win32.agent.frl

Hi

Then I suggest that you perform system restore to latest restore point and post back a fresh HijackThis log after that.
 
Hello,

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:15, on 2008-07-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214966512421
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{404FFF98-13CD-4E41-A886-9F02A6F4F01E}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX?- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8231 bytes
 
Hello,

ComboFix 08-07-21.2 - User 2008-07-26 2:40:01.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.541 [GMT 8:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-24 19:02 . 2008-07-25 04:11 <DIR> d--hs---- C:\RECYCLER(2)
2008-07-24 03:17 . 2008-07-24 03:17 250 --a------ C:\WINDOWS\gmer.ini
2008-07-23 19:48 . 2008-07-23 19:48 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\BitDefender
2008-07-23 08:41 . 2008-07-23 08:41 <DIR> d-------- C:\YoutubeGet
2008-07-22 17:01 . 2008-07-22 17:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\Sony
2008-07-22 17:01 . 2008-07-22 17:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\Publish Providers
2008-07-22 16:57 . 2008-07-22 16:57 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-22 16:57 . 2008-07-22 16:57 <DIR> d-------- C:\Program Files\Sony
2008-07-22 16:57 . 2008-07-22 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-22 16:56 . 2008-07-22 16:56 <DIR> d-------- C:\Program Files\Sony Setup
2008-07-22 04:43 . 2008-07-22 04:43 <DIR> d-------- C:\Program Files\BitDefender
2008-07-22 04:43 . 2008-07-22 04:43 <DIR> d-------- C:\Documents and Settings\User\Application Data\BitDefender
2008-07-22 04:43 . 2008-07-22 04:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-20 11:40 . 2008-07-20 11:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 10:00 . 2008-07-22 02:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-20 10:00 . 2008-07-22 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 09:58 . 2008-07-18 19:50 117,757 -rahs---- C:\ivcvknr.bat
2008-07-20 08:54 . 2008-07-20 08:57 <DIR> d-------- C:\Program Files\Total Video Converter
2008-07-20 08:54 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-07-19 02:48 . 2008-07-19 02:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\Media Player Classic
2008-07-19 02:35 . 2008-07-19 02:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Storm
2008-07-19 02:34 . 2008-07-19 02:34 <DIR> d-------- C:\Documents and Settings\User\Application Data\Application Data
2008-07-18 20:35 . 2008-07-18 20:35 268 --ah----- C:\sqmdata09.sqm
2008-07-18 20:35 . 2008-07-18 20:35 244 --ah----- C:\sqmnoopt09.sqm
2008-07-18 20:26 . 2008-07-18 20:28 <DIR> d-------- C:\Program Files\Chessmaster 10th Edition
2008-07-18 20:14 . 2008-07-18 20:22 <DIR> d-------- C:\Program Files\Wan Mei Online
2008-07-18 19:47 . 2008-07-18 19:47 268 --ah----- C:\sqmdata08.sqm
2008-07-18 19:47 . 2008-07-18 19:47 244 --ah----- C:\sqmnoopt08.sqm
2008-07-18 18:33 . 2008-07-18 19:10 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-18 18:14 . 2008-07-26 02:43 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-18 18:12 . 2008-07-18 18:12 268 --ah----- C:\sqmdata07.sqm
2008-07-18 18:12 . 2008-07-18 18:12 244 --ah----- C:\sqmnoopt07.sqm
2008-07-18 01:48 . 2008-07-18 01:48 268 --ah----- C:\sqmdata06.sqm
2008-07-18 01:48 . 2008-07-18 01:48 244 --ah----- C:\sqmnoopt06.sqm
2008-07-18 01:03 . 2008-07-18 01:03 268 --ah----- C:\sqmdata05.sqm
2008-07-18 01:03 . 2008-07-18 01:03 244 --ah----- C:\sqmnoopt05.sqm
2008-07-18 00:53 . 2008-07-18 00:53 268 --ah----- C:\sqmdata04.sqm
2008-07-18 00:53 . 2008-07-18 00:53 244 --ah----- C:\sqmnoopt04.sqm
2008-07-18 00:24 . 2008-07-18 00:24 268 --ah----- C:\sqmdata03.sqm
2008-07-18 00:24 . 2008-07-18 00:24 244 --ah----- C:\sqmnoopt03.sqm
2008-07-18 00:24 . 2008-07-26 02:39 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-18 00:20 . 2008-07-18 00:21 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-18 00:12 . 2008-07-18 00:12 268 --ah----- C:\sqmdata02.sqm
2008-07-18 00:12 . 2008-07-18 00:12 244 --ah----- C:\sqmnoopt02.sqm
2008-07-17 20:03 . 2008-07-17 20:03 268 --ah----- C:\sqmdata01.sqm
2008-07-17 20:03 . 2008-07-17 20:03 244 --ah----- C:\sqmnoopt01.sqm
2008-07-17 10:18 . 2008-07-17 10:18 268 --ah----- C:\sqmdata00.sqm
2008-07-17 10:18 . 2008-07-17 10:18 244 --ah----- C:\sqmnoopt00.sqm
2008-07-09 01:01 . 2008-07-09 01:01 <DIR> d-------- C:\Program Files\Makayama Interactive
2008-07-09 01:01 . 2004-02-06 03:53 389,120 --------- C:\WINDOWS\system32\actskn43.ocx
2008-07-09 01:01 . 2004-11-01 19:38 57,344 --------- C:\WINDOWS\system32\XButton.ocx
