Winlogon

E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\36\19-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v536-{94EFD367-7931-4B32-95B8-FFF4BE13400B}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1512 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\37\537-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v537-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v537-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1704 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\38\538-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v538-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v538-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1584 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\39\539-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v539-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v539-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1712 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\46\546-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v546-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v546-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1728 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\49\149-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v149-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v149-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 128 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\51\151-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v151-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v151-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1408 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\52\152-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v152-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v152-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2088 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\53\153-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v153-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v153-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1456 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\54\154-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v154-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v154-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1848 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\55\155-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v155-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v155-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1552 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\56\156-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v156-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v156-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1040 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\57\157-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v157-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v157-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 800 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\58\158-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v158-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v158-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1096 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\63\163-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v163-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v163-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2928 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\63\568-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v563-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v568-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9120 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\63\568-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v563-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v568-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1000 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\64\582-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v564-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v582-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9192 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\64\582-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v564-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v582-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1016 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\65\583-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v565-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v583-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9840 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\65\583-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v565-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v583-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1096 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\66\566-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v566-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v566-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1728 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\67\567-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v567-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v567-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1808 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\70\570-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v570-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v570-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 848 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\71\571-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v571-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v571-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1792 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\72\572-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v572-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v572-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1800 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\73\173-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v173-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v173-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\73\573-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v573-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v573-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1776 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\74\584-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v574-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v584-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15834 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\74\584-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v574-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v584-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1792 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\75\585-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v575-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v585-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16662 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\75\585-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v575-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v585-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1800 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\76\586-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v576-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v586-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16050 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\76\586-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v576-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v586-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1792 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\77\577-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v577-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v577-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1728 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\78\578-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v578-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v578-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1792 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\79\579-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v579-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v579-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1864 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\80\580-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v580-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v580-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1376 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\82\382-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v382-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v382-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1704 bytes hidden from API
E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\87\187-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v187-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v187-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1920 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 86


--- Analysing Catchme logfile ---

no matching regkeys found


Finished!


Nothing was found on that file, either.

(Had to split it up, said the original post was too large)
 
hi Plutonus,

no joy for you or me.
lets delete that copy of combofix like this:

go to start>run and type in combofix /u click ok
note; there is a space after the "x" in combofix
------------------------
next;

please do a online scan here:
F-secure scan:
http://support.f-secure.com/enu/home/ols.shtml

uses Internet Explorer only

click on the "start scanning button" near bottom of page.
click to accept/install the ActiveX applet
"accept" the License Agreement, click "full system scan"
Once the download of files completes,the scan will begin automatically.
The scan may take some time to finish.
When the scan completes, click the Automatic cleaning (recommended) button.

Click the Show Report button and Copy&Paste the entire report in your next reply along with a current HijackThis log.
--------------------
last: get the new combofix:
Please download ComboFix (by sUBs) from one of the following links:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save it to the Desktop.
Double-click combofix.exe and follow the prompts.

CAUTION: Do not mouse-click ComboFix's window while it is running.
It may cause it to stall.

When finished, it produces a log.

Please provide the contents of the ComboFix log in your reply--

shelf life
 
F-Secure scan

Possibly infected with an unknown virus (virus)

* F:\MY STUFF\WEBBIES\CATS\ZENCART\ZEN-CART-V1.2.1D\INCLUDES\MODULES\ORDER_TOTAL\OT_COUPON.PHP (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System

W32/Malware.BHMR (virus)

* E:\WINDOWS\SYSTEM32\BASSMOD.DLL (Submitted)

Statistics
Scanned:

* Files: 90093
* System: 4643
* Not scanned: 8

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 30
* Submitted: 2

Files not scanned:

* E:\PAGEFILE.SYS
* E:\WINDOWS\TEMP\MCAFEE_QAABZ5XJV2CT629
* E:\WINDOWS\TEMP\MCMSC_58FY8CI22HLEJJT
* E:\WINDOWS\TEMP\MCMSC_P6EIWJY2WJAL8WI
* E:\WINDOWS\TEMP\MCMSC_VJ9IPSYNVDIICOO
* E:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* E:\DOCUMENTS AND SETTINGS\MATT2\LOCAL SETTINGS\TEMP\~ROMFN_00000BE8
* E:\DOCUMENTS AND SETTINGS\MATT2\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\OUTLOOK\OUTLOOK.PST

