Rootkit.Agent Help

nProtect KeyCrypt manager service <-- Not sure on this one.

Open Hijackthis
  • Go to Misc Tools> Open Uninstall Manager.
  • Click on Save List.
  • The list will open in Notepad.
  • Copy and Paste the List into this thread

Need to see the new Combofix log please
 
Sorry I had forgotten about that. I'm not sure but if I remember right that file was installed with a nexon game to prevent people from stealing the accounts username and password online.

ComboFix 09-08-20.07 - Sean 22/08/2009 0:52.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1710 [GMT 1:00]
Running from: c:\documents and settings\Sean\Desktop\Combo-Fix.exe
AV: ESET Smart Security 4.0 *On-access scanning diabled* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1315932803-112375414-4076277614-1000
c:\documents and settings\Sean\Application Data\inst.exe
c:\windows\depmc.dll
c:\windows\Installer\167e869.msi
c:\windows\Installer\5cf05.msi
c:\windows\run.log
c:\windows\system32\adngltzhd.dat
c:\windows\system32\adngltzhd_navtmp.dat
c:\windows\system32\drivers\kbiwkmjbituije.sys
c:\windows\system32\drivers\UACparfyvdplk.sys
c:\windows\system32\kbiwkmcxfmscsv.dat
c:\windows\system32\kbiwkmirjikget.dll
c:\windows\system32\kbiwkmlasftenk.dat
c:\windows\system32\kbiwkmwcpxrlxd.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmpxmtbbaq
-------\Legacy_kbiwkmpxmtbbaq
-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 22:06 . 2009-08-21 22:07 -------- d-s---w- C:\malgnone
2009-08-21 22:05 . 2009-08-21 22:06 -------- d-s---w- C:\Antimal
2009-08-21 20:54 . 2009-08-21 20:54 0 ----a-w- c:\documents and settings\Sean\settings.dat
2009-08-21 00:02 . 2009-08-21 00:02 -------- d-----w- c:\program files\ERUNT
2009-08-20 22:56 . 2009-08-20 22:56 -------- d-----w- c:\program files\Trend Micro
2009-08-20 22:48 . 2009-08-20 22:48 -------- d-----w- c:\documents and settings\Sean\DoctorWeb
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-08-20 15:23 . 2009-08-20 15:23 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 14:47 . 2009-08-20 14:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 14:47 . 2009-08-20 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 17:41 . 2009-08-17 17:41 30208 ----a-w- c:\windows\system32\uacrem.dll
2009-08-17 00:29 . 2002-12-02 00:18 142848 ----a-w- c:\windows\gamedelete.exe
2009-08-13 01:42 . 2009-08-13 01:42 -------- d-----w- c:\windows\ServicePackFiles
2009-08-11 01:06 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY.users
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\program files\SogouInput
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY
2009-08-11 00:54 . 2009-08-11 00:54 -------- d-----w- c:\program files\optic
2009-08-10 19:24 . 2009-08-10 19:24 1 ----a-w- c:\windows\AR.DAT
2009-08-10 18:45 . 2004-08-04 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-08-10 18:44 . 2004-08-04 12:00 36927 ----a-w- c:\windows\system32\dllcache\padrs411.dll
2009-08-10 18:01 . 2009-08-11 13:16 -------- d-----w- c:\program files\Microsoft Works
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-07 02:06 . 2009-08-07 02:07 -------- d-----w- C:\e793a28d994623889e46ab28e0089a61
2009-07-31 20:16 . 2009-07-31 22:27 -------- d-----w- c:\program files\Galaxy Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 21:08 . 2007-07-07 21:55 -------- d-----w- c:\documents and settings\Sean\Application Data\BitTorrent