2008-07-08 15:12 . 2003-08-11 10:07 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-07-08 15:05 . 2008-07-08 15:05 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-07-08 03:18 . 2008-07-25 04:12 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 03:01 . 2008-07-08 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-07 02:11 . 2008-07-07 02:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-07-07 02:11 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-07-07 02:11 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-07-07 02:11 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-07-07 02:11 . 2003-04-18 15:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-07-07 02:11 . 2003-04-18 15:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-07-07 02:10 . 2008-07-07 02:15 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-07-07 02:09 . 2008-07-07 02:14 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-07-07 02:09 . 2008-07-07 02:11 <DIR> d-------- C:\Program Files\MAGIX
2008-07-07 02:09 . 2002-09-20 23:33 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-07-07 02:09 . 2007-02-07 10:53 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-07-07 02:09 . 1998-10-15 16:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-07-07 02:09 . 1999-01-28 13:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-07-07 02:09 . 2008-07-07 02:15 5,817 --a------ C:\WINDOWS\mgxoschk.ini
2008-07-06 19:50 . 2008-07-06 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-07-06 15:05 . 2008-07-06 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-06 15:04 . 2008-07-20 01:13 <DIR> d-------- C:\Program Files\CyberLink
2008-07-06 14:22 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-06 14:22 . 2008-07-06 14:22 376 --a------ C:\WINDOWS\ODBC.INI
2008-07-06 14:20 . 2008-07-06 14:20 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-06 14:20 . 2008-07-06 14:20 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-07-06 14:19 . 2008-07-06 14:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-06 14:19 . 2008-07-20 10:01 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-06 14:17 . 2008-07-06 14:17 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-06 14:02 . 2008-07-06 14:02 <DIR> dr-h----- C:\MSOCache
2008-07-06 13:52 . 2008-07-25 21:07 842 --a------ C:\WINDOWS\wininit.ini
2008-07-05 18:05 . 2008-07-22 03:42 <DIR> d-------- C:\Downloads
2008-07-05 17:09 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-07-05 15:20 . 2008-07-05 15:20 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-05 15:20 . 2004-08-17 08:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-07-05 15:04 . 2008-07-05 15:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-05 15:04 . 2008-07-05 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-05 14:55 . 2008-07-05 14:55 <DIR> d-------- C:\Program Files\Macromedia
2008-07-05 14:55 . 2008-07-05 14:57 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-07-05 14:54 . 2008-07-05 14:54 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-05 14:43 . 2008-07-05 14:43 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-07-03 21:55 . 2008-07-03 21:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-03 21:53 . 2008-07-03 21:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-03 21:53 . 2008-07-03 21:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-03 17:46 . 2008-07-25 04:12 <DIR> d-------- C:\Documents and Settings\Guest
2008-07-03 13:33 . 2008-07-13 08:23 <DIR> d-------- C:\Program Files\Xfire
2008-07-03 13:33 . 2008-07-22 04:07 <DIR> d-------- C:\Documents and Settings\User\Application Data\Xfire
2008-07-03 13:04 . 2008-04-23 12:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-03 13:04 . 2007-04-17 17:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-03 13:04 . 2007-03-08 13:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-03 13:04 . 2008-04-23 12:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-03 13:04 . 2008-04-23 12:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-03 13:04 . 2008-04-23 12:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-03 13:04 . 2008-04-23 12:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-03 13:04 . 2008-04-23 12:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-03 13:04 . 2008-04-22 15:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-03 12:16 . 2008-07-23 08:45 <DIR> d-------- C:\Program Files\IrfanView
2008-07-03 12:13 . 2008-07-03 12:13 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-03 12:12 . 2008-07-03 12:12 <DIR> d-------- C:\Program Files\Real
2008-07-03 11:43 . 2008-04-14 08:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-03 11:43 . 2008-04-14 08:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-03 06:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-03 06:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-03 06:53 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-02 12:21 . 2008-05-08 22:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-02 11:54 . 2008-07-02 11:54 <DIR> d-------- C:\Documents and Settings\User\Contacts
2008-07-02 11:47 . 2008-07-02 11:48 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-02 11:46 . 2008-07-02 11:52 <DIR> d-------- C:\Program Files\Windows Live
2008-07-02 11:46 . 2008-07-03 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-02 11:45 . 2008-06-13 19:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-02 11:43 . 2008-04-14 08:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\l2schemas

