypro.sys [05/02/2010 10:54 AM 54776]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 9:08 AM 81688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [18/11/2009 5:16 PM 116560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [18/11/2009 5:16 PM 41424]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [27/04/2010 10:13 PM 147456]
R2 Apache2.2;Apache2.2;f:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [04/03/2010 11:27 AM 24645]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/05/2009 3:55 PM 20560]
R2 CSVNsvnserve;CollabNet Subversion svnserve;f:\program files\CollabNet\Subversion Server\svnserve.exe [22/10/2009 6:12 AM 114780]
R2 mozyprobackup;MozyPro Backup Service;f:\program files\MozyPro\mozyprobackup.exe [04/01/2010 12:33 PM 78136]
R2 S3D Service (Win32);S3D Service (Win32);f:\program files\iZ3D Driver\Win32\S3DCService.exe [27/07/2010 3:47 PM 360960]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [21/05/2010 12:40 AM 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [20/05/2010 11:40 PM 539184]
R3 e2eVAWdm;e2eSoft VAudio;c:\windows\system32\drivers\VAud_WDM.sys [27/05/2010 8:02 PM 48096]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [03/11/2008 3:47 AM 27544]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [15/09/2009 2:59 PM 38248]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18/11/2009 5:16 PM 95568]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [10/11/2009 3:53 PM 104016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [05/03/2010 3:09 PM 386784]
S3 catdrive;Catweasel Drive Driver;c:\windows\system32\drivers\catdri2k.sys [19/05/2010 2:15 PM 6877]
S3 catjoyst;Catweasel joystick Driver;c:\windows\system32\drivers\catjoy2k.sys [19/05/2010 2:15 PM 5520]
S3 catkeybd;Catweasel keyboard Driver;c:\windows\system32\drivers\catkey2k.sys [19/05/2010 2:15 PM 9968]
S3 catweasl;Catweasel Driver;c:\windows\system32\drivers\Catwea2k.sys [19/05/2010 2:15 PM 89839]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
S3 ProfileSharpServer;ProfileSharpServer;f:\program files\SoftProdigy\ProfileSharp Enterprise Edition v1.3\ProfileSharpServer.exe [01/11/2006 5:38 AM 73728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10/07/2008 5:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10/07/2008 5:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
LSP: f:\program files\VMWare\VMWare Player\vsocklib.dll
FF - ProfilePath - c:\documents and settings\[Name]\Application Data\Mozilla\Firefox\Profiles\ht5de6vl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\documents and settings\[Name]\Application Data\Mozilla\Firefox\Profiles\ht5de6vl.default\extensions\GameTap@gametap.com\plugins\npGameTapWebUpdater.dll
FF - plugin: c:\program files\GameTap Web Player\bin\release\npGameTapWebPlayer.dll
FF - plugin: f:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: f:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: f:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 15:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-220523388-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5946B99-1D18-6114-E2E3-8C9880B66136}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacgdjeoapkdafnp"=hex:67,61,6c,62,61,6f,6f,70,63,66,6c,6d,66,65,00,02
"iagfhdbggndoclijbc"=hex:62,61,6d,62,00,fa

[HKEY_USERS\S-1-5-21-1659004503-220523388-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b3,4d,e2,97,b8,0c,88,2d,8d,8d,5b,b2,c0,0c,fe,cc,cd,ab,78,83,46,90,8f,
c8,66,9c,8f,31,67,c4,5e,86,e9,e9,c2,13,45,67,b3,f5,39,5a,3e,5d,76,ff,7a,37,\
"??"=hex:98,87,b6,a5,12,12,6d,b8,76,4e,bf,ef,82,54,6f,d7

[HKEY_USERS\S-1-5-21-1659004503-220523388-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:77,92,b9,cf,d4,0b,0f,2b,7b,dc,eb,92,f4,73,85,0e,25,27,f0,c8,24,
8a,bb,c8,48,08,f4,c7,05,9e,1d,2f,98,1f,8c,cf,eb,00,63,b8,08,7e,4b,2d,54,a8,\
"rkeysecu"=hex:a3,b8,41,79,c8,a8,8c,80,34,19,57,07,2d,cb,b2,eb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4996)
c:\windows\system32\WININET.dll
f:\program files\MozyPro\mozyproshell.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
f:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
f:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\NetLimiter 2 Monitor\nlsvc.exe
f:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
f:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\NetLimiter 2 Monitor\NLClient.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
f:\program files\VMWare\VMWare Player\vmware-authd.exe
c:\windows\RTHDCPL.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
f:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-08-04 15:59:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-04 22:59