2009-08-21 21:08 . 2007-07-07 21:54 -------- d-----w- c:\program files\BitTorrent
2009-08-21 20:51 . 2008-05-08 15:56 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-21 01:44 . 2008-11-09 17:17 -------- d-----w- c:\documents and settings\Sean\Application Data\Skype
2009-08-19 23:44 . 2009-04-17 23:53 -------- d-----w- c:\program files\Zoom
2009-08-19 20:04 . 2008-11-09 17:19 -------- d-----w- c:\documents and settings\Sean\Application Data\skypePM
2009-08-14 01:37 . 2007-03-14 18:51 62296 ----a-w- c:\documents and settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 19:02 . 2008-03-27 20:07 52392 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 13:27 . 2008-10-13 20:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:21 . 2009-07-21 21:21 -------- d-----w- c:\program files\Lionhead Studios
2009-07-21 21:21 . 2007-03-14 19:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:19 . 2008-10-05 19:40 -------- d-----w- c:\program files\AIMTunes
2009-07-14 13:55 . 2007-11-23 14:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 19:54 . 2007-12-02 16:32 -------- d-----w- c:\program files\NoAdware5.0
2009-07-07 15:04 . 2008-12-02 16:37 -------- d-----w- c:\program files\EA GAMES
2009-07-07 01:44 . 2007-03-14 17:56 7040 ----a-w- c:\documents and settings\Sean\Application Data\wklnhst.dat
2009-07-01 23:05 . 2009-07-01 23:03 -------- d-----w- c:\program files\Google
2009-07-01 23:04 . 2007-07-14 22:12 -------- d-----w- c:\program files\DivX
2009-07-01 23:03 . 2009-07-01 23:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-27 21:46 . 2009-06-27 21:46 -------- d-----w- c:\program files\gPotato.eu
2009-06-25 22:39 . 2009-06-25 22:27 -------- d-----w- c:\program files\Sim File Maid 2
2009-06-25 21:59 . 2008-12-24 23:47 -------- d-----w- c:\program files\SimPE
2009-06-25 20:13 . 2009-06-25 20:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-06-25 20:02 . 2007-03-19 20:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 19:44 . 2009-06-25 19:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-25 17:24 . 2009-06-25 16:52 -------- d-----w- c:\documents and settings\Sean\Application Data\gtk-2.0
2009-06-25 00:30 . 2009-06-25 00:21 -------- d-----w- c:\documents and settings\Sean\Application Data\MilkShape 3D 1.x.x
2009-06-25 00:29 . 2009-06-25 00:29 -------- d-----w- c:\program files\GIMP-2.0
2009-06-25 00:21 . 2009-06-25 00:09 -------- d-----w- c:\program files\MilkShape 3D 1.8.4
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:06 . 2007-03-13 21:37 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2007-03-14 18:55 . 2007-03-14 18:55 338 ----a-w- c:\program files\Shortcut to My Documents.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-02-24 1103216]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-03-21 90112]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"nodenable"="c:\program files\eset\nodenable.exe" [2008-09-23 326823]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-20 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-04-20 258048]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 936960]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe [2007-11-24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"14384:TCP"= 14384:TCP:*:Disabled:SolidNetworkManager
"14384:UDP"= 14384:UDP:*:Disabled:SolidNetworkManager
"58056:TCP"= 58056:TCP:Pando Media Booster
"58056:UDP"= 58056:UDP:Pando Media Booster

