Virtumonde and Smithfraud-c toolbar problems

W

werey

New member
hi... recently when I came scanned using spybot, there are two things that are really pesky in my system at the moment:

1. two files that are infected by virtumonde can't be deleted
2. the Smitfraud-c toolbar.888 thing keeps on reappearing.

I tried doing an online scan here: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx, but it's saying "service unavailable..."

here's the hijackThis! log:

Logfile of HijackThis v1.99.1
Scan saved at 8:43:31 PM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\vmwarruq.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Compal Electronics, INC\MediaOffice\MediaOffice.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Giganology\Gigaget\GigagetShell.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DesuBuddy\DesuBuddy.exe
C:\WINDOWS\system32\taskmgr1.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JUNE BENIDECT\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.dlsu.edu.ph/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Media Office] C:\Program Files\Compal Electronics, INC\MediaOffice\MediaOffice.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DesuBuddy] C:\Program Files\DesuBuddy\DesuBuddy.exe
O4 - HKLM\..\Run: [Microsoft System Service] taskmgr1.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\pniwtcuk.dll",realset
O4 - HKLM\..\RunServices: [Microsoft System Service] taskmgr1.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1182483029468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182482710750
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{263A94E7-891B-42D3-B9BE-D3CC299A14EF}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\vmwarruq.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe

I hope there is still something to be done about this... o.0;;
 
  • Go to Start > My Computer
  • Go to Tools > Folder Options
  • Click on the View tab
  • Untick the following:
    • Hide extensions for known file types
    • Hide protected operating system files (Recommended)
  • You will get a message warning you about showing protected operating system files, click Yes
  • Make sure this option is selected:
    • Show hidden files and folders
  • Click Apply and then click OK

Then please upload this file:

C:\windows\system32\taskmgr1.exe

To either jotti or virustotal, and copy and paste the results as a reply to this topic
 
here's are the results of the scan from http://virusscan.jotti.org/

Scan taken on 07 Jul 2007 13:22:52 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.1304064
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found DeepScan:Generic.Malware.G!SI!!FWX!!Bprng.D7805A87
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found W32/Generic!tr
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found Trj/DNSChanger.RV
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

this is a bad thing... right?
 
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 
here are the requested logs.. I'll be posting them on separate posts if you dont mind of course...

SDFix log


SDFix: Version 1.90

Run by JUNE BENIDECT on Sat 07/07/2007 at 09:47 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"="C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"="C:\\Program Files\\Macromedia\\Flash MX\\Flash.exe:*:Enabled:Flash 6.0 r25"
"C:\\WINDOWS\\system32\\vmwarruq.exe"="C:\\WINDOWS\\system32\\vmw"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Program Files\eRightSoft\SUPER\cygwin1.dll
C:\Program Files\eRightSoft\SUPER\cygz.dll
C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll
C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\msfDX.dll
C:\Program Files\eRightSoft\SUPER\Setup.exe
C:\WINDOWS\system32\taskmgr1.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\JUNE BENIDECT\My Documents\dlsu files\~WRL0004.tmp

Finished
 
ComboFix log

"JUNE BENIDECT" - 2007-07-07 22:06:54 - ComboFix 07-07-07.3 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dyyblqmf.dll
C:\WINDOWS\system32\fomkdyem.dll
C:\WINDOWS\system32\irlowpbg.dll
C:\WINDOWS\system32\pniwtcuk.dll
C:\WINDOWS\system32\xfmdrvjy.dll
C:\WINDOWS\system32\xsssrnka.dll
C:\WINDOWS\system32\ktbkrbwk.exe
C:\WINDOWS\system32\ktbwqykc.exe
C:\WINDOWS\system32\seylchiv.exe
C:\WINDOWS\system32\teakkskt.exe
C:\WINDOWS\system32\rqrqoon.dll
C:\WINDOWS\system32\fmqlbyyd.ini
C:\WINDOWS\system32\meydkmof.ini
C:\WINDOWS\system32\gbpwolri.ini
C:\WINDOWS\system32\kuctwinp.ini
C:\WINDOWS\system32\nqstv.bak1
C:\WINDOWS\system32\nqstv.bak2
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\nqstv.tmp
C:\WINDOWS\system32\yjvrdmfx.ini
C:\WINDOWS\system32\aknrsssx.ini
C:\WINDOWS\system32\nqstv.bak1
C:\WINDOWS\system32\nqstv.bak2
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\nqstv.bak1
C:\WINDOWS\system32\nqstv.bak2
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\efccdbb.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\ravmone.exe
C:\WINDOWS\temp\_istmpi.dir