Pre-Run: 70,867,070,976 bytes free
Post-Run: 71,666,397,184 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 769F6AAA0367BC43B78997C80635E807


The new DDS.txt (Renamed to DDS2.txt)


DDS (Ver_10-03-17.01) - NTFSx86
Run by [Name] at 16:05:55.14 on 04/08/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1224 [GMT -7:00]

AV: avast! antivirus 4.8.1368 [VPS 100804-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\ANIWConnService.exe
F:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\CollabNet\Subversion Server\svnserve.exe
F:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
F:\Program Files\iZ3D Driver\Win32\S3DCService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
F:\Program Files\VMWare\VMWare Player\vmware-authd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
F:\Program Files\VMWare\VMWare Player\hqtray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
F:\program files\steam\steam.exe
F:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\soffice.exe
F:\Program Files\iZ3D Driver\Control center.exe
F:\Program Files\MozyPro\mozyprostat.exe
C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\[Name]\Desktop\Portable Apps\FirefoxPortable\FirefoxPortable.exe
C:\Documents and Settings\[Name]\Desktop\Portable Apps\FirefoxPortable\App\firefox\firefox.exe
C:\Documents and Settings\[Name]\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SODCPreLoad] f:\program files\ibm\lotus\symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe c:\docume~1\[Name]\ibm\lotus\symphony\.sodc\
uRun: [Steam] "f:\program files\steam\steam.exe" -silent
uRun: [Control center.exe] f:\program files\iz3d driver\Control center.exe /silent
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless 150 USB Adapter DWA-125] c:\program files\d-link\dwa-125 reva\AirGCFG.exe
mRun: [VMware hqtray] "f:\program files\vmware\vmware player\hqtray.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\[Name]\startm~1\programs\startup\erunta~1.lnk - f:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\[Name]\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozypr~1.lnk - f:\program files\mozypro\mozyprostat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\softwa~1.lnk - c:\program files\common files\cloanto\software director\softdir.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll
LSP: f:\program files\vmware\vmware player\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\[Name]\applic~1\mozilla\firefox\profiles\ht5de6vl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-12 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-12 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-12 25160]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;f:\program files\iz3d driver\win32\S3DInjectionDriver.sys [2010-7-27 34968]
R1 mozyproFilter;mozyproFilter;c:\windows\system32\drivers\mozypro.sys [2010-2-5 54776]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 81688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-11-18 116560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-11-18 41424]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2010-4-27 147456]
R2 Apache2.2;Apache2.2;f:\program files\apache software foundation\apache2.2\bin\httpd.exe [2010-3-4 24645]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-12 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-12 138680]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-12 723632]
R2 CSVNsvnserve;CollabNet Subversion svnserve;f:\program files\collabnet\subversion server\svnserve.exe [2009-10-22 114780]
R2 mozyprobackup;MozyPro Backup Service;f:\program files\mozypro\mozyprobackup.exe [2010-1-4 78136]
R2 S3D Service (Win32);S3D Service (Win32);f:\program files\iz3d driver\win32\S3DCService.exe [2010-7-27 360960]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-5-21 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-5-20 539184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-12 352920]
R3 e2eVAWdm;e2eSoft VAudio;c:\windows\system32\drivers\VAud_WDM.sys [2010-5-27 48096]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [2008-11-3 27544]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-4-27 715520]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-11-18 95568]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-11-10 104016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2010-3-5 386784]
S3 catdrive;Catweasel Drive Driver;c:\windows\system32\drivers\catdri2k.sys [2010-5-19 6877]
S3 catjoyst;Catweasel joystick Driver;c:\windows\system32\drivers\catjoy2k.sys [2010-5-19 5520]
S3 catkeybd;Catweasel keyboard Driver;c:\windows\system32\drivers\catkey2k.sys [2010-5-19 9968]
S3 catweasl;Catweasel Driver;c:\windows\system32\drivers\Catwea2k.sys [2010-5-19 89839]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?]
S3 ProfileSharpServer;ProfileSharpServer;f:\program files\softprodigy\profilesharp enterprise edition v1.3\ProfileSharpServer.exe [2006-11-1 73728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2010-08-04 22:45:38 0 d-sha-r- C:\cmdcons
2010-08-04 22:41:51 77312 ----a-w- c:\windows\MBR.exe
2010-08-04 22:41:51 256512 ----a-w- c:\windows\PEV.exe
2010-08-04 22:41:51 161792 ----a-w- c:\windows\SWREG.exe
2010-08-04 22:41:50 98816 ----a-w- c:\windows\sed.exe
2010-08-04 22:31:36 0 d-----w- C:\ComboFix
2010-08-01 05:05:09 0 d-----w- c:\docume~1\[Name]\applic~1\Spacejock Software
2010-07-31 00:59:52 104 ----a-w- c:\windows\CORION2.INI
2010-07-28 14:59:12 0 d-----w- c:\docume~1\alluse~1\applic~1\tBGmcqRI
2010-07-28 13:58:33 0 d-----w- c:\docume~1\[Name]\applic~1\NVIDIA
2010-07-27 22:47:18 185344 ----a-w- c:\windows\system32\PCGW32.DLL
2010-07-27 21:05:37 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-27 21:05:34 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-27 21:05:34 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-27 21:05:34 0 ----a-w- c:\windows\system32\nvdrswr.lk
2010-07-27 20:40:32 0 d-----w- c:\windows\system32\NVIDIA Corporation
2010-07-27 20:31:01 0 d-----w- c:\docume~1\[Name]\applic~1\iZ3D Driver
2010-07-27 20:30:59 0 d-----w- c:\docume~1\alluse~1\applic~1\iZ3D Driver
2010-07-20 21:15:09 882 ----a-w- c:\documents and settings\[Name]\.recently-used.xbel
2010-07-13 21:53:27 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 23:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 23:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 23:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 23:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 23:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll