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 16:04 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-07-09 16:01 --------- d-----w C:\Documents and Settings\User\Application Data\skypePM
2008-07-06 07:22 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-06 07:22 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-06 07:22 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-06 07:22 158,456 ------w C:\WINDOWS\system32\pxwma.dll
2008-07-03 16:56 --------- d-----w C:\Program Files\TTPlayer
2008-06-30 12:58 --------- d-----w C:\Program Files\Intel
2008-06-30 12:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 08:16 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2000-07-01 17:19 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot_2008-07-23_ 6.35.47.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-23 19:17:25 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 13:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
+ 2008-07-24 10:33:57 2,998,272 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-07-23 19:17:25 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
- 2008-07-22 08:05:40 58,998 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-23 11:51:28 58,998 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-22 08:05:41 392,864 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-23 11:51:28 392,864 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-24 20:12:20 265,440 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 12:51 155648]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 12:51 135168]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2007-05-21 18:27 208952]
"IMSCMIG40W"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE" [2006-03-20 16:10 25600]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 12:51 131072]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32 455168]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32 455168]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 02:30 97357]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-21 09:54 185896]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 15:41 86016]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 15:55 222504]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R2 Stormser;Stormser;C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe [2008-06-20 12:35]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 16:16]
S3 0d158c78abbefe9d;0d158c78abbefe9d;C:\0d158c78abbefe9d.dat []
S3 35c3ea389b9c8b56;35c3ea389b9c8b56;C:\35c3ea389b9c8b56.dat []
S3 6a7d1228429364ec;6a7d1228429364ec;C:\6a7d1228429364ec.dat []
S3 85f4e6c0c5a97d92;85f4e6c0c5a97d92;C:\85f4e6c0c5a97d92.dat []
S3 ff6a208451de7472;ff6a208451de7472;C:\ff6a208451de7472.dat []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 Ptserli;PCTEL Serial Device Driver for INTEL;C:\WINDOWS\system32\DRIVERS\ptserli.sys [2001-08-17 13:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bec7ee0-5675-11dd-a472-001eec190b54}]
\Shell\AutoRun\command - G:\m.exe
\Shell\explore\Command - G:\m.exe
\Shell\open\Command - G:\m.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bec7ee1-5675-11dd-a472-001eec190b54}]
\Shell\AutoRun\command - H:\ivcvknr.bat
\Shell\explore\Command - H:\ivcvknr.bat
\Shell\open\Command - H:\ivcvknr.bat
.
Contents of the 'Scheduled Tasks' folder
"2008-07-25 18:38:22 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-21 19:08:20 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.com
R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{404FFF98-13CD-4E41-A886-9F02A6F4F01E}: NameServer = 202.188.0.133,202.188.1.5


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 02:43:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0d158c78abbefe9d]
"ImagePath"="\??\C:\0d158c78abbefe9d.dat"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\35c3ea389b9c8b56]
"ImagePath"="\??\C:\35c3ea389b9c8b56.dat"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\6a7d1228429364ec]
"ImagePath"="\??\C:\6a7d1228429364ec.dat"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\85f4e6c0c5a97d92]
"ImagePath"="\??\C:\85f4e6c0c5a97d92.dat"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ff6a208451de7472]
"ImagePath"="\??\C:\ff6a208451de7472.dat"
.
Completion time: 2008-07-26 2:45:14
ComboFix-quarantined-files.txt 2008-07-25 18:45:07
ComboFix2.txt 2008-07-24 11:01:37
ComboFix3.txt 2008-07-22 22:36:34

Pre-Run: 44,915,859,456 bytes free
Post-Run: 44,903,604,224 bytes free

272 --- E O F --- 2008-07-20 09:28:00
 
Hi

Please click this link-->Jotti

Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\0d158c78abbefe9d.dat

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
 
Hello,

0.jpg


I already off the firewall.
 
Hello,

Ok, i already turn on it back.

No, the file is not exist.

I got run few scan using Spybot and kaspersky, why Spybot can't detect any virus/malware but Kaspersky can detect it.
 
Hi

Different programs find different things. No program can find all malware.

Go to Start > Run
Type regedit and click OK.

  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
    • Leave the "Save As Type" as "Registration Files".
    • Under "Filename" put backup
  • Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
  • Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.

Code: 
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bec7ee0-5675-11dd-a472-001eec190b54}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bec7ee1-5675-11dd-a472-001eec190b54}]

Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this ->
reg.gif


Go to Desktop, double-click fix.reg and merge the infomation with the registry.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot.

Re-run combofix normally.

Post back fresh combofix log and fresh HijackThis log.
 
Hello,

I see, thanks.

Done.

ComboFix Log
ComboFix 08-07-25.4 - User 2008-07-26 18:08:24.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.565 [GMT 8:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.