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DNSCON
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETMANAGER
-------\dnscon
-------\DomainService
-------\NetManager


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 22:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 21:45 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-07 12:21 50,708 --a------ C:\WINDOWS\system32\wlevrmyw.exe
2007-07-06 10:14 50,708 --a------ C:\WINDOWS\system32\vmwarruq.exe
2007-07-06 08:51 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-07-06 08:50 <DIR> d-------- C:\Program Files\IVT Corporation
2007-07-06 08:14 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-07-06 08:14 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-07-06 08:14 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-07-06 08:14 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-07-06 08:14 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-07-06 08:14 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-07-06 08:13 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-07-06 08:13 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-07-05 20:28 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Comodo
2007-07-03 21:19 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-07-03 21:19 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-03 21:19 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-03 21:19 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-07-03 21:19 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-07-03 21:19 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-03 21:19 31,232 -rahs---- C:\WINDOWS\system32\msfDX.dll
2007-07-03 21:19 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-07-03 21:19 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-07-03 21:19 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-07-03 21:19 217,073 --a------ C:\WINDOWS\meta4.exe
2007-07-03 21:19 163,328 -rahs---- C:\WINDOWS\system32\flvDX.dll
2007-07-03 21:19 <DIR> d-------- C:\Program Files\eRightSoft
2007-07-03 21:19 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-06-29 20:10 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\AdobeUM
2007-06-29 10:57 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Comodo
2007-06-29 10:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-06-29 10:53 <DIR> d-------- C:\Program Files\Comodo
2007-06-28 23:04 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-27 12:47 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Ahead
2007-06-25 21:42 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-25 05:59 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\MEGAUPLOADTOOLBAR
2007-06-24 17:33 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-06-24 16:41 <DIR> d-------- C:\Program Files\DesuBuddy
2007-06-24 16:30 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-06-24 16:30 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\MegauploadToolbar
2007-06-24 16:14 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Azureus
2007-06-24 16:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-24 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-06-24 15:59 <DIR> d-------- C:\Program Files\Bonjour
2007-06-24 15:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-06-24 08:57 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-23 21:19 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Help
2007-06-23 18:58 <DIR> d-------- C:\Program Files\MSBuild
2007-06-23 18:54 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-06-23 18:53 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-06-23 18:52 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-06-23 17:17 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-06-23 17:01 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll
2007-06-23 17:01 <DIR> d-------- C:\Program Files\Giganology
2007-06-23 16:59 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\Shared
2007-06-23 16:59 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\Incomplete
2007-06-23 16:58 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\LimeWire
2007-06-23 16:31 <DIR> d-------- C:\Program Files\AnalogX
2007-06-23 16:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-06-23 16:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-06-23 16:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-23 16:10 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-23 16:06 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-23 15:49 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-06-23 15:30 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-06-23 15:30 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-06-23 15:30 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-06-23 14:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-06-23 12:27 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-23 11:41 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Yahoo!
2007-06-23 11:40 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Google
2007-06-23 10:37 90,496 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2007-06-23 10:37 <DIR> d-------- C:\Program Files\Realtek
2007-06-22 23:08 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Media Player Classic
2007-06-22 22:47 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Yahoo!
2007-06-22 22:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-22 21:35 109,568 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-22 21:35 108,544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-22 21:35 <DIR> d-------- C:\Program Files\DivX
2007-06-22 21:34 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-22 21:34 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-06-22 21:34 6,144 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-22 21:34 540,178 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-06-22 21:34 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
2007-06-22 21:34 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-06-22 21:34 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-22 21:34 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2007-06-22 21:34 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-06-22 21:34 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-22 21:34 157,696 --a------ C:\WINDOWS\system32\unrar.dll
2007-06-22 21:34 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-06-22 21:34 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-06-22 21:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-22 21:31 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-06-22 21:31 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-22 21:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-22 21:23 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-06-22 21:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-22 21:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2004-08-04 12:00:00 1,304,064 --sha-r C:\WINDOWS\system32\taskmgr1.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
2007-03-21 05:39 803864 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]
2006-01-09 15:01 86016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
2007-06-20 06:48 1936840 --a------ C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
2007-02-24 07:04 140840 --a------ C:\Program Files\Yahoo!\Search\YSearchSuggest.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-11-01 04:33 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-05-03 03:14 434279 --a------ C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-04-17 13:32 323904 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-20 12:24 2403392 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 23:28 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 00:43 C:\WINDOWS\ALCMTR.EXE]
"Media Office"="C:\Program Files\Compal Electronics" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 13:50 C:\WINDOWS\AGRSMMSG.exe]
"Smart Watch Dog"="-C:\Program Files\Compal Electronics" []
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2006-03-29 01:36]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 14:25]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 14:25]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 14:29]
"CASS"="C:\Program Files\Compal Electronics" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-22 07:09]
"Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 10:28]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 06:22]
"DesuBuddy"="C:\Program Files\DesuBuddy\DesuBuddy.exe" [2007-05-25 17:07]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-29 10:53]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 20:00 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-06-16 14:38]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1e-1ec1-11dc-a374-0019d232e170}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1f-1ec1-11dc-a374-0019d232e170}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ffdc91c-1e77-11dc-a373-0019d232e170}]
Auto\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b748aec-25fc-11dc-a3a2-0016d4a89b07}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b83a91-1ecf-11dc-a375-0019d232e170}]
Auto\command- sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f2f61c7-22a7-11dc-a38d-0016d4a89b07}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb437a33-29fc-11dc-a3b2-0016d4a89b07}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd336402-2b54-11dc-a3b8-0016d4a89b07}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf19f2aa-2438-11dc-a394-0016d4a89b07}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9168117-2a8d-11dc-a3b4-0016d4a89b07}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9168122-2a8d-11dc-a3b4-0016d4a89b07}]
AutoRun\command- New Folder.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f525ca78-2477-11dc-a396-0016d4a89b07}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f525ca79-2477-11dc-a396-0016d4a89b07}]
AutoRun\command- RootFolder.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f525ca7d-2477-11dc-a396-0016d4a89b07}]
AutoRun\command- E:\
explore\Command- RECYCLER\INFO.exe
open\Command- RECYCLER\INFO.exe