==================== Find3M ====================

2010-07-28 03:03:31 230736 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-07-07 20:46:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-13 00:29:01 51874 ----a-w- c:\windows\FdUninstall.exe
2010-05-27 02:01:14 20216 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-21 07:39:48 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-05-21 07:39:38 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-05-21 07:38:50 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-05-21 07:37:30 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-05-21 06:13:38 252464 ----a-w- c:\windows\system32\vmnc.dll
2010-05-21 04:19:20 59952 ----a-w- c:\windows\system32\vnetinst.dll
2005-04-01 05:17:42 40960 ----a-w- c:\program files\Uninstall_CDS.exe

============= FINISH: 16:06:12.92 ===============


A bit unsure - Do you want the Attach.txt text-dumped or attached as a .zip file?
 
Hi,

Copy-paste attach.txt contents like you did with other two logs, please :)

Upload following files to http://www.virustotal.com and post back the results/a link to the results:
c:\windows\system32\VB6KO.DLL
c:\qoobox\quarantine\f\program files\iZ3D Driver\Win32\S3DOGLInjector.dll.vir
 
I cannot upload either file from those locations, as the first was deleted by ComboFix and the second is not at that location (I do have "Show hidden files and folders" on)


The Attach2.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/05/2009 2:10:19 PM
System Uptime: 08/04/2010 3:53:28 PM (2833 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2A-VM HDMI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2199/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 100 GiB total, 66.776 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 832 GiB total, 724.346 GiB free.
I: is CDROM ()
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81AA1043&REV_01\4&288D452A&0&0038
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81AA1043&REV_01\4&288D452A&0&0038
Service: RTLE8023xp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\184456911D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\184456911D800
Service: NIC1394