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19/03/2009 11:44 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13/01/2009 20:17 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [05/10/2008 20:39 24652]
S2 gupdate1c9faa0228a476e;Google Update Service (gupdate1c9faa0228a476e);c:\program files\Google\Update\GoogleUpdate.exe [02/07/2009 00:03 133104]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys --> c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
.
- - - - ORPHANS REMOVED - - - -

BHO-{B1BE275B-78BF-4A33-81AB-380699CFF329} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-eyeBeam SIP Client - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 01:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d8,f7,ef,71,83,3b,ad,86,57,0d,a1,b2,40,1e,91,0a,4f,28,05,9d,f1,37,e4,
14,1a,c4,a3,ee,0c,a2,c6,53,22,35,fb,2a,a1,fd,2e,e3,96,a0,c8,5e,83,ee,20,95,\
"??"=hex:a4,ee,4a,3b,4b,a3,71,34,58,d2,24,9c,da,5f,85,a2

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:89,4c,3b,87,e6,31,66,1e,1c,33,35,cd,4f,a6,f6,c5,93,c0,47,8b,8d,
74,4c,80,db,80,f2,a2,42,c7,da,3f,0d,a2,a5,99,9f,ca,b0,dd,3b,1d,d7,e9,aa,31,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,55,d4,b7,59,44,
69,58,08,e2,63,26,f1,3f,c8,ff,68,3a,73,bb,94,1c,ae,ff,8e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8d,75,0a,51,3e,
e0,50,0e,6a,9c,d6,61,af,45,84,18,8c,07,4f,db,21,48,ce,32,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,e7,03,b3,54,a2,
a2,6f,a6,ff,7c,85,e0,43,d4,0e,fe,33,6b,37,b7,62,9b,0d,87,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,3e,ca,40,20,d3,
97,2e,a9,86,8c,21,01,be,91,eb,e7,bf,88,df,68,5e,e3,29,fd,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d6,91,fd,ac,68,
89,e0,c6,f5,1d,4d,73,a8,13,5c,05,9a,4e,a2,bf,2b,6f,60,c8,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,03,06,4b,b6,f5,
0d,07,8c,df,20,58,62,78,6b,cf,c8,6b,7d,7a,61,c7,ba,9b,df,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7d,a5,b4,1e,93,
9d,6c,d5,fb,a7,78,e6,12,2f,9a,ea,43,12,9f,72,fc,0e,bc,29,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,9f,00,91,cc,76,
2f,ab,ed,01,3a,48,fc,e8,04,4a,f1,28,a5,48,48,d5,1d,e7,53,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,27,ef,32,f3,9d,
1a,0a,06,f6,0f,4e,58,98,5b,89,c9,22,50,fd,70,3d,ac,73,13,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,40,41,1c,b5,ce,
1d,3f,3f,3d,ce,ea,26,2d,45,aa,78,c8,b5,35,a5,99,4f,63,d9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,d8,3a,7c,d5,0a,
19,f0,1b,2a,b7,cc,b5,b9,7f,41,e7,9b,a8,b7,22,03,9c,bd,09,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,b3,b9,fa,3e,dd,
05,d6,4f,6c,43,2d,1e,aa,22,2f,9c,49,5e,02,d7,a1,0b,65,53,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-08-22 1:17
ComboFix-quarantined-files.txt 2009-08-22 00:16

Pre-Run: 6,515,666,944 bytes free
Post-Run: 8,585,596,928 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

320 --- E O F --- 2009-08-14 01:42

ABBYY FineReader 5.0 Sprint
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agere Systems PCI Soft Modem
AIM 6
Aim Plugin for QQ Games
AIM Toolbar 5.0
AIMTunes
Allok AVI DivX MPEG to DVD Converter 2.2.0429
Apple Mobile Device Support
Apple Software Update
AVS DVDMenu Editor 1.2.1.19
AVS Video Tools 5.6
Axara Video Converter 3.3.1
Black & White® 2 Demo
Black and White
Bonjour
Borland C++BuilderX
BT Broadband Desktop Help
Build Your Own Net Dream (remove only)
Build-a-lot
CA eTrust PestPatrol
Carnival Mania
CDex extraction audio
CEP (Color Enable Package) v.9.2 (beta)
Choice Guard
C-Media WDM Audio Driver
Critical Update for Windows Media Player 11 (KB959772)
DeepBurner v1.8.0.224
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Download Manager 2.3.6
Driving Test Success 2006/7
EA Download Manager
Easy Coder (7.0.0.1-english)
ERUNT 1.1j
ÊýÂ뱦±´
FaxTools
FLV to MP3 Converter 1.5
Galaxy Online
GIMP 2.6.6
Google Chrome
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Intel(R) Extreme Graphics 2 Driver
iTunes
Janes Hotel
Japanese Language Support
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Lexmark 1200 Series
Look 1320 V2
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Works
MilkShape 3D 1.8.4
MobileMe Control Panel
Movie DVD Maker 2.4.0408
MS Access 97 SP2
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
My Tribe
Nero 7 Essentials
NVIDIA Drivers
OLYMPUS Master 2
OLYMPUS muvee theaterPack
Pando Media Booster
PDF Settings
Poket Script 1.2
PopCap Browser Plugin
QQ Games
QuickTime
RealPlayer
RegCure 1.5.0.0
RPGƒcƒN[ƒ‹2003 - Tdz digimon rpg
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Shockwave
Sim File Maid 2 1.0.2
SimPE 0.72 (alpha)
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
Sogou Pinyin 3.5 Olympic Version
Solid State ION Internet Explorer Plugin
SPORE™
SPORE™ Creepy & Cute Parts Pack
Spybot - Search & Destroy
Switch Sound File Converter
Tasty Planet
The Sims 2
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
TwistedBrush
Ulead Video ToolBox Basic
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
USB PC Camera (SN9C102)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VeohTV BETA
Video DVD Maker Free v2.11.0.74
Video DVD Maker v3.7.0.15
Virtual Villagers 3 The Secret City
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Wings 3D 0.99.00b
WinRAR archiver
WolfTeam
Xfire (remove only)
Xvid 1.1.2 final uninstall
Yahoo! Messenger
Yahoo! Toolbar
Zoo Tycoon Demo
Zoom ADSL Modem
Zoom ADSL Modem
 
Sorry about that.