2008-07-26 17:58 . 2008-07-26 17:58 89,013,816 --a------ C:\backup.reg
2008-07-26 11:16 . 2008-07-26 11:16 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-26 11:16 . 2008-07-26 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-26 11:16 . 2008-07-26 18:16 2,888,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-26 11:16 . 2008-07-26 18:16 491,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-26 11:16 . 2008-07-26 11:32 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-26 11:16 . 2008-07-26 11:32 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-26 11:16 . 2008-07-26 18:16 24,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-26 11:16 . 2008-07-26 18:16 3,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-26 09:32 . 2008-07-26 09:33 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-24 19:02 . 2008-07-25 04:11 <DIR> d--hs---- C:\RECYCLER(2)
2008-07-24 03:17 . 2008-07-24 03:17 250 --a------ C:\WINDOWS\gmer.ini
2008-07-23 08:41 . 2008-07-23 08:41 <DIR> d-------- C:\Program Files\YoutubeGet
2008-07-22 17:01 . 2008-07-22 17:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\Sony
2008-07-22 17:01 . 2008-07-22 17:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\Publish Providers
2008-07-22 08:42 . 2008-07-22 08:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-20 11:40 . 2008-07-20 11:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 10:00 . 2008-07-22 02:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-20 10:00 . 2008-07-22 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 08:54 . 2008-07-20 08:57 <DIR> d-------- C:\Program Files\Total Video Converter
2008-07-20 08:54 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-07-19 02:48 . 2008-07-19 02:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\Media Player Classic
2008-07-19 02:35 . 2008-07-19 02:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Storm
2008-07-19 02:34 . 2008-07-19 02:34 <DIR> d-------- C:\Documents and Settings\User\Application Data\Application Data
2008-07-18 20:35 . 2008-07-18 20:35 268 --ah----- C:\sqmdata09.sqm
2008-07-18 20:35 . 2008-07-18 20:35 244 --ah----- C:\sqmnoopt09.sqm
2008-07-18 20:26 . 2008-07-18 20:28 <DIR> d-------- C:\Program Files\Chessmaster 10th Edition
2008-07-18 20:14 . 2008-07-18 20:22 <DIR> d-------- C:\Program Files\Wan Mei Online
2008-07-18 19:47 . 2008-07-18 19:47 268 --ah----- C:\sqmdata08.sqm
2008-07-18 19:47 . 2008-07-18 19:47 244 --ah----- C:\sqmnoopt08.sqm
2008-07-18 18:14 . 2008-07-26 09:15 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-18 18:12 . 2008-07-18 18:12 268 --ah----- C:\sqmdata07.sqm
2008-07-18 18:12 . 2008-07-18 18:12 244 --ah----- C:\sqmnoopt07.sqm
2008-07-18 01:48 . 2008-07-18 01:48 268 --ah----- C:\sqmdata06.sqm
2008-07-18 01:48 . 2008-07-18 01:48 244 --ah----- C:\sqmnoopt06.sqm
2008-07-18 01:03 . 2008-07-18 01:03 268 --ah----- C:\sqmdata05.sqm
2008-07-18 01:03 . 2008-07-18 01:03 244 --ah----- C:\sqmnoopt05.sqm
2008-07-18 00:53 . 2008-07-18 00:53 268 --ah----- C:\sqmdata04.sqm
2008-07-18 00:53 . 2008-07-18 00:53 244 --ah----- C:\sqmnoopt04.sqm
2008-07-18 00:24 . 2008-07-18 00:24 268 --ah----- C:\sqmdata03.sqm
2008-07-18 00:24 . 2008-07-18 00:24 244 --ah----- C:\sqmnoopt03.sqm
2008-07-18 00:24 . 2008-07-26 09:47 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-18 00:12 . 2008-07-18 00:12 268 --ah----- C:\sqmdata02.sqm
2008-07-18 00:12 . 2008-07-18 00:12 244 --ah----- C:\sqmnoopt02.sqm
2008-07-17 20:03 . 2008-07-17 20:03 268 --ah----- C:\sqmdata01.sqm
2008-07-17 20:03 . 2008-07-17 20:03 244 --ah----- C:\sqmnoopt01.sqm
2008-07-17 10:18 . 2008-07-17 10:18 268 --ah----- C:\sqmdata00.sqm
2008-07-17 10:18 . 2008-07-17 10:18 244 --ah----- C:\sqmnoopt00.sqm
2008-07-08 15:12 . 2003-08-11 10:07 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-07-08 15:05 . 2008-07-08 15:05 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-07-08 03:18 . 2008-07-25 04:12 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 03:01 . 2008-07-08 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-07 02:11 . 2008-07-07 02:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-07-07 02:11 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-07-07 02:11 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-07-07 02:11 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-07-07 02:11 . 2003-04-18 15:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-07-07 02:11 . 2003-04-18 15:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-07-07 02:10 . 2008-07-07 02:15 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-07-07 02:09 . 2008-07-07 02:14 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-07-07 02:09 . 2008-07-07 02:11 <DIR> d-------- C:\Program Files\MAGIX
2008-07-07 02:09 . 2002-09-20 23:33 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-07-07 02:09 . 2007-02-07 10:53 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-07-07 02:09 . 1998-10-15 16:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-07-07 02:09 . 1999-01-28 13:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-07-07 02:09 . 2008-07-07 02:15 5,817 --a------ C:\WINDOWS\mgxoschk.ini
2008-07-06 19:50 . 2008-07-06 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-07-06 15:05 . 2008-07-06 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-06 15:04 . 2008-07-20 01:13 <DIR> d-------- C:\Program Files\CyberLink
2008-07-06 14:22 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-06 14:22 . 2008-07-06 14:22 376 --a------ C:\WINDOWS\ODBC.INI
2008-07-06 14:20 . 2008-07-06 14:20 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-06 14:20 . 2008-07-06 14:20 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-07-06 14:19 . 2008-07-06 14:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-06 14:19 . 2008-07-20 10:01 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-06 14:17 . 2008-07-06 14:17 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-06 14:02 . 2008-07-06 14:02 <DIR> dr-h----- C:\MSOCache
2008-07-06 13:52 . 2008-07-25 21:07 842 --a------ C:\WINDOWS\wininit.ini
2008-07-05 18:05 . 2008-07-22 03:42 <DIR> d-------- C:\Downloads
2008-07-05 17:09 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-07-05 15:20 . 2008-07-05 15:20 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-05 15:20 . 2004-08-17 08:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-07-05 15:04 . 2008-07-05 15:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-05 15:04 . 2008-07-05 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-05 14:55 . 2008-07-05 14:55 <DIR> d-------- C:\Program Files\Macromedia
2008-07-05 14:55 . 2008-07-05 14:57 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-07-05 14:54 . 2008-07-05 14:54 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-05 14:43 . 2008-07-05 14:43 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-07-03 21:55 . 2008-07-03 21:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-03 21:53 . 2008-07-03 21:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-03 21:53 . 2008-07-03 21:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-03 17:46 . 2008-07-25 04:12 <DIR> d-------- C:\Documents and Settings\Guest
2008-07-03 13:33 . 2008-07-26 11:20 <DIR> d-------- C:\Program Files\Xfire