==== System Restore Points ===================

RP453: 26/07/2010 4:35:50 AM - System Checkpoint
RP454: 26/07/2010 7:26:18 AM - System Checkpoint
RP455: 27/07/2010 7:05:03 PM - System Checkpoint
RP456: 27/07/2010 8:03:30 PM - TrueCrypt installation
RP457: 28/07/2010 8:42:50 PM - System Checkpoint
RP458: 29/07/2010 10:57:12 PM - System Checkpoint
RP459: 30/07/2010 11:24:51 PM - System Checkpoint
RP460: 01/08/2010 9:56:32 AM - System Checkpoint
RP461: 02/08/2010 1:08:56 PM - System Checkpoint
RP462: 03/08/2010 3:00:17 AM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
3DMark06
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Algebrator 4.2
Alien Swarm
Amiga Forever
ANIO Service
ANIWZCS2 Service
Apache HTTP Server 2.2.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArgoUML 0.28.1
ATI - Software Uninstall Utility
avast! Antivirus
Avernum 2
Avernum 5
Avernum Demo
Blades of Avernum
Bonjour
Champions Online
Character Builder
Chessmaster 9000
Civ II : Test Of Time
Civilization II Multiplayer Gold Edition
CollabNet Automatic Update 1.1
CollabNet Subversion Server 1.6.6
COMODO Internet Security
D-Link Wireless 150 USB Adapter DWA-125
Dungeon Crafter III (remove only)
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.11.00.812
DVD Solution
DVDFab 6.0.2.2 (June 26, 2009)
e2eSoft VSC v1.3.0
ERUNT 1.1j
Fantasy Grounds II
Fdrawcmd.sys 1.0.1.10
Folding@home-gpu
Folding@home-x86
Foxit Reader
FreeMind
GameSpy Arcade
GameTap Web Player
GIMP 2.6.6
GOG.com Downloader
Half-Life
Haskell Platform 2009.2.0.2
Heaven & Earth
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB938759)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBM Lotus Symphony
InCD
InterActual Player
Interstate '76 Arsenal
iTunes
iZ3D Driver Remove
Java Auto Updater
Java(TM) 6 Update 20
JetBrains dotTrace 3.1
Last.fm 1.5.4.24567
Leksah
LG ODD Auto Firmware Update
Liquid Story Binder XE 4.41
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Majesty Gold
Master Of Magic
Master of Orion 1 and 2
Master of Orion II
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (March 2009)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Sync Services for ADO.NET v2.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007 SP1
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Game Studio 3.1
Microsoft XNA Game Studio 3.1 (ARP entry)
Microsoft XNA Game Studio 3.1 (Platformer)
Microsoft XNA Game Studio 3.1 (Redists)
Microsoft XNA Game Studio 3.1 (Shared Components)
Microsoft XNA Game Studio 3.1 (VCSExpress)
Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
Microsoft XNA Game Studio 3.1 Documentation
Microsoft XNA Game Studio Platform Tools
mIRC
MOGRE SDK 1.4.8
MOGRE SDK 1.7.1 beta
Mono for Windows 2.4.2.2
MonoDevelop 2.1.r136446
Morrowind
Mozilla Firefox (3.5)
Mozilla Thunderbird (2.0.0.23)
Mozilla Thunderbird (3.0.4)
MozyPro Remote Backup
MSXML 6.0 Parser (KB933579)
Multimedia Launcher
Nero OEM
NetLimiter 2 Monitor (remove only)
Neverwinter Nights 2
Neverwinter Nights Gold Edition
NProf 0.11
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA FX Composer 2.5
NVIDIA nView Desktop Manager
NVIDIA Performance
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA System Update
OpenOffice.org 3.2
Pando Media Booster
PCMark05
PE Builder 3.1.10a
PHP 5.3.2
PowerDVD
PowerProducer
Prof-It for C#
ProfileSharp Enterprise Edition v1.3
Python 2.4.4
QuickTime
RapidSVN-0.12.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Redguard
Roleplaying City Map Generator
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sid Meier's Civilization 4
Skype™ 4.1
SlimDX SDK (August 2009)
SlimDX SDK (February 2010)
SlimDX SDK (March 2009)
SlimTune Profiler v0.2.1
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
Steam
Sun VirtualBox
System Requirements Lab
TaoFramework 2.1.0
TES Construction Set
Texture Maker 3.1
tools-winPre2k
TrueCrypt
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VDMSound
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VMware Player
Web Deployment Tool Release Candidate 1
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wings 3D 1.0.1
Wings 3D 1.1.5
Wings 3D 1.2
WinUAE 2.1.0
Yahoo! Messenger
yWriter5

==== Event Viewer Messages From Past Week ========

31/07/2010 4:50:45 PM, error: Dhcp [1002] - The IP address lease 192.168.1.67 for the Network Card with network address 00265A729836 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
04/08/2010 3:56:22 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SLOWEST that believes that it is the master browser for the domain on transport NetBT_Tcpip_{96724F8C-7A05-4035-A. The master browser is stopping or an election is being forced.
04/08/2010 3:54:51 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
04/08/2010 3:41:12 PM, error: Dhcp [1002] - The IP address lease 192.168.0.102 for the Network Card with network address 00265A729836 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
02/08/2010 7:11:35 PM, error: Dhcp [1002] - The IP address lease 192.168.0.103 for the Network Card with network address 00265A729836 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
01/08/2010 6:03:25 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
01/08/2010 6:03:25 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nTuneService service.
01/08/2010 6:03:21 AM, error: PSched [14103] - QoS [Adapter {96724F8C-7A05-4035-A8C3-A019E4F20BA2}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

==== End Of File ===========================
 
Hi,

Look for S3DOGLInjector.dll and S3DOGLInjector.dll.vir files and upload to virustotal if either one is found (let me know where you found it).

This is the other file I asked to upload: c:\qoobox\quarantine\c\windows\system32\VB6KO.DLL.vir.


IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards (if [Name] is not correct username then replace it with proper one):

f:\program files\uTorrent
c:\documents and settings\[Name]\Application Data\uTorrent

Empty Recycle Bin.