ComboFix 09-08-22.06 - Sean 23/08/2009 1:10:33.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1474 [GMT 1:00]
Running from: C:\Documents and Settings\Sean\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Sean\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point

FILE ::
"c:\windows\system32\xdva189.sys"
"c:\windows\system32\xdva223.sys"
"C:\windows\system32\xdva248.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA189
-------\Legacy_XDVA223
-------\Legacy_XDVA248
-------\Service_XDva189
-------\Service_XDva223
-------\Service_XDva248


((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-21 20:54:57 . 2009-08-21 20:54:57 0 ----a-w- C:\Documents and Settings\Sean\settings.dat
2009-08-21 00:02:27 . 2009-08-21 00:02:28 0 d-----w- C:\Program Files\ERUNT
2009-08-20 22:56:36 . 2009-08-20 22:56:36 0 d-----w- C:\Program Files\Trend Micro
2009-08-20 22:48:49 . 2009-08-20 22:48:49 0 d-----w- C:\Documents and Settings\Sean\DoctorWeb
2009-08-20 15:54:54 . 2009-08-20 15:54:54 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
2009-08-20 15:54:54 . 2009-08-20 15:54:54 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2009-08-20 15:23:18 . 2009-08-20 15:23:18 0 d-----w- C:\Documents and Settings\Sean\Application Data\Malwarebytes
2009-08-20 14:47:09 . 2009-08-03 12:36:28 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-08-20 14:47:08 . 2009-08-20 14:47:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-20 14:47:08 . 2009-08-03 12:36:06 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-08-20 14:47:07 . 2009-08-20 15:01:24 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-17 17:41:17 . 2009-08-17 17:41:17 30208 ----a-w- C:\WINDOWS\system32\uacrem.dll
2009-08-17 00:29:16 . 2002-12-02 00:18:00 142848 ----a-w- C:\WINDOWS\gamedelete.exe
2009-08-13 01:42:50 . 2009-08-13 01:42:50 0 d-----w- C:\WINDOWS\ServicePackFiles
2009-08-11 01:06:23 . 2009-08-11 01:06:24 0 d-----w- C:\Documents and Settings\Sean\Application Data\SogouPY.users
2009-08-11 01:05:53 . 2009-08-11 01:06:29 0 d-----w- C:\Program Files\SogouInput
2009-08-11 01:05:53 . 2009-08-11 01:06:28 0 d-----w- C:\Documents and Settings\Sean\Application Data\SogouPY
2009-08-11 00:54:20 . 2009-08-11 00:54:20 0 d-----w- C:\Program Files\optic
2009-08-10 19:24:44 . 2009-08-10 19:24:44 1 ----a-w- C:\WINDOWS\AR.DAT
2009-08-10 18:45:59 . 2004-08-04 12:00:00 70656 ----a-w- C:\WINDOWS\system32\korwbrkr.dll
2009-08-10 18:44:55 . 2004-08-04 12:00:00 36927 ----a-w- C:\WINDOWS\system32\dllcache\padrs411.dll
2009-08-10 18:01:26 . 2009-08-11 13:16:32 0 d-----w- C:\Program Files\Microsoft Works
2009-08-10 16:09:50 . 2001-08-17 21:36:18 8704 ----a-w- C:\WINDOWS\system32\kbdjpn.dll
2009-08-10 16:09:50 . 2001-08-17 21:36:18 8704 ----a-w- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2009-08-10 16:09:50 . 2001-08-17 21:36:18 8192 ----a-w- C:\WINDOWS\system32\kbdkor.dll
2009-08-10 16:09:50 . 2001-08-17 21:36:18 8192 ----a-w- C:\WINDOWS\system32\dllcache\kbdkor.dll
2009-08-10 16:09:50 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\kbd106.dll
2009-08-10 16:09:50 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\dllcache\kbd106.dll
2009-08-10 16:09:49 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\kbd101c.dll
2009-08-10 16:09:49 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\dllcache\kbd101c.dll
2009-08-10 16:09:49 . 2001-08-17 13:55:56 5632 ----a-w- C:\WINDOWS\system32\kbd103.dll
2009-08-10 16:09:49 . 2001-08-17 13:55:56 5632 ----a-w- C:\WINDOWS\system32\dllcache\kbd103.dll
2009-08-10 16:09:46 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\kbd101b.dll
2009-08-10 16:09:46 . 2001-08-17 13:55:56 6144 ----a-w- C:\WINDOWS\system32\dllcache\kbd101b.dll
2009-08-07 02:06:39 . 2009-08-07 02:07:04 0 d-----w- C:\e793a28d994623889e46ab28e0089a61
2009-07-31 20:16:38 . 2009-07-31 22:27:39 0 d-----w- C:\Program Files\Galaxy Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 14:54:54 . 2008-02-26 19:34:12 0 d-----w- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-21 21:08:41 . 2007-07-07 21:55:32 0 d-----w- C:\Documents and Settings\Sean\Application Data\BitTorrent
2009-08-21 21:08:38 . 2007-07-07 21:54:53 0 d-----w- C:\Program Files\BitTorrent
2009-08-21 20:51:59 . 2008-05-08 15:56:37 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-21 01:44:44 . 2008-11-09 17:17:09 0 d-----w- C:\Documents and Settings\Sean\Application Data\Skype
2009-08-19 23:44:28 . 2009-04-17 23:53:22 0 d-----w- C:\Program Files\Zoom
2009-08-19 20:04:08 . 2008-11-09 17:19:23 0 d-----w- C:\Documents and Settings\Sean\Application Data\skypePM
2009-08-14 01:37:49 . 2007-03-14 18:51:27 62296 ----a-w- C:\Documents and Settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 19:02:49 . 2008-03-27 20:07:30 52392 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2009-08-05 09:11:47 . 2004-08-04 12:00:00 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-08-01 13:27:45 . 2008-10-13 20:47:31 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-07-21 21:21:25 . 2009-07-21 21:21:25 0 d-----w- C:\Program Files\Lionhead Studios
2009-07-21 21:21:16 . 2007-03-14 19:15:09 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-07-17 18:55:28 . 2004-08-04 12:00:00 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2009-07-14 17:19:59 . 2008-10-05 19:40:48 0 d-----w- C:\Program Files\AIMTunes