Contents of the 'Scheduled Tasks' folder
2007-07-07 14:17:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 22:15:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 22:17:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-07 22:17

--- E O F ---
 
HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 10:20:50 PM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Compal Electronics, INC\MediaOffice\MediaOffice.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Giganology\Gigaget\GigagetShell.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DesuBuddy\DesuBuddy.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\JUNE BENIDECT\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.dlsu.edu.ph/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Media Office] C:\Program Files\Compal Electronics, INC\MediaOffice\MediaOffice.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DesuBuddy] C:\Program Files\DesuBuddy\DesuBuddy.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1182483029468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182482710750
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{263A94E7-891B-42D3-B9BE-D3CC299A14EF}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe

what should I do next? also, is it okay if i could post other logs and do the next instructions tomorrow? because it's already nighttime here and I might get scolded if I stay up because of this... I hope you wont mind ofc... ^^;;
 
also, is it okay if i could post other logs and do the next instructions tomorrow?
Click to expand...

That's fine

Please download Flash_Disinfector.exe by sUBs and save it to your desktop:
  • Double-click Flash_Disinfector.exe to run it.
  • Follow any prompts that may appear.
  • Wait until the program has finished scanning, then please exit the program.
    The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.

Then rerun combofix and post the log, along with a new HijackThis log
 
okay then... here are the logs:

Combofix log:

"JUNE BENIDECT" - 2007-07-07 22:39:02 - ComboFix 07-07-07.3 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 22:37 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-07-07 22:37 <DIR> drahs---- C:\autorun.inf
2007-07-07 22:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 21:45 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-07 12:21 50,708 --a------ C:\WINDOWS\system32\wlevrmyw.exe
2007-07-06 10:14 50,708 --a------ C:\WINDOWS\system32\vmwarruq.exe
2007-07-06 08:51 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-07-06 08:50 <DIR> d-------- C:\Program Files\IVT Corporation
2007-07-06 08:14 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-07-06 08:14 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-07-06 08:14 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-07-06 08:14 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-07-06 08:14 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-07-06 08:14 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-07-06 08:13 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-07-06 08:13 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-07-05 20:28 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Comodo
2007-07-03 21:19 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-07-03 21:19 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-03 21:19 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-03 21:19 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-07-03 21:19 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-07-03 21:19 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-03 21:19 31,232 -rahs---- C:\WINDOWS\system32\msfDX.dll
2007-07-03 21:19 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-07-03 21:19 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-07-03 21:19 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-07-03 21:19 217,073 --a------ C:\WINDOWS\meta4.exe
2007-07-03 21:19 163,328 -rahs---- C:\WINDOWS\system32\flvDX.dll
2007-07-03 21:19 <DIR> d-------- C:\Program Files\eRightSoft
2007-07-03 21:19 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-06-29 20:10 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\AdobeUM
2007-06-29 10:57 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Comodo
2007-06-29 10:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-06-29 10:53 <DIR> d-------- C:\Program Files\Comodo
2007-06-28 23:04 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-27 12:47 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Ahead
2007-06-25 21:42 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-25 05:59 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\MEGAUPLOADTOOLBAR
2007-06-24 17:33 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-06-24 16:41 <DIR> d-------- C:\Program Files\DesuBuddy
2007-06-24 16:30 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-06-24 16:30 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\MegauploadToolbar
2007-06-24 16:14 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Azureus
2007-06-24 16:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-24 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-06-24 15:59 <DIR> d-------- C:\Program Files\Bonjour
2007-06-24 15:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-06-24 08:57 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-23 21:19 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Help
2007-06-23 18:58 <DIR> d-------- C:\Program Files\MSBuild
2007-06-23 18:54 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-06-23 18:53 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-06-23 18:52 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-06-23 17:17 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-06-23 17:01 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll
2007-06-23 17:01 <DIR> d-------- C:\Program Files\Giganology
2007-06-23 16:59 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\Shared
2007-06-23 16:59 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\Incomplete
2007-06-23 16:58 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\LimeWire
2007-06-23 16:31 <DIR> d-------- C:\Program Files\AnalogX
2007-06-23 16:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-06-23 16:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-06-23 16:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-23 16:10 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-23 16:06 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-23 15:49 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-06-23 15:30 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-06-23 15:30 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-06-23 15:30 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-06-23 14:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-06-23 12:27 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-23 11:41 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Yahoo!
2007-06-23 11:40 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Google
2007-06-23 10:37 90,496 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2007-06-23 10:37 <DIR> d-------- C:\Program Files\Realtek
2007-06-22 23:08 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Media Player Classic
2007-06-22 22:47 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Yahoo!
2007-06-22 22:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-22 21:35 109,568 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-22 21:35 108,544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-22 21:35 <DIR> d-------- C:\Program Files\DivX
2007-06-22 21:34 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-22 21:34 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-06-22 21:34 6,144 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-22 21:34 540,178 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-06-22 21:34 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
2007-06-22 21:34 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-06-22 21:34 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-22 21:34 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2007-06-22 21:34 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-06-22 21:34 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-22 21:34 157,696 --a------ C:\WINDOWS\system32\unrar.dll
2007-06-22 21:34 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-06-22 21:34 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-06-22 21:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-22 21:31 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-06-22 21:31 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-22 21:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-22 21:23 221,184 --a------ C:\WINDOWS\system32\wmpns.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2004-08-04 12:00:00 1,304,064 --sha-r C:\WINDOWS\system32\taskmgr1.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
2007-03-21 05:39 803864 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]
2006-01-09 15:01 86016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
2007-06-20 06:48 1936840 --a------ C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
2007-02-24 07:04 140840 --a------ C:\Program Files\Yahoo!\Search\YSearchSuggest.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-11-01 04:33 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-05-03 03:14 434279 --a------ C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-04-17 13:32 323904 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-20 12:24 2403392 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 23:28 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 00:43 C:\WINDOWS\ALCMTR.EXE]
"Media Office"="C:\Program Files\Compal Electronics" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 13:50 C:\WINDOWS\AGRSMMSG.exe]
"Smart Watch Dog"="-C:\Program Files\Compal Electronics" []
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2006-03-29 01:36]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 14:25]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 14:25]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 14:29]
"CASS"="C:\Program Files\Compal Electronics" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-22 07:09]
"Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 10:28]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 06:22]
"DesuBuddy"="C:\Program Files\DesuBuddy\DesuBuddy.exe" [2007-05-25 17:07]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-29 10:53]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 20:00 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-06-16 14:38]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1e-1ec1-11dc-a374-0019d232e170}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1f-1ec1-11dc-a374-0019d232e170}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ffdc91c-1e77-11dc-a373-0019d232e170}]
Auto\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b748aec-25fc-11dc-a3a2-0016d4a89b07}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b83a91-1ecf-11dc-a375-0019d232e170}]
Auto\command- sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f2f61c7-22a7-11dc-a38d-0016d4a89b07}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb437a33-29fc-11dc-a3b2-0016d4a89b07}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd336402-2b54-11dc-a3b8-0016d4a89b07}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf19f2aa-2438-11dc-a394-0016d4a89b07}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9168117-2a8d-11dc-a3b4-0016d4a89b07}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9168122-2a8d-11dc-a3b4-0016d4a89b07}]
AutoRun\command- New Folder.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f525ca78-2477-11dc-a396-0016d4a89b07}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f525ca79-2477-11dc-a396-0016d4a89b07}]
AutoRun\command- RootFolder.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f525ca7d-2477-11dc-a396-0016d4a89b07}]
AutoRun\command- E:\
explore\Command- RECYCLER\INFO.exe
open\Command- RECYCLER\INFO.exe