2008-07-03 13:33 . 2008-07-26 10:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\Xfire
2008-07-03 13:04 . 2008-04-23 12:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-03 13:04 . 2007-04-17 17:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-03 13:04 . 2007-03-08 13:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-03 13:04 . 2008-04-23 12:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-03 13:04 . 2008-04-23 12:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-03 13:04 . 2008-04-23 12:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-03 13:04 . 2008-04-23 12:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-03 13:04 . 2008-04-23 12:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-03 13:04 . 2008-04-22 15:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-03 12:16 . 2008-07-23 08:45 <DIR> d-------- C:\Program Files\IrfanView
2008-07-03 12:13 . 2008-07-03 12:13 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-03 12:12 . 2008-07-03 12:12 <DIR> d-------- C:\Program Files\Real
2008-07-03 11:43 . 2008-04-14 08:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-03 11:43 . 2008-04-14 08:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-03 06:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-03 06:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-03 06:53 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-02 12:21 . 2008-05-08 22:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-02 11:54 . 2008-07-02 11:54 <DIR> d-------- C:\Documents and Settings\User\Contacts
2008-07-02 11:47 . 2008-07-02 11:48 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-02 11:46 . 2008-07-02 11:52 <DIR> d-------- C:\Program Files\Windows Live
2008-07-02 11:46 . 2008-07-03 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-02 11:45 . 2008-06-13 19:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-02 11:43 . 2008-04-14 08:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-02 11:29 . 2008-07-02 11:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-02 11:07 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-07-02 11:05 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 16:04 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-07-09 16:01 --------- d-----w C:\Documents and Settings\User\Application Data\skypePM
2008-07-06 07:22 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-06 07:22 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-06 07:22 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-06 07:22 158,456 ------w C:\WINDOWS\system32\pxwma.dll
2008-07-03 16:56 --------- d-----w C:\Program Files\TTPlayer
2008-06-30 12:58 --------- d-----w C:\Program Files\Intel
2008-06-30 12:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2000-07-01 17:19 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot_2008-07-23_ 6.35.47.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-23 19:17:25 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 13:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
- 2008-07-17 17:01:12 22,486 ----a-r C:\WINDOWS\Installer\{92098E58-00AD-4F78-AD6E-807BDB323478}\register_icon.exe
+ 2008-07-26 01:34:18 22,486 ----a-r C:\WINDOWS\Installer\{92098E58-00AD-4F78-AD6E-807BDB323478}\register_icon.exe
+ 2008-07-26 03:43:42 9,728 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2008-07-24 10:33:57 2,998,272 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-07-23 19:17:25 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2008-04-16 06:23:44 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2008-01-29 10:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
+ 2008-07-26 03:32:39 187,920 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-03-25 12:07:10 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-04-25 10:21:06 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2008-04-25 10:22:24 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
- 2004-03-31 05:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2004-03-31 04:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
- 2002-01-04 19:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2002-01-04 18:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
- 2002-01-04 19:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
+ 2002-01-04 18:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
- 2003-03-18 13:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2003-03-18 12:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
- 2003-03-18 13:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 2003-03-18 12:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
- 2002-01-04 19:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
+ 2002-01-04 18:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
- 2002-01-04 19:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
+ 2002-01-04 18:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
- 2003-03-18 12:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2003-03-18 11:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
- 2002-01-04 18:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
+ 2002-01-04 17:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
- 2003-02-20 20:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2003-02-20 19:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
- 2008-07-22 08:05:40 58,998 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-23 11:51:28 58,998 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-22 08:05:41 392,864 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-23 11:51:28 392,864 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-24 20:12:20 265,440 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 12:51 155648]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 12:51 135168]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2007-05-21 18:27 208952]
"IMSCMIG40W"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE" [2006-03-20 16:10 25600]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 12:51 131072]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32 455168]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32 455168]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 02:30 97357]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-21 09:54 185896]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 15:41 86016]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 15:55 222504]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R2 Stormser;Stormser;C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe [2008-06-20 12:35]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 0d158c78abbefe9d;0d158c78abbefe9d;C:\0d158c78abbefe9d.dat []
S3 35c3ea389b9c8b56;35c3ea389b9c8b56;C:\35c3ea389b9c8b56.dat []
S3 6a7d1228429364ec;6a7d1228429364ec;C:\6a7d1228429364ec.dat []
S3 85f4e6c0c5a97d92;85f4e6c0c5a97d92;C:\85f4e6c0c5a97d92.dat []
S3 ff6a208451de7472;ff6a208451de7472;C:\ff6a208451de7472.dat []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 Ptserli;PCTEL Serial Device Driver for INTEL;C:\WINDOWS\system32\DRIVERS\ptserli.sys [2001-08-17 13:28]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.com
R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{404FFF98-13CD-4E41-A886-9F02A6F4F01E}: NameServer = 202.188.0.133,202.188.1.5