2009-07-14 13:55:28 . 2007-11-23 14:58:29 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-07-13 22:43:24 . 2004-08-04 12:00:00 286208 ----a-w- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 19:54:57 . 2007-12-02 16:32:20 0 d-----w- C:\Program Files\NoAdware5.0
2009-07-07 15:04:56 . 2008-12-02 16:37:30 0 d-----w- C:\Program Files\EA GAMES
2009-07-07 01:44:42 . 2007-03-14 17:56:52 7040 ----a-w- C:\Documents and Settings\Sean\Application Data\wklnhst.dat
2009-07-01 23:05:19 . 2009-07-01 23:03:08 0 d-----w- C:\Program Files\Google
2009-07-01 23:04:45 . 2007-07-14 22:12:11 0 d-----w- C:\Program Files\DivX
2009-07-01 23:03:37 . 2009-07-01 23:03:08 0 d-----w- C:\Program Files\Common Files\DivX Shared
2009-06-29 16:12:20 . 2004-08-04 12:00:00 827392 ------w- C:\WINDOWS\system32\wininet.dll
2009-06-29 16:12:14 . 2004-08-04 12:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-06-29 16:12:14 . 2004-08-04 12:00:00 17408 ------w- C:\WINDOWS\system32\corpol.dll
2009-06-27 21:46:25 . 2009-06-27 21:46:25 0 d-----w- C:\Program Files\gPotato.eu
2009-06-25 22:39:34 . 2009-06-25 22:27:57 0 d-----w- C:\Program Files\Sim File Maid 2
2009-06-25 21:59:03 . 2008-12-24 23:47:27 0 d-----w- C:\Program Files\SimPE
2009-06-25 20:13:13 . 2009-06-25 20:13:13 0 d-----w- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-06-25 20:02:09 . 2007-03-19 20:13:21 0 d-----w- C:\Program Files\Common Files\Adobe
2009-06-25 19:44:54 . 2009-06-25 19:44:54 0 d-----w- C:\Program Files\Common Files\Macrovision Shared
2009-06-25 17:24:47 . 2009-06-25 16:52:22 0 d-----w- C:\Documents and Settings\Sean\Application Data\gtk-2.0
2009-06-25 00:30:06 . 2009-06-25 00:21:06 0 d-----w- C:\Documents and Settings\Sean\Application Data\MilkShape 3D 1.x.x
2009-06-25 00:29:29 . 2009-06-25 00:29:24 0 d-----w- C:\Program Files\GIMP-2.0
2009-06-25 00:21:09 . 2009-06-25 00:09:45 0 d-----w- C:\Program Files\MilkShape 3D 1.8.4
2009-06-16 14:55:16 . 2004-08-04 12:00:00 82432 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-16 14:55:16 . 2004-08-04 12:00:00 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-12 11:50:53 . 2004-08-04 12:00:00 76288 ----a-w- C:\WINDOWS\system32\telnet.exe
2009-06-10 14:21:48 . 2004-08-04 12:00:00 84992 ----a-w- C:\WINDOWS\system32\avifil32.dll
2009-06-10 06:32:40 . 2004-08-04 12:00:00 132096 ----a-w- C:\WINDOWS\system32\wkssvc.dll
2009-06-09 15:06:50 . 2007-03-13 21:37:27 1871872 ----a-w- C:\WINDOWS\system32\mstscax.dll
2009-06-03 19:27:58 . 2004-08-04 12:00:00 1290752 ----a-w- C:\WINDOWS\system32\quartz.dll
2007-03-14 18:55:30 . 2007-03-14 18:55:30 338 ----a-w- C:\Program Files\Shortcut to My Documents.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 18:51:28 3885408]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24:37 1694208]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 19:43:14 95800]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2009-02-24 18:20:06 1103216]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 09:18:24 3660848]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2009-04-29 17:55:24 3338240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-03-21 18:41:50 90112]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 16:34:18 4347120]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 15:21:06 50472]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-23 14:17:06 21755688]
"nodenable"="C:\Program Files\eset\nodenable.exe" [2008-09-23 15:48:39 326823]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 02:35:40 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 02:32:24 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 02:36:20 114688]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-12-07 06:59:49 935936]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 17:39:04 40960]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 07:07:30 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-20 19:35:23 185896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22:00 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22:00 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27:04 144784]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42:24 165416]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-04-20 18:17:36 258048]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 13:34:08 936960]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-15 13:21:54 675840]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40:44 155648]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 16:27:40 177472]
"fssui"="C:\Program Files\Windows Live\Family Safety\fsui.exe" [2009-02-06 18:08:58 454000]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2009-03-19 10:44:28 2029640]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 15:18:48 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-03-12 19:56:58 342312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 16:10:28 35696]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 12:00:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 12:00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 12:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 12:00:00 455168]
"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2006-10-22 11:22:00 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-11-24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"14384:TCP"= 14384:TCP:*:Disabled:SolidNetworkManager
"14384:UDP"= 14384:UDP:*:Disabled:SolidNetworkManager
"58056:TCP"= 58056:TCP:Pando Media Booster
"58056:UDP"= 58056:UDP:Pando Media Booster