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:42 PM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
E:\WINDOWS\Explorer.EXE
e:\program files\common files\mcafee\mna\mcnasvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\Program Files\nHancer\nHancerService.exe
E:\PROGRA~1\McAfee.com\Agent\mcagent.exe
E:\WINDOWS\system32\CNAC6RPK.EXE
C:\Apps\NetLimiter 2 Pro\nlsvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\ASUS\Asus Probe\AsusProb.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Apps\Winamp\winampa.exe
E:\WINDOWS\LOGI_MWX.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Apps\D-Tools\daemon.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\wscntfy.exe
C:\Games\Steam\Steam.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Apps\NetLimiter 2 Pro\NLClient.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\nHancer\nHancer.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Apps\Winamp\winamp.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
C:\Apps\mIRC\mirc.exe
E:\WINDOWS\system32\WISPTIS.EXE
C:\Games\Flight Simulator 9\fs9.exe
C:\Games\Flight Simulator 9\fs9.exe
E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\DOCUME~1\Matt2\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
E:\DOCUME~1\Matt2\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe


Hijack this
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Apps\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ASUS Probe] E:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Apps\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Apps\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Apps\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Steam] "C:\Games\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [nHancer] "E:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190284954735
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190285765076
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tt - E:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Apps\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - E:\Program Files\nHancer\nHancerService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Apps\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9972 bytes
 