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-07-07 14:37:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 22:41:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 22:42:20
C:\ComboFix-quarantined-files.txt ... 2007-07-07 22:42
C:\ComboFix2.txt ... 2007-07-07 22:17

--- E O F ---
 
HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 10:45:41 PM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Compal Electronics, INC\MediaOffice\MediaOffice.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DesuBuddy\DesuBuddy.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JUNE BENIDECT\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.dlsu.edu.ph/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Media Office] C:\Program Files\Compal Electronics, INC\MediaOffice\MediaOffice.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DesuBuddy] C:\Program Files\DesuBuddy\DesuBuddy.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1182483029468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182482710750
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{263A94E7-891B-42D3-B9BE-D3CC299A14EF}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe

also, combofix didnt restart the pc after the scan. is that normal?
 
  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    Code: 
    File::
C:\WINDOWS\system32\wlevrmyw.exe
C:\WINDOWS\system32\vmwarruq.exe
C:\WINDOWS\system32\taskmgr1.exe
C:\WINDOWS\system32\EXPLORER.EXE
C:\WINDOWS\system32\FS6519.dll.vbs
C:\WINDOWS\system32\RavMonE.exe
C:\WINDOWS\system32\RootFolder.com
E:\RECYCLER\INFO.exe
C:\RECYCLER\INFO.exe


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ffdc91c-1e77-11dc-a373-0019d232e170}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b748aec-25fc-11dc-a3a2-0016d4a89b07}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b83a91-1ecf-11dc-a375-0019d232e170}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f2f61c7-22a7-11dc-a38d-0016d4a89b07}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb437a33-29fc-11dc-a3b2-0016d4a89b07}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd336402-2b54-11dc-a3b8-0016d4a89b07}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf19f2aa-2438-11dc-a394-0016d4a89b07}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9168117-2a8d-11dc-a3b4-0016d4a89b07}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9168122-2a8d-11dc-a3b4-0016d4a89b07}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f525ca78-2477-11dc-a396-0016d4a89b07}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f525ca79-2477-11dc-a396-0016d4a89b07}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f525ca7d-2477-11dc-a396-0016d4a89b07}]
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as ComboFix-Do.txt
  • Now drag and drop ComboFix-Do.txt onto combofix.exe as in the picture below and follow the prompts:
    Combo-Do.gif
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 
here are the logs.

ComboFix log:

"JUNE BENIDECT" - 2007-07-07 23:04:20 - ComboFix 07-07-07.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\JUNE BENIDECT\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskmgr1.exe
C:\WINDOWS\system32\vmwarruq.exe
C:\WINDOWS\system32\wlevrmyw.exe