R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [19/03/2009 11:44:34 107256]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\ekrn.exe [19/03/2009 11:44:50 731840]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\drivers\fssfltr_tdi.sys [13/01/2009 20:17:16 55136]
R2 fsssvc;Windows Live Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08:58 533360]
S2 gupdate1c9faa0228a476e;Google Update Service (gupdate1c9faa0228a476e);C:\Program Files\Google\Update\GoogleUpdate.exe [02/07/2009 00:03:22 133104]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\C:\DOCUME~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys --> C:\DOCUME~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys --> E:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57:18 . 2008-07-30 12:34:12]

2009-08-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-01 23:03:22 . 2009-07-01 23:03:10]

2009-08-22 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-01 23:03:22 . 2009-07-01 23:03:10]

2009-08-23 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 16:20:34 . 2007-08-02 16:20:34]

2009-08-20 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 16:20:34 . 2007-08-02 16:20:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
 
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Rootkit::


Code: 
Rootkit::
c:\windows\system32\uacrem.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
ComboFix 09-08-22.06 - Sean 23/08/2009 2:24.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1493 [GMT 1:00]
Running from: c:\documents and settings\Sean\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Sean\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA189
-------\Legacy_XDVA223
-------\Legacy_XDVA248
-------\Service_XDva189
-------\Service_XDva223
-------\Service_XDva248