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 18:19:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0d158c78abbefe9d]
"ImagePath"="\??\C:\0d158c78abbefe9d.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\35c3ea389b9c8b56]
"ImagePath"="\??\C:\35c3ea389b9c8b56.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6a7d1228429364ec]
"ImagePath"="\??\C:\6a7d1228429364ec.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\85f4e6c0c5a97d92]
"ImagePath"="\??\C:\85f4e6c0c5a97d92.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ff6a208451de7472]
"ImagePath"="\??\C:\ff6a208451de7472.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-07-26 18:26:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 10:25:45
ComboFix2.txt 2008-07-25 18:45:15
ComboFix3.txt 2008-07-24 11:01:37
ComboFix4.txt 2008-07-22 22:36:34

Pre-Run: 44,444,950,528 bytes free
Post-Run: 44,521,820,160 bytes free

296 --- E O F --- 2008-07-20 09:28:00


HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:46 PM, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214966512421
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{404FFF98-13CD-4E41-A886-9F02A6F4F01E}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe

--
End of file - 7851 bytes
 
Hi

Let's try this again:

Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
C:\0d158c78abbefe9d.dat 
C:\35c3ea389b9c8b56.dat 
C:\6a7d1228429364ec.dat 
C:\85f4e6c0c5a97d92.dat 
C:\ff6a208451de7472.dat 

Driver::
0d158c78abbefe9d
35c3ea389b9c8b56
6a7d1228429364ec
85f4e6c0c5a97d92
ff6a208451de7472

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Hello,

ComboFix Log

ComboFix 08-07-25.4 - User 2008-07-26 23:46:24.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.621 [GMT 8:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\0d158c78abbefe9d.dat
C:\35c3ea389b9c8b56.dat
C:\6a7d1228429364ec.dat
C:\85f4e6c0c5a97d92.dat
C:\ff6a208451de7472.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_0D158C78ABBEFE9D
-------\Legacy_35C3EA389B9C8B56
-------\Legacy_6A7D1228429364EC
-------\Legacy_85F4E6C0C5A97D92
-------\Legacy_FF6A208451DE7472
-------\Service_0d158c78abbefe9d
-------\Service_35c3ea389b9c8b56
-------\Service_6a7d1228429364ec
-------\Service_85f4e6c0c5a97d92
-------\Service_ff6a208451de7472


((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.