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 22:37 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-07-07 22:37 <DIR> drahs---- C:\autorun.inf
2007-07-07 22:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 21:45 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-06 08:51 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-07-06 08:50 <DIR> d-------- C:\Program Files\IVT Corporation
2007-07-06 08:14 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-07-06 08:14 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-07-06 08:14 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-07-06 08:14 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-07-06 08:14 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-07-06 08:14 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-07-06 08:13 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-07-06 08:13 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-07-05 20:28 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Comodo
2007-07-03 21:19 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-07-03 21:19 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-03 21:19 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-03 21:19 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-07-03 21:19 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-07-03 21:19 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-03 21:19 31,232 -rahs---- C:\WINDOWS\system32\msfDX.dll
2007-07-03 21:19 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-07-03 21:19 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-07-03 21:19 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-07-03 21:19 217,073 --a------ C:\WINDOWS\meta4.exe
2007-07-03 21:19 163,328 -rahs---- C:\WINDOWS\system32\flvDX.dll
2007-07-03 21:19 <DIR> d-------- C:\Program Files\eRightSoft
2007-07-03 21:19 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-06-29 20:10 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\AdobeUM
2007-06-29 10:57 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Comodo
2007-06-29 10:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-06-29 10:53 <DIR> d-------- C:\Program Files\Comodo
2007-06-28 23:04 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-27 12:47 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Ahead
2007-06-25 21:42 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-25 05:59 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\MEGAUPLOADTOOLBAR
2007-06-24 17:33 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-06-24 16:41 <DIR> d-------- C:\Program Files\DesuBuddy
2007-06-24 16:30 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-06-24 16:30 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\MegauploadToolbar
2007-06-24 16:14 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Azureus
2007-06-24 16:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-24 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-06-24 15:59 <DIR> d-------- C:\Program Files\Bonjour
2007-06-24 15:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-06-24 08:57 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-23 21:19 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Help
2007-06-23 18:58 <DIR> d-------- C:\Program Files\MSBuild
2007-06-23 18:54 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-06-23 18:53 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-06-23 18:52 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-06-23 17:17 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-06-23 17:01 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll
2007-06-23 17:01 <DIR> d-------- C:\Program Files\Giganology
2007-06-23 16:59 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\Shared
2007-06-23 16:59 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\Incomplete
2007-06-23 16:58 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\LimeWire
2007-06-23 16:31 <DIR> d-------- C:\Program Files\AnalogX
2007-06-23 16:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-06-23 16:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-06-23 16:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-23 16:10 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-23 16:06 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-23 15:49 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-06-23 15:30 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-06-23 15:30 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-06-23 15:30 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-06-23 14:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-06-23 12:27 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-23 11:41 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Yahoo!
2007-06-23 11:40 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Google
2007-06-23 10:37 90,496 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2007-06-23 10:37 <DIR> d-------- C:\Program Files\Realtek
2007-06-22 23:08 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Media Player Classic
2007-06-22 22:47 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Yahoo!
2007-06-22 22:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-22 21:35 109,568 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-22 21:35 108,544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-22 21:35 <DIR> d-------- C:\Program Files\DivX
2007-06-22 21:34 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-22 21:34 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-06-22 21:34 6,144 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-22 21:34 540,178 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-06-22 21:34 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
2007-06-22 21:34 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-06-22 21:34 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-22 21:34 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2007-06-22 21:34 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-06-22 21:34 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-22 21:34 157,696 --a------ C:\WINDOWS\system32\unrar.dll
2007-06-22 21:34 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-06-22 21:34 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-06-22 21:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-22 21:31 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-06-22 21:31 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-22 21:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-22 21:23 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-06-22 21:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-22 21:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
2007-03-21 05:39 803864 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]
2006-01-09 15:01 86016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
2007-06-20 06:48 1936840 --a------ C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
2007-02-24 07:04 140840 --a------ C:\Program Files\Yahoo!\Search\YSearchSuggest.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-11-01 04:33 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-05-03 03:14 434279 --a------ C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-04-17 13:32 323904 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-20 12:24 2403392 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 23:28 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 00:43 C:\WINDOWS\ALCMTR.EXE]
"Media Office"="C:\Program Files\Compal Electronics" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 13:50 C:\WINDOWS\AGRSMMSG.exe]
"Smart Watch Dog"="-C:\Program Files\Compal Electronics" []
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2006-03-29 01:36]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 14:25]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 14:25]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 14:29]
"CASS"="C:\Program Files\Compal Electronics" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-22 07:09]
"Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 10:28]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 06:22]
"DesuBuddy"="C:\Program Files\DesuBuddy\DesuBuddy.exe" [2007-05-25 17:07]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-29 10:53]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 20:00 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-06-16 14:38]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1e-1ec1-11dc-a374-0019d232e170}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1f-1ec1-11dc-a374-0019d232e170}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-07-07 15:02:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 23:06:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 23:06:38
C:\ComboFix-quarantined-files.txt ... 2007-07-07 23:06
C:\ComboFix2.txt ... 2007-07-07 22:42
C:\ComboFix3.txt ... 2007-07-07 22:17