((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-21 20:54 . 2009-08-21 20:54 0 ----a-w- c:\documents and settings\Sean\settings.dat
2009-08-21 00:02 . 2009-08-21 00:02 -------- d-----w- c:\program files\ERUNT
2009-08-20 22:56 . 2009-08-20 22:56 -------- d-----w- c:\program files\Trend Micro
2009-08-20 22:48 . 2009-08-20 22:48 -------- d-----w- c:\documents and settings\Sean\DoctorWeb
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-08-20 15:54 . 2009-08-20 15:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-08-20 15:23 . 2009-08-20 15:23 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 14:47 . 2009-08-20 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-20 14:47 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 14:47 . 2009-08-20 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 00:29 . 2002-12-02 00:18 142848 ----a-w- c:\windows\gamedelete.exe
2009-08-13 01:42 . 2009-08-13 01:42 -------- d-----w- c:\windows\ServicePackFiles
2009-08-11 01:06 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY.users
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\program files\SogouInput
2009-08-11 01:05 . 2009-08-11 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\SogouPY
2009-08-11 00:54 . 2009-08-11 00:54 -------- d-----w- c:\program files\optic
2009-08-10 19:24 . 2009-08-10 19:24 1 ----a-w- c:\windows\AR.DAT
2009-08-10 18:45 . 2004-08-04 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-08-10 18:44 . 2004-08-04 12:00 36927 ----a-w- c:\windows\system32\dllcache\padrs411.dll
2009-08-10 18:01 . 2009-08-11 13:16 -------- d-----w- c:\program files\Microsoft Works
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-10 16:09 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-07 02:06 . 2009-08-07 02:07 -------- d-----w- C:\e793a28d994623889e46ab28e0089a61
2009-07-31 20:16 . 2009-07-31 22:27 -------- d-----w- c:\program files\Galaxy Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 14:54 . 2008-02-26 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-21 21:08 . 2007-07-07 21:55 -------- d-----w- c:\documents and settings\Sean\Application Data\BitTorrent
2009-08-21 21:08 . 2007-07-07 21:54 -------- d-----w- c:\program files\BitTorrent
2009-08-21 20:51 . 2008-05-08 15:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-21 01:44 . 2008-11-09 17:17 -------- d-----w- c:\documents and settings\Sean\Application Data\Skype
2009-08-19 23:44 . 2009-04-17 23:53 -------- d-----w- c:\program files\Zoom
2009-08-19 20:04 . 2008-11-09 17:19 -------- d-----w- c:\documents and settings\Sean\Application Data\skypePM
2009-08-14 01:37 . 2007-03-14 18:51 62296 ----a-w- c:\documents and settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 19:02 . 2008-03-27 20:07 52392 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 13:27 . 2008-10-13 20:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:21 . 2009-07-21 21:21 -------- d-----w- c:\program files\Lionhead Studios
2009-07-21 21:21 . 2007-03-14 19:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:19 . 2008-10-05 19:40 -------- d-----w- c:\program files\AIMTunes
2009-07-14 13:55 . 2007-11-23 14:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 19:54 . 2007-12-02 16:32 -------- d-----w- c:\program files\NoAdware5.0
2009-07-07 15:04 . 2008-12-02 16:37 -------- d-----w- c:\program files\EA GAMES
2009-07-07 01:44 . 2007-03-14 17:56 7040 ----a-w- c:\documents and settings\Sean\Application Data\wklnhst.dat
2009-07-01 23:05 . 2009-07-01 23:03 -------- d-----w- c:\program files\Google
2009-07-01 23:04 . 2007-07-14 22:12 -------- d-----w- c:\program files\DivX
2009-07-01 23:03 . 2009-07-01 23:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-29 16:12 . 2004-08-04 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-27 21:46 . 2009-06-27 21:46 -------- d-----w- c:\program files\gPotato.eu
2009-06-25 22:39 . 2009-06-25 22:27 -------- d-----w- c:\program files\Sim File Maid 2
2009-06-25 21:59 . 2008-12-24 23:47 -------- d-----w- c:\program files\SimPE
2009-06-25 20:13 . 2009-06-25 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-25 20:02 . 2007-03-19 20:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 19:44 . 2009-06-25 19:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-25 17:24 . 2009-06-25 16:52 -------- d-----w- c:\documents and settings\Sean\Application Data\gtk-2.0
2009-06-25 00:30 . 2009-06-25 00:21 -------- d-----w- c:\documents and settings\Sean\Application Data\MilkShape 3D 1.x.x
2009-06-25 00:29 . 2009-06-25 00:29 -------- d-----w- c:\program files\GIMP-2.0
2009-06-25 00:21 . 2009-06-25 00:09 -------- d-----w- c:\program files\MilkShape 3D 1.8.4
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:06 . 2007-03-13 21:37 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2007-03-14 18:55 . 2007-03-14 18:55 338 ----a-w- c:\program files\Shortcut to My Documents.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-02-24 1103216]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-03-21 90112]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"nodenable"="c:\program files\eset\nodenable.exe" [2008-09-23 326823]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-20 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-04-20 258048]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 936960]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe [2007-11-24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"14384:TCP"= 14384:TCP:*:Disabled:SolidNetworkManager
"14384:UDP"= 14384:UDP:*:Disabled:SolidNetworkManager
"58056:TCP"= 58056:TCP:Pando Media Booster
"58056:UDP"= 58056:UDP:Pando Media Booster

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19/03/2009 11:44 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13/01/2009 20:17 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S2 gupdate1c9faa0228a476e;Google Update Service (gupdate1c9faa0228a476e);c:\program files\Google\Update\GoogleUpdate.exe [02/07/2009 00:03 133104]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys --> c:\docume~1\Sean\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]

2009-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 23:03]

2009-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 23:03]