After that:


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Folder::
c:\documents and settings\All Users\Application Data\tBGmcqRI
f:\program files\uTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"f:\\Program Files\\uTorrent\\uTorrent.exe"=-
Regnull::
[HKEY_USERS\S-1-5-21-1659004503-220523388-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5946B99-1D18-6114-E2E3-8C9880B66136}*]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
uTorrent deletion results:

There was a graphical glitch when uninstalling uTorrent; the "Add/Remove Programs" window stayed up, but frozen (it did not respond to direct mouse clicks, but responded to display sorting normally - Clicking on other windows would hide it, etc..I got rid of it by right-clicking the taskbar icon and selecting close) and was absent from the Applications list in the Windows Task Manager.
In addition, past the "yes/no" window to remove uTorrent, no deletion window appeared. However, uTorrent is absent from the "Add/Remove Programs" list. Opening the remaining folders (Before removal to the Recycle Bin and deletion) showed only the uTorrent.exe (In F:\Program Files\uTorrent\) and the .torrent and data files in the other folder.

After dropping both uTorrent folders in the recycle bin and deleting them, I dropped the script onto ComboFix as instructed. ComboFix requested an update and I accepted, after which it restarted and hopefully ran the script.

Further results after I complete the next instructions.

log2.txt:

ComboFix 10-08-05.01 - [Name] 05/08/2010 13:15:23.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1187 [GMT -7:00]
Running from: c:\documents and settings\[Name]\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\[Name]\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100805-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\tBGmcqRI
c:\documents and settings\All Users\Application Data\tBGmcqRI\PCGWIN32.LI5