--- E O F ---
 
HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:07:28 PM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Compal Electronics, INC\MediaOffice\MediaOffice.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DesuBuddy\DesuBuddy.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\JUNE BENIDECT\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.dlsu.edu.ph/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Media Office] C:\Program Files\Compal Electronics, INC\MediaOffice\MediaOffice.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DesuBuddy] C:\Program Files\DesuBuddy\DesuBuddy.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1182483029468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182482710750
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{263A94E7-891B-42D3-B9BE-D3CC299A14EF}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
 
Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is turned off.

regedit /e reglook.txt "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1e-1ec1-11dc-a374-0019d232e170}"
notepad.exe reglook.txt
Click to expand...

Save it to your Desktop as search.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: search.bat

Locate search.bat on your Desktop and double-click it. A DOS window will open briefly and then close, this is normal

Once it has finished, a notepad window will open, copy and paste its contents as a reply to this topic
 
here's the contents

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1e-1ec1-11dc-a374-0019d232e170}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,09,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1e-1ec1-11dc-a374-0019d232e170}\Shell]
@="AutoRun"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1e-1ec1-11dc-a374-0019d232e170}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1e-1ec1-11dc-a374-0019d232e170}\Shell\AutoRun\command]
@="E:\\LaunchU3.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1e-1ec1-11dc-a374-0019d232e170}\_Autorun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1e-1ec1-11dc-a374-0019d232e170}\_Autorun\DefaultIcon]
@="E:\\LaunchU3.exe,0"
 
  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    Code: 
    Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1f-1ec1-11dc-a374-0019d232e170}]
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as ComboFix-Do.txt
  • Now drag and drop ComboFix-Do.txt onto combofix.exe as in the picture below and follow the prompts:
    Combo-Do.gif
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 
here are the logs:

ComboFix log:

"JUNE BENIDECT" - 2007-07-07 23:38:16 - ComboFix 07-07-07.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\JUNE BENIDECT\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 22:37 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-07-07 22:37 <DIR> drahs---- C:\autorun.inf
2007-07-07 22:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 21:45 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-06 08:51 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-07-06 08:50 <DIR> d-------- C:\Program Files\IVT Corporation
2007-07-06 08:14 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-07-06 08:14 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-07-06 08:14 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-07-06 08:14 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-07-06 08:14 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-07-06 08:14 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-07-06 08:13 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-07-06 08:13 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-07-05 20:28 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Comodo
2007-07-03 21:19 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-07-03 21:19 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-03 21:19 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-03 21:19 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-07-03 21:19 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-07-03 21:19 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-03 21:19 31,232 -rahs---- C:\WINDOWS\system32\msfDX.dll
2007-07-03 21:19 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-07-03 21:19 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-07-03 21:19 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-07-03 21:19 217,073 --a------ C:\WINDOWS\meta4.exe
2007-07-03 21:19 163,328 -rahs---- C:\WINDOWS\system32\flvDX.dll
2007-07-03 21:19 <DIR> d-------- C:\Program Files\eRightSoft
2007-07-03 21:19 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-06-29 20:10 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\AdobeUM
2007-06-29 10:57 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Comodo
2007-06-29 10:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-06-29 10:53 <DIR> d-------- C:\Program Files\Comodo
2007-06-28 23:04 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-27 12:47 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Ahead
2007-06-25 21:42 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-25 05:59 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\MEGAUPLOADTOOLBAR
2007-06-24 17:33 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-06-24 16:41 <DIR> d-------- C:\Program Files\DesuBuddy
2007-06-24 16:30 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-06-24 16:30 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\MegauploadToolbar
2007-06-24 16:14 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Azureus
2007-06-24 16:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-24 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-06-24 15:59 <DIR> d-------- C:\Program Files\Bonjour
2007-06-24 15:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-06-24 08:57 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-23 21:19 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Help
2007-06-23 18:58 <DIR> d-------- C:\Program Files\MSBuild
2007-06-23 18:54 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-06-23 18:53 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-06-23 18:52 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-06-23 17:17 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-06-23 17:01 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll
2007-06-23 17:01 <DIR> d-------- C:\Program Files\Giganology
2007-06-23 16:59 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\Shared
2007-06-23 16:59 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\Incomplete
2007-06-23 16:58 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\LimeWire
2007-06-23 16:31 <DIR> d-------- C:\Program Files\AnalogX
2007-06-23 16:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-06-23 16:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-06-23 16:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-23 16:10 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-23 16:06 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-23 15:49 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-06-23 15:30 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-06-23 15:30 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-06-23 15:30 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-06-23 14:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-06-23 12:27 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-23 11:41 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Yahoo!
2007-06-23 11:40 <DIR> d-------- C:\DOCUME~1\ELIASP~1\APPLIC~1\Google
2007-06-23 10:37 90,496 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2007-06-23 10:37 <DIR> d-------- C:\Program Files\Realtek
2007-06-22 23:08 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Media Player Classic
2007-06-22 22:47 <DIR> d-------- C:\DOCUME~1\JUNEBE~1\APPLIC~1\Yahoo!
2007-06-22 22:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-22 21:35 109,568 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-22 21:35 108,544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-22 21:35 <DIR> d-------- C:\Program Files\DivX
2007-06-22 21:34 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-22 21:34 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-06-22 21:34 6,144 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-22 21:34 540,178 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-06-22 21:34 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
2007-06-22 21:34 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-06-22 21:34 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-22 21:34 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2007-06-22 21:34 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-06-22 21:34 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-22 21:34 157,696 --a------ C:\WINDOWS\system32\unrar.dll
2007-06-22 21:34 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-06-22 21:34 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-06-22 21:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-22 21:31 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-06-22 21:31 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-22 21:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-22 21:23 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-06-22 21:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-22 21:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
2007-03-21 05:39 803864 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]
2006-01-09 15:01 86016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
2007-06-20 06:48 1936840 --a------ C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
2007-02-24 07:04 140840 --a------ C:\Program Files\Yahoo!\Search\YSearchSuggest.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-11-01 04:33 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-05-03 03:14 434279 --a------ C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-04-17 13:32 323904 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-20 12:24 2403392 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 23:28 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 00:43 C:\WINDOWS\ALCMTR.EXE]
"Media Office"="C:\Program Files\Compal Electronics" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 13:50 C:\WINDOWS\AGRSMMSG.exe]
"Smart Watch Dog"="-C:\Program Files\Compal Electronics" []
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2006-03-29 01:36]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 14:25]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 14:25]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 14:29]
"CASS"="C:\Program Files\Compal Electronics" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-22 07:09]
"Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 10:28]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 06:22]
"DesuBuddy"="C:\Program Files\DesuBuddy\DesuBuddy.exe" [2007-05-25 17:07]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-29 10:53]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 20:00 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-06-16 14:38]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18630a1e-1ec1-11dc-a374-0019d232e170}]
AutoRun\command- E:\LaunchU3.exe

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-07-07 15:37:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 23:40:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 23:41:01
C:\ComboFix-quarantined-files.txt ... 2007-07-07 23:40
C:\ComboFix2.txt ... 2007-07-07 23:06
C:\ComboFix3.txt ... 2007-07-07 22:42

--- E O F ---
 
HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:41:38 PM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Compal Electronics, INC\MediaOffice\MediaOffice.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DesuBuddy\DesuBuddy.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\JUNE BENIDECT\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.dlsu.edu.ph/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Media Office] C:\Program Files\Compal Electronics, INC\MediaOffice\MediaOffice.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DesuBuddy] C:\Program Files\DesuBuddy\DesuBuddy.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1182483029468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182482710750
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{263A94E7-891B-42D3-B9BE-D3CC299A14EF}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
 
Looks like you're nearly clean

Go here to run an online scannner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the Kaspersky log and a new HijackThis log

Also, do you recognize this?

O4 - HKLM\..\Run: [DesuBuddy] C:\Program Files\DesuBuddy\DesuBuddy.exe
 
random/random said:
Also, do you recognize this?

O4 - HKLM\..\Run: [DesuBuddy] C:\Program Files\DesuBuddy\DesuBuddy.exe
Click to expand...

oh that's just the desktop buddy I installed a couple of weeks ago... Scanned it several times before, I see no problem there...

I'll just post the log after the scan finishes... It just started, so I think it might take a while...
 
You must log in or register to reply here.
Back
Top