2008-07-26 17:58 . 2008-07-26 17:58 89,013,816 --a------ C:\backup.reg
2008-07-26 11:16 . 2008-07-26 11:16 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-26 11:16 . 2008-07-27 00:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-26 11:16 . 2008-07-26 23:59 2,888,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-26 11:16 . 2008-07-27 00:02 516,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-26 11:16 . 2008-07-26 11:32 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-26 11:16 . 2008-07-26 11:32 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-26 11:16 . 2008-07-26 23:59 24,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-26 11:16 . 2008-07-26 23:59 3,864 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-26 09:32 . 2008-07-26 09:33 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-24 19:02 . 2008-07-25 04:11 <DIR> d--hs---- C:\RECYCLER(2)
2008-07-24 03:17 . 2008-07-24 03:17 250 --a------ C:\WINDOWS\gmer.ini
2008-07-23 08:41 . 2008-07-23 08:41 <DIR> d-------- C:\Program Files\YoutubeGet
2008-07-22 17:01 . 2008-07-22 17:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\Sony
2008-07-22 17:01 . 2008-07-22 17:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\Publish Providers
2008-07-22 08:42 . 2008-07-22 08:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-20 11:40 . 2008-07-20 11:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 10:00 . 2008-07-22 02:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-20 10:00 . 2008-07-22 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 08:54 . 2008-07-20 08:57 <DIR> d-------- C:\Program Files\Total Video Converter
2008-07-20 08:54 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-07-19 02:48 . 2008-07-19 02:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\Media Player Classic
2008-07-19 02:35 . 2008-07-19 02:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Storm
2008-07-19 02:34 . 2008-07-19 02:34 <DIR> d-------- C:\Documents and Settings\User\Application Data\Application Data
2008-07-18 20:35 . 2008-07-18 20:35 268 --ah----- C:\sqmdata09.sqm
2008-07-18 20:35 . 2008-07-18 20:35 244 --ah----- C:\sqmnoopt09.sqm
2008-07-18 20:26 . 2008-07-18 20:28 <DIR> d-------- C:\Program Files\Chessmaster 10th Edition
2008-07-18 20:14 . 2008-07-18 20:22 <DIR> d-------- C:\Program Files\Wan Mei Online
2008-07-18 19:47 . 2008-07-18 19:47 268 --ah----- C:\sqmdata08.sqm
2008-07-18 19:47 . 2008-07-18 19:47 244 --ah----- C:\sqmnoopt08.sqm
2008-07-18 18:14 . 2008-07-26 09:15 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-18 18:12 . 2008-07-18 18:12 268 --ah----- C:\sqmdata07.sqm
2008-07-18 18:12 . 2008-07-18 18:12 244 --ah----- C:\sqmnoopt07.sqm
2008-07-18 01:48 . 2008-07-18 01:48 268 --ah----- C:\sqmdata06.sqm
2008-07-18 01:48 . 2008-07-18 01:48 244 --ah----- C:\sqmnoopt06.sqm
2008-07-18 01:03 . 2008-07-18 01:03 268 --ah----- C:\sqmdata05.sqm
2008-07-18 01:03 . 2008-07-18 01:03 244 --ah----- C:\sqmnoopt05.sqm
2008-07-18 00:53 . 2008-07-18 00:53 268 --ah----- C:\sqmdata04.sqm
2008-07-18 00:53 . 2008-07-18 00:53 244 --ah----- C:\sqmnoopt04.sqm
2008-07-18 00:24 . 2008-07-18 00:24 268 --ah----- C:\sqmdata03.sqm
2008-07-18 00:24 . 2008-07-18 00:24 244 --ah----- C:\sqmnoopt03.sqm
2008-07-18 00:24 . 2008-07-26 09:47 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-18 00:12 . 2008-07-18 00:12 268 --ah----- C:\sqmdata02.sqm
2008-07-18 00:12 . 2008-07-18 00:12 244 --ah----- C:\sqmnoopt02.sqm
2008-07-17 20:03 . 2008-07-17 20:03 268 --ah----- C:\sqmdata01.sqm
2008-07-17 20:03 . 2008-07-17 20:03 244 --ah----- C:\sqmnoopt01.sqm
2008-07-17 10:18 . 2008-07-17 10:18 268 --ah----- C:\sqmdata00.sqm
2008-07-17 10:18 . 2008-07-17 10:18 244 --ah----- C:\sqmnoopt00.sqm
2008-07-08 15:12 . 2003-08-11 10:07 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-07-08 15:05 . 2008-07-08 15:05 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-07-08 03:18 . 2008-07-25 04:12 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 03:01 . 2008-07-08 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-07 02:11 . 2008-07-07 02:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-07-07 02:11 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-07-07 02:11 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-07-07 02:11 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-07-07 02:11 . 2003-04-18 15:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-07-07 02:11 . 2003-04-18 15:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-07-07 02:10 . 2008-07-07 02:15 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-07-07 02:09 . 2008-07-07 02:14 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-07-07 02:09 . 2008-07-07 02:11 <DIR> d-------- C:\Program Files\MAGIX
2008-07-07 02:09 . 2002-09-20 23:33 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-07-07 02:09 . 2007-02-07 10:53 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-07-07 02:09 . 1998-10-15 16:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-07-07 02:09 . 1999-01-28 13:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-07-07 02:09 . 2008-07-07 02:15 5,817 --a------ C:\WINDOWS\mgxoschk.ini
2008-07-06 19:50 . 2008-07-06 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-07-06 15:05 . 2008-07-06 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-06 15:04 . 2008-07-20 01:13 <DIR> d-------- C:\Program Files\CyberLink
2008-07-06 14:22 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-06 14:22 . 2008-07-06 14:22 376 --a------ C:\WINDOWS\ODBC.INI
2008-07-06 14:20 . 2008-07-06 14:20 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-06 14:20 . 2008-07-06 14:20 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-07-06 14:19 . 2008-07-06 14:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-06 14:19 . 2008-07-20 10:01 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-06 14:17 . 2008-07-06 14:17 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-06 14:02 . 2008-07-06 14:02 <DIR> dr-h----- C:\MSOCache
2008-07-06 13:52 . 2008-07-25 21:07 842 --a------ C:\WINDOWS\wininit.ini
2008-07-05 18:05 . 2008-07-22 03:42 <DIR> d-------- C:\Downloads