.
((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-01 05:05 . 2010-08-01 05:05 -------- d-----w- c:\documents and settings\[Name]\Application Data\Spacejock Software
2010-07-28 13:58 . 2010-07-28 13:58 -------- d-----w- c:\documents and settings\[Name]\Application Data\NVIDIA
2010-07-27 22:47 . 2009-04-11 00:19 185344 ----a-w- c:\windows\system32\PCGW32.DLL
2010-07-27 21:05 . 2010-07-27 21:05 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-27 21:05 . 2010-07-27 21:05 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-27 21:05 . 2010-07-27 21:05 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-27 20:40 . 2010-07-27 20:40 -------- d-----w- c:\windows\system32\NVIDIA Corporation
2010-07-27 20:31 . 2010-07-27 20:31 -------- d-----w- c:\documents and settings\[Name]\Application Data\iZ3D Driver
2010-07-27 20:30 . 2010-07-27 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\iZ3D Driver
2010-07-13 21:53 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 23:24 . 2010-07-09 23:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 23:24 . 2010-07-09 23:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 23:24 . 2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:24 . 2010-07-09 23:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 23:24 . 2010-07-09 23:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 23:24 . 2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 20:14 . 2009-05-13 04:31 -------- d-----w- c:\program files\lg_fwupdate
2010-08-05 18:55 . 2009-05-20 23:39 1 ----a-w- c:\documents and settings\[Name]\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-04 22:54 . 2010-05-27 03:21 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2010-08-04 22:54 . 2010-05-27 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-08-01 14:21 . 2009-05-18 07:16 -------- d-----w- c:\program files\SpeedFan
2010-08-01 05:32 . 2009-06-04 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-28 04:12 . 2009-05-14 02:35 -------- d-----w- c:\documents and settings\[Name]\Application Data\TrueCrypt
2010-07-28 03:03 . 2009-05-14 02:32 230736 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-07-27 21:06 . 2009-12-07 19:48 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-27 20:41 . 2010-04-13 16:19 1028064 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1659004503-220523388-725345543-1004-0.dat
2010-07-27 20:41 . 2010-04-13 16:19 138902 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2010-07-07 20:46 . 2009-05-12 23:16 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-24 01:29 . 2010-06-24 01:29 -------- d-----w- c:\documents and settings\[Name]\Application Data\Turbine
2010-06-23 22:32 . 2010-06-23 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-23 22:30 . 2010-06-23 22:30 -------- d-----w- c:\program files\Pando Networks
2010-06-20 06:34 . 2010-06-20 06:34 -------- d-----w- c:\documents and settings\[Name]\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2010-06-20 06:34 . 2010-06-20 06:34 -------- d-----w- c:\program files\GOG.com Downloader
2010-06-20 06:33 . 2009-05-17 02:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-20 06:33 . 2010-06-20 06:34 53632 ----a-w- c:\documents and settings\[Name]\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-14 14:31 . 2009-05-12 21:06 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 00:29 . 2010-06-13 00:29 51874 ----a-w- c:\windows\FdUninstall.exe
2010-06-05 08:08 . 2010-06-05 08:08 503808 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c591e4d-n\msvcp71.dll
2010-06-05 08:08 . 2010-06-05 08:08 499712 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c591e4d-n\jmc.dll
2010-06-05 08:08 . 2010-06-05 08:08 348160 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c591e4d-n\msvcr71.dll
2010-06-05 08:08 . 2010-06-05 08:08 61440 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-17cc954a-n\decora-sse.dll
2010-06-05 08:08 . 2010-06-05 08:08 12800 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-17cc954a-n\decora-d3d.dll
2010-06-02 07:53 . 2009-05-12 23:04 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-27 03:13 . 2010-05-27 03:13 921608 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\uninstall.exe
2010-05-27 03:10 . 2010-05-27 03:13 356352 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\module_ws.dll
2010-05-27 03:10 . 2010-05-27 03:13 581632 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\module_core.dll
2010-05-27 03:10 . 2010-05-27 03:13 968752 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\vnetlib64.dll
2010-05-27 03:10 . 2010-05-27 03:13 932400 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\vnetlib64.exe
2010-05-27 03:10 . 2010-05-27 03:13 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\vnetlib.dll
2010-05-27 03:10 . 2010-05-27 03:13 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\vminstutil.dll
2010-05-27 03:10 . 2010-05-27 03:13 707120 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Player\Uninstaller\vnetlib.exe
2010-05-27 02:01 . 2009-10-23 04:10 20216 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-26 04:07 . 2009-11-25 03:22 164880 ---ha-w- c:\documents and settings\[Name]\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2010-05-23 15:14 . 2010-05-23 15:14 503808 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-59ce6679-n\msvcp71.dll
2010-05-23 15:14 . 2010-05-23 15:14 499712 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-59ce6679-n\jmc.dll
2010-05-23 15:14 . 2010-05-23 15:14 348160 ----a-w- c:\documents and settings\[Name]\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-59ce6679-n\msvcr71.dll
2010-05-21 07:40 . 2010-05-21 07:40 70704 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-05-21 07:40 . 2010-05-21 07:40 854064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-05-21 07:39 . 2010-05-21 07:39 14896 ----a-w- c:\windows\system32\drivers\vmparport.sys
2010-05-21 07:39 . 2010-05-27 03:13 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-05-21 07:39 . 2010-05-27 03:13 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-05-21 07:38 . 2010-05-27 03:12 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-05-21 07:38 . 2010-05-27 03:12 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-05-21 07:37 . 2010-05-21 07:37 32688 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-05-21 07:37 . 2010-05-21 07:37 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-05-21 07:37 . 2010-05-27 03:13 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-05-21 06:40 . 2010-05-21 06:40 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-05-21 06:13 . 2010-05-21 06:13 252464 ----a-w- c:\windows\system32\vmnc.dll