2009-08-23 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2009-08-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 02:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d8,f7,ef,71,83,3b,ad,86,57,0d,a1,b2,40,1e,91,0a,4f,28,05,9d,f1,37,e4,
14,1a,c4,a3,ee,0c,a2,c6,53,22,35,fb,2a,a1,fd,2e,e3,96,a0,c8,5e,83,ee,20,95,\
"??"=hex:a4,ee,4a,3b,4b,a3,71,34,58,d2,24,9c,da,5f,85,a2

[HKEY_USERS\S-1-5-21-329068152-152049171-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:89,4c,3b,87,e6,31,66,1e,1c,33,35,cd,4f,a6,f6,c5,93,c0,47,8b,8d,
74,4c,80,db,80,f2,a2,42,c7,da,3f,0d,a2,a5,99,9f,ca,b0,dd,3b,1d,d7,e9,aa,31,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,55,d4,b7,59,44,
69,58,08,e2,63,26,f1,3f,c8,ff,68,3a,73,bb,94,1c,ae,ff,8e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8d,75,0a,51,3e,
e0,50,0e,6a,9c,d6,61,af,45,84,18,8c,07,4f,db,21,48,ce,32,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,e7,03,b3,54,a2,
a2,6f,a6,ff,7c,85,e0,43,d4,0e,fe,33,6b,37,b7,62,9b,0d,87,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,3e,ca,40,20,d3,
97,2e,a9,86,8c,21,01,be,91,eb,e7,bf,88,df,68,5e,e3,29,fd,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d6,91,fd,ac,68,
89,e0,c6,f5,1d,4d,73,a8,13,5c,05,9a,4e,a2,bf,2b,6f,60,c8,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,03,06,4b,b6,f5,
0d,07,8c,df,20,58,62,78,6b,cf,c8,6b,7d,7a,61,c7,ba,9b,df,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7d,a5,b4,1e,93,
9d,6c,d5,fb,a7,78,e6,12,2f,9a,ea,43,12,9f,72,fc,0e,bc,29,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,9f,00,91,cc,76,
2f,ab,ed,01,3a,48,fc,e8,04,4a,f1,28,a5,48,48,d5,1d,e7,53,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,27,ef,32,f3,9d,
1a,0a,06,f6,0f,4e,58,98,5b,89,c9,22,50,fd,70,3d,ac,73,13,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,40,41,1c,b5,ce,
1d,3f,3f,3d,ce,ea,26,2d,45,aa,78,c8,b5,35,a5,99,4f,63,d9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,d8,3a,7c,d5,0a,
19,f0,1b,2a,b7,cc,b5,b9,7f,41,e7,9b,a8,b7,22,03,9c,bd,09,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,b3,b9,fa,3e,dd,
05,d6,4f,6c,43,2d,1e,aa,22,2f,9c,49,5e,02,d7,a1,0b,65,53,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\BT Broadband Desktop Help\bin\mpbtn.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-08-23 2:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 01:54
ComboFix2.txt 2009-08-22 15:32
ComboFix3.txt 2009-08-22 00:37

Pre-Run: 8,542,302,208 bytes free
Post-Run: 8,585,822,208 bytes free

330 --- E O F --- 2009-08-14 01:42


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:55:35, on 23/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Microsoft IME (Japanese) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173835372765
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9faa0228a476e) (gupdate1c9faa0228a476e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13524 bytes
 
Hi,

If you know what this is and use it than leave it be otherwise remove it with HJT
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab



RegCure <--Registry cleaners are not recommended, remove the wrong entries and you can severely damage your computer, if it removes not needed entries you will see no difference in system performance.



Lets update your Java to make your system more secure

Download the latest version Here save it, do not install it yet.

Java SE Runtime Environment (JRE)JRE 6 Update 15 <--The wording is confusing but this is what you need

  • Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
  • Reboot your computer
  • Install the latest version
You can verify the installation Here



The rest of your logs look fine, lets run an online virus scanner to make sure we got it all.

Please run this free online virus scanner from ESET
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=6278d20e83ee89429cfd3fe3fdc3cb31
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-08-23 06:02:45
# local_time=2009-08-23 07:02:45 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8201 21 100 100 87757656250
# scanned=184282
# found=0
# cleaned=0
# scan_time=8333
# nod_component=V3 Build:0x30000000
 
Great :bigthumb:

Your Operating System is badly outdated , you need to open IE and go to Tools> Windows Updates and download and install all critical updates including SP3 Service Pack 3 and Internet Explorer 8



RootRepeal <--Drag it to the trash

ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

RootRepeal <--Drag it to the trash

TFC <--Yours to keep, run it about once aweek to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • CF_Cleanup.png

  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Click to expand...


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.6
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Safe Surfn
Ken
 
You must log in or register to reply here.
Back
Top