2008-07-05 17:09 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-07-05 15:20 . 2008-07-05 15:20 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-05 15:20 . 2004-08-17 08:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-07-05 15:04 . 2008-07-05 15:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-05 15:04 . 2008-07-05 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-05 14:55 . 2008-07-05 14:55 <DIR> d-------- C:\Program Files\Macromedia
2008-07-05 14:55 . 2008-07-05 14:57 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-07-05 14:54 . 2008-07-05 14:54 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-05 14:43 . 2008-07-05 14:43 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-07-03 21:55 . 2008-07-03 21:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-03 21:53 . 2008-07-03 21:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-03 21:53 . 2008-07-03 21:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-03 17:46 . 2008-07-25 04:12 <DIR> d-------- C:\Documents and Settings\Guest
2008-07-03 13:33 . 2008-07-26 11:20 <DIR> d-------- C:\Program Files\Xfire
2008-07-03 13:33 . 2008-07-26 10:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\Xfire
2008-07-03 13:04 . 2008-04-23 12:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-03 13:04 . 2007-04-17 17:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-03 13:04 . 2007-03-08 13:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-03 13:04 . 2008-04-23 12:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-03 13:04 . 2008-04-23 12:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-03 13:04 . 2008-04-23 12:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-03 13:04 . 2008-04-23 12:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-03 13:04 . 2008-04-23 12:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-03 13:04 . 2008-04-22 15:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-03 12:16 . 2008-07-23 08:45 <DIR> d-------- C:\Program Files\IrfanView
2008-07-03 12:13 . 2008-07-03 12:13 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-03 12:12 . 2008-07-03 12:12 <DIR> d-------- C:\Program Files\Real
2008-07-03 11:43 . 2008-04-14 08:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-03 11:43 . 2008-04-14 08:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-03 06:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-03 06:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-03 06:53 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-02 12:21 . 2008-05-08 22:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-02 11:54 . 2008-07-02 11:54 <DIR> d-------- C:\Documents and Settings\User\Contacts
2008-07-02 11:47 . 2008-07-02 11:48 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-02 11:46 . 2008-07-02 11:52 <DIR> d-------- C:\Program Files\Windows Live
2008-07-02 11:46 . 2008-07-03 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-02 11:45 . 2008-06-13 19:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-02 11:43 . 2008-04-14 08:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-02 11:34 . 2008-07-02 11:34 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-02 11:29 . 2008-07-02 11:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-02 11:07 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-07-02 11:05 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 16:04 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-07-09 16:01 --------- d-----w C:\Documents and Settings\User\Application Data\skypePM
2008-07-06 07:22 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-06 07:22 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-06 07:22 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-06 07:22 158,456 ------w C:\WINDOWS\system32\pxwma.dll
2008-07-03 16:56 --------- d-----w C:\Program Files\TTPlayer
2008-06-30 12:58 --------- d-----w C:\Program Files\Intel
2008-06-30 12:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2000-07-01 17:19 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 12:51 155648]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 12:51 135168]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2007-05-21 18:27 208952]
"IMSCMIG40W"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE" [2006-03-20 16:10 25600]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 12:51 131072]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32 455168]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32 455168]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 02:30 97357]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-21 09:54 185896]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 15:41 86016]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 15:55 222504]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R2 Stormser;Stormser;C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe [2008-06-20 12:35]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 Ptserli;PCTEL Serial Device Driver for INTEL;C:\WINDOWS\system32\DRIVERS\ptserli.sys [2001-08-17 13:28]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 00:02:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-07-27 0:11:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 16:10:05
ComboFix2.txt 2008-07-26 10:26:34
ComboFix3.txt 2008-07-25 18:45:15
ComboFix4.txt 2008-07-24 11:01:37
ComboFix5.txt 2008-07-26 15:45:39

Pre-Run: 44,635,860,992 bytes free
Post-Run: 44,652,859,392 bytes free

252 --- E O F --- 2008-07-20 09:28:00



HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:11 AM, on 7/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214966512421
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{404FFF98-13CD-4E41-A886-9F02A6F4F01E}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe

--
End of file - 7852 bytes
 
Hi

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.
 
Hello :)

Malwarebytes' Anti-Malware 1.23
Database version: 996
Windows 5.1.2600 Service Pack 3

11:56:48 AM 7/27/2008
mbam-log-7-27-2008 (11-56-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 124109
Time elapsed: 32 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
You must log in or register to reply here.
Back
Top