2010-05-21 04:19 . 2010-05-21 04:19 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-05-21 04:19 . 2010-05-21 04:19 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-05-21 04:19 . 2010-05-21 04:19 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-05-21 04:19 . 2010-05-21 04:19 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-05-17 22:46 . 2009-05-18 02:42 21760 ----a-w- c:\documents and settings\[Name]\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-04-01 05:17 . 2009-05-13 04:23 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-04_22.55.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2010-08-04 22:59 573206 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-08-04 22:57 573206 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-08-04 22:59 115226 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-08-04 22:57 115226 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro]
@="{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}"
[HKEY_CLASSES_ROOT\CLSID\{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}]
2010-01-04 19:33 2848568 ----a-w- f:\program files\MozyPro\mozyproshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro2]
@="{CBAFE103-79DA-46ca-BD9A-63CBF6282882}"
[HKEY_CLASSES_ROOT\CLSID\{CBAFE103-79DA-46ca-BD9A-63CBF6282882}]
2010-01-04 19:33 2848568 ----a-w- f:\program files\MozyPro\mozyproshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro3]
@="{8B99EA55-1AFF-4539-80A0-A71C6011CD84}"
[HKEY_CLASSES_ROOT\CLSID\{8B99EA55-1AFF-4539-80A0-A71C6011CD84}]
2010-01-04 19:33 2848568 ----a-w- f:\program files\MozyPro\mozyproshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SODCPreLoad"="f:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe" [2010-01-19 40960]
"Steam"="f:\program files\steam\steam.exe" [2010-07-16 1238352]
"Control center.exe"="f:\program files\iZ3D Driver\Control center.exe" [2010-03-19 4547584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-09 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-06-10 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless 150 USB Adapter DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-04-22 1683456]
"VMware hqtray"="f:\program files\VMWare\VMWare Player\hqtray.exe" [2010-05-21 64048]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-28 1800464]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\[Name]\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - f:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-12-2 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyPro Status.lnk - f:\program files\MozyPro\mozyprostat.exe [2010-1-4 2893624]
Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2009-7-29 288136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2007-08-31 00:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"f:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"f:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"f:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\[Name]\\My Documents\\Visual Studio 2008\\Projects\\ChatProgramTest\\ChatProgramTest\\bin\\Debug\\ChatProgramTest.vshost.exe"=
"f:\\Program Files\\JetBrains\\dotTrace 3.1\\JetBrains.dotTrace.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Sun\\VirtualBox\\VirtualBox.exe"=
"f:\\Program Files\\MicroProse Software\\Civilization II Multiplayer Gold Edition\\civ2.exe"=
"f:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"f:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.20090525-1200\\win32\\x86\\symphony.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Program Files\\SlimTune Profiler\\SlimTuneUI.exe"=
"f:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\VMWare\\VMWare Player\\vmware-authd.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"f:\\Program Files\\Steam\\Steam.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"f:\\Program Files\\Steam\\steamapps\\narf_the_mouse\\half-life\\hl.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56322:TCP"= 56322:TCP:Pando Media Booster
"56322:UDP"= 56322:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/05/2009 3:55 PM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12/05/2009 4:01 PM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/05/2009 4:01 PM 25160]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;f:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [27/07/2010 3:47 PM 34968]
R1 mozyproFilter;mozyproFilter;c:\windows\system32\drivers\mozypro.sys [05/02/2010 10:54 AM 54776]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 9:08 AM 81688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [18/11/2009 5:16 PM 116560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [18/11/2009 5:16 PM 41424]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [27/04/2010 10:13 PM 147456]
R2 Apache2.2;Apache2.2;f:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [04/03/2010 11:27 AM 24645]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/05/2009 3:55 PM 20560]
R2 CSVNsvnserve;CollabNet Subversion svnserve;f:\program files\CollabNet\Subversion Server\svnserve.exe [22/10/2009 6:12 AM 114780]
R2 mozyprobackup;MozyPro Backup Service;f:\program files\MozyPro\mozyprobackup.exe [04/01/2010 12:33 PM 78136]
R2 S3D Service (Win32);S3D Service (Win32);f:\program files\iZ3D Driver\Win32\S3DCService.exe [27/07/2010 3:47 PM 360960]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [21/05/2010 12:40 AM 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [20/05/2010 11:40 PM 539184]
R3 e2eVAWdm;e2eSoft VAudio;c:\windows\system32\drivers\VAud_WDM.sys [27/05/2010 8:02 PM 48096]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [03/11/2008 3:47 AM 27544]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [15/09/2009 2:59 PM 38248]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18/11/2009 5:16 PM 95568]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [10/11/2009 3:53 PM 104016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [05/03/2010 3:09 PM 386784]
S3 catdrive;Catweasel Drive Driver;c:\windows\system32\drivers\catdri2k.sys [19/05/2010 2:15 PM 6877]
S3 catjoyst;Catweasel joystick Driver;c:\windows\system32\drivers\catjoy2k.sys [19/05/2010 2:15 PM 5520]
S3 catkeybd;Catweasel keyboard Driver;c:\windows\system32\drivers\catkey2k.sys [19/05/2010 2:15 PM 9968]
S3 catweasl;Catweasel Driver;c:\windows\system32\drivers\Catwea2k.sys [19/05/2010 2:15 PM 89839]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
S3 ProfileSharpServer;ProfileSharpServer;f:\program files\SoftProdigy\ProfileSharp Enterprise Edition v1.3\ProfileSharpServer.exe [01/11/2006 5:38 AM 73728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10/07/2008 5:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10/07/2008 5:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
LSP: f:\program files\VMWare\VMWare Player\vsocklib.dll
FF - ProfilePath - c:\documents and settings\[Name]\Application Data\Mozilla\Firefox\Profiles\ht5de6vl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 13:19
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-220523388-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b3,4d,e2,97,b8,0c,88,2d,8d,8d,5b,b2,c0,0c,fe,cc,cd,ab,78,83,46,90,8f,
c8,66,9c,8f,31,67,c4,5e,86,e9,e9,c2,13,45,67,b3,f5,39,5a,3e,5d,76,ff,7a,37,\
"??"=hex:98,87,b6,a5,12,12,6d,b8,76,4e,bf,ef,82,54,6f,d7