Combofix

ComboFix 07-12-02.7 - Matt2 2007-12-04 16:31:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.831 [GMT 11:00]
Running from: F:\My Stuff\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-11-26 10:52 . 2007-11-26 11:08 715 --a------ E:\WINDOWS\eReg.dat
2007-11-26 00:43 . 2007-12-02 00:12 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2007-11-26 00:43 . 2007-11-26 00:43 1,409 --a------ E:\WINDOWS\QTFont.for
2007-11-25 19:49 . 2001-05-25 06:01 90,112 --a------ E:\WINDOWS\system32\RegDACL.exe
2007-11-25 19:49 . 2007-10-11 14:42 8,925 --a------ E:\clean.bat
2007-11-25 19:49 . 2004-07-22 12:15 4,096 --a------ E:\WINDOWS\system32\reboot.exe
2007-11-25 19:49 . 2007-10-11 08:55 347 --a------ E:\run2.reg
2007-11-25 16:37 . 2007-11-25 16:37 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\NVIDIA
2007-11-25 16:36 . 2007-11-25 16:36 <DIR> d-------- E:\Program Files\nHancer
2007-11-25 16:36 . 2007-11-25 16:37 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\nHancer
2007-11-22 19:46 . 2007-11-22 19:46 <DIR> d-------- E:\Program Files\MSXML 4.0
2007-11-22 19:46 . 2005-05-26 15:34 2,297,552 --a------ E:\WINDOWS\system32\d3dx9_26.dll
2007-11-11 22:08 . 2007-12-04 16:32 <DIR> d-------- E:\Documents and Settings\Matt2\Application Data\mIRC
2007-11-11 14:58 . 2007-11-11 14:58 <DIR> d-------- E:\Documents and Settings\Matt2\Application Data\InstallShield
2007-11-10 18:32 . 2003-06-05 20:13 53,248 --a------ E:\WINDOWS\system32\Process.exe
2007-11-10 18:32 . 2007-11-10 18:32 1,814 --a------ E:\WINDOWS\system32\tmp.reg
2007-11-10 18:29 . 2007-09-05 23:22 289,144 --a------ E:\WINDOWS\system32\VCCLSID.exe
2007-11-10 18:29 . 2006-04-27 16:49 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe
2007-11-10 18:29 . 2004-07-31 17:50 51,200 --a------ E:\WINDOWS\system32\dumphive.exe
2007-11-10 18:29 . 2007-10-03 23:36 25,600 --a------ E:\WINDOWS\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 07:18 --------- d-----w E:\Program Files\McAfee
2007-11-22 08:46 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-11-21 12:19 --------- d-----w E:\Program Files\Common Files\McAfee
2007-11-14 09:55 --------- d-----w E:\Program Files\Emirates TravelDesk
2007-11-11 12:49 --------- d-----w E:\Program Files\Common Files\InstallShield
2007-11-10 07:40 --------- d-----w E:\Program Files\SUPERAntiSpyware
2007-11-03 03:29 --------- d-----w E:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-01 06:37 --------- d-----w E:\Program Files\Windows Live
2007-11-01 06:37 --------- d-----w E:\Program Files\MSN Messenger
2007-11-01 06:37 --------- d-----w E:\Program Files\Messenger Plus! Live
2007-10-31 04:11 --------- d-----w E:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 04:11 --------- d-----w E:\Documents and Settings\Matt2\Application Data\SUPERAntiSpyware.com
2007-10-31 04:11 --------- d-----w E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-29 08:32 --------- d-----w E:\Documents and Settings\Matt2\Application Data\Locktime
2007-10-29 08:29 --------- d-----w E:\Documents and Settings\All Users\Application Data\Locktime
2007-10-26 06:51 --------- d-----w E:\Program Files\SkyTeam Travel Timetable
2007-10-22 07:58 --------- d-----w E:\Program Files\Creative
2007-10-18 06:29 --------- d-----w E:\Documents and Settings\Matt2\Application Data\AdobeUM
2007-10-18 06:28 --------- d-----w E:\Program Files\Canon
2007-10-14 04:39 --------- d-----w E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 04:36 --------- d-----w E:\Program Files\Trend Micro
2007-10-11 23:58 --------- d-----w E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-11 12:28 --------- d-----w E:\Documents and Settings\All Users\Application Data\McAfee
2007-10-11 12:27 --------- d-----w E:\Program Files\McAfee.com
2007-10-11 12:24 --------- d-----w E:\Program Files\Common Files\Symantec Shared
2007-10-11 12:24 --------- d-----w E:\Documents and Settings\All Users\Application Data\Symantec
2007-10-10 17:32 --------- d-----w E:\Documents and Settings\Matt2\Application Data\Symantec
2007-10-10 10:18 805 ----a-w E:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-10 10:18 10,740 ----a-w E:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-07 15:14 246,545 ----a-w E:\WINDOWS\system32\libssl32.dll
2007-10-07 15:14 1,188,375 ----a-w E:\WINDOWS\system32\libeay32.dll
2007-10-07 04:07 737,280 ----a-w E:\WINDOWS\iun6002.exe
2007-10-06 01:44 --------- d-----w E:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-29 09:36 356,352 ----a-w E:\WINDOWS\eSellerateEngine.dll
2007-09-23 10:57 108,144 ----a-w E:\WINDOWS\system32\CmdLineExt.dll
2007-09-21 09:30 60,416 ----a-w E:\WINDOWS\ALCFDRTM.EXE
2007-09-21 07:48 81,920 ------r E:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2007-09-21 07:34 81,920 ------r E:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 15:32]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 18:56]
"LDM"="E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-09-21 18:48]
"Steam"="C:\Games\Steam\Steam.exe" [2007-12-01 18:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03]
"SUPERAntiSpyware"="E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"nHancer"="E:\Program Files\nHancer\nHancer.exe" [2007-10-31 10:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="E:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 17:07]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 18:56 E:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-06-29 01:43 E:\WINDOWS\system32\nwiz.exe]
"GrooveMonitor"="E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"WinampAgent"="C:\Apps\Winamp\winampa.exe" [2007-05-15 09:22]
"Logitech Utility"="LOGI_MWX.EXE" [2002-11-08 20:50 E:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 E:\WINDOWS\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 22:42 E:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Apps\QuickTime\qttask.exe" [2007-06-29 07:24]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]
"DAEMON Tools-1033"="C:\Apps\D-Tools\daemon.exe" [2004-08-22 18:05]
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 18:56 E:\WINDOWS\system32\rundll32.exe]
"mcagent_exe"="E:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 18:56]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-01 21:26:36]
Logitech Desktop Messenger.lnk - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-21 18:48:55]
Logitech SetPoint.lnk - E:\Program Files\Logitech\SetPoint\KEM.exe [2007-09-21 18:46:42]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
E:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 E:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 nltdi;nltdi;\??\E:\WINDOWS\system32\drivers\nltdi.sys
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\E:\DOCUME~1\Matt2\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;E:\WINDOWS\system32\Drivers\LUsbKbd.Sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;E:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;E:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmHidLo;Logitech Gaming USB Filter Driver;E:\WINDOWS\system32\drivers\WmHidLo.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;E:\WINDOWS\system32\drivers\WmXlCore.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;E:\WINDOWS\system32\drivers\WmVirHid.sys

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-11-14 15:16:56 E:\WINDOWS\Tasks\McDefragTask.job"
- e:\program files\mcafee\mqc\QcConsol.exe'
"2007-11-30 14:00:10 E:\WINDOWS\Tasks\McQcTask.job"
- e:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 16:33:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 16:33:34
E:\ComboFix2.txt ... 2007-11-17 18:46
E:\ComboFix3.txt ... 2007-10-19 21:22
.
--- E O F ---
 
hi Plutonus,

not seeing much at all.

Copy the entire contents inside the code box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

Code: 
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tt]

reboot once. let me know how its going.

shelf life
 
You must log in or register to reply here.
Back
Top