[HKEY_USERS\S-1-5-21-1659004503-220523388-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:77,92,b9,cf,d4,0b,0f,2b,7b,dc,eb,92,f4,73,85,0e,25,27,f0,c8,24,
8a,bb,c8,48,08,f4,c7,05,9e,1d,2f,98,1f,8c,cf,eb,00,63,b8,08,7e,4b,2d,54,a8,\
"rkeysecu"=hex:a3,b8,41,79,c8,a8,8c,80,34,19,57,07,2d,cb,b2,eb
.
Completion time: 2010-08-05 13:21:12
ComboFix-quarantined-files.txt 2010-08-05 20:21
ComboFix2.txt 2010-08-04 23:10

Pre-Run: 71,636,656,128 bytes free
Post-Run: 71,619,555,328 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 8C585C9937C20F647F5D185BF9EA4655
 
I ran ATF Cleaner. The Firefox button (Firefox being my browser) was grayed out. This may be due to using the portable version.

Aside from that, it reported how much it cleared and exited. (3,700, but I can't remember if it was MB or KB).
 
Kaspersky's done - The KAS.txt:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, August 5, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 05, 2010 14:32:50
Records in database: 4144846
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
I:\
J:\
K:\
L:\
M:\
Y:\

Scan statistics:
Objects scanned: 219016
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 05:06:15


File name / Threat / Threats count
F:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.


As far as I know, that's everything so far.
 
Hi,

S3DOGLInjector.dll file doesn't exist in f:\program files\iZ3D Driver\Win32 folder now, does it?

Open notepad and copy/paste the text in the codebox below into it:

Code: 
@echo off
for %%g in (
C:\Qoobox\S3DOGLInjector.dll
C:\Qoobox\Quarantine\C\WINDOWS\system32\VB6KO.DLL.vir
) do zip Files_for_submission %%g
del %0

Save this as grab.bat
Choose to Save type as - All Files
Save it on your desktop.
It should look like this:
bat_icon.gif

Double click on grab.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop. Upload it to this website: http://www.bleepingcomputer.com/submit-malware.php?channel=4

Kindly include a link to this topic in the message. Let me know when that's been done.
 
Thanks for the submission :)

Open notepad and copy/paste the text in the codebox below into it:

Code: 
@echo off
if exist C:\Qoobox\S3DOGLInjector.dll copy /y C:\Qoobox\S3DOGLInjector.dll f:\program files\iZ3D Driver\Win32\S3DOGLInjector.dll
if exist C:\Qoobox\Quarantine\C\WINDOWS\system32\VB6KO.DLL.vir copy /y C:\Qoobox\Quarantine\C\WINDOWS\system32\VB6KO.DLL.vir C:\WINDOWS\system32\VB6KO.DLL
del %0

Save this as fix.bat
Choose to Save type as - All Files
Save it on your desktop.

Double click on fix.bat & allow it to run.

Any issues left?
 
Done.

Aside from this still showing up? *Annoyed with computer*

Spybot - Search & Destroy report:

Win32.Wemon.sh: [SBI $1ACF3A39] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-06-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-27 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-27 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-27 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-08-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-08-02 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-20 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-27 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-07-28 Includes\TrojansC-02.sbi (*)
2010-07-28 Includes\TrojansC-03.sbi (*)
2010-07-28 Includes\TrojansC-04.sbi (*)
2010-08-02 Includes\TrojansC-05.sbi (*)
2010-08-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


Didn't Kapersky report a virus in Mirc.exe? Not sure; it was a bit unclear in the info line.
 
Didn't Kapersky report a virus in Mirc.exe? Not sure; it was a bit unclear in the info line.
Click to expand...
That's a false positive. It's flagged cos irc channels can be used for bad purposes too.


Open notepad and copy/paste the text in the codebox below into it:

Code: 
@echo off
SWREG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List" /s >Logit.txt
del %0

Save this as fix.bat
Choose to Save type as - All Files
Save it on your desktop.

Double click on fix.bat & allow it to run. Logit.txt file should be created on your desktop. Post back its contents, please.


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.
 
Results of First half of instructions.

Logit.txt:

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\controlset002\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
<NO NAME> REG_SZ
C:\Program Files\Sierra Wireless Inc\Watcher\SwiApiMux.exe REG_SZ C:\Program Files\Sierra Wireless Inc\Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux
 
Hi,

Did you set MBAM allowed in your firewall? That error is usually a result of firewall blocking update access.
 
Hi,

Could you disable Comodo firewall and see if MBAM is able to update itself?
 
You must log in or register to reply here.
Back
Top