Welcome Guest ( Login | Register )
        

Home » Windows & System Security » HiJack This Logs » Numerous infections, numous scans .... still...
12»»

Numerous infections, numous scans .... still... Expand / Collapse
Author
Message
Posted 5/16/2008 12:22 PM
Associate Member

Associate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate Member

Group: Forum Members
Last Login: 7/29/2008 6:35 PM
Posts: 278, Visits: 273
Hello Richie, As Requested (Thank You) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:43 AM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Total Recorder Professional 6\TotRecSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CounterSpy\SBCSTray.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ebay.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\Total Recorder Professional 6\TotRecSched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107394181500
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62EC955C-255C-405C-A396-1967C4580BEB}: NameServer = 204.174.120.45 204.174.120.46
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\CounterSpy\SBCSSvc.exe
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe

--
End of file - 8695 bytes
  Post #239571
 
Posted 5/16/2008 12:27 PM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,427, Visits: 54,734
Welcome

If you have previously downloaded ComboFix,please delete that version now.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program/system to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.

_______________________________________________________________



ASAP & UNITE member since 2006



Use OpenDNS
  Post #239572
 
Posted 5/16/2008 1:02 PM
Associate Member

Associate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate Member

Group: Forum Members
Last Login: 7/29/2008 6:35 PM
Posts: 278, Visits: 273
ComboFix 08-05-15.3 - Chris 2008-05-16 11:38:03.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.357 [GMT -6:00]
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe
 * Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dvuqsrxy.ini
C:\WINDOWS\system32\JSsYayay.ini
C:\WINDOWS\system32\JSsYayay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pkjkejta.ini

.
(((((((((((((((((((((((((   Files Created from 2008-04-16 to 2008-05-16  )))))))))))))))))))))))))))))))
.

2008-05-16 10:47 . 2008-05-16 10:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-16 09:08 . 2008-05-16 09:30 <DIR> d-------- C:\Program Files\SpyNoMore
2008-05-15 23:52 . 2008-05-15 23:52 <DIR> d-------- C:\Program Files\Avira
2008-05-15 23:22 . 2008-05-15 23:22 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-05-15 23:21 . 2008-05-15 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-05-15 23:20 . 2008-05-16 00:06 <DIR> d-------- C:\Program Files\CounterSpy
2008-05-15 21:41 . 2008-05-15 21:42 133,120 --a------ C:\WINDOWS\system32\feqbfrob.dll
2008-05-15 21:40 . 2008-05-15 21:40 0 --a------ C:\WINDOWS\BMc303b894.xml
2008-05-15 10:32 . 2008-05-15 10:59 <DIR> d-------- C:\Program Files\Cucusoft AVI To DVD Pro
2008-05-15 09:37 . 2008-05-15 09:37 370,176 --a------ C:\WINDOWS\system32\yayaYsSJ.dll
2008-05-15 09:32 . 2008-05-15 09:33 <DIR> d-------- C:\Program Files\Cucusoft Ultimate Video Converter
2008-05-15 09:32 . 2006-09-11 04:13 409,600 --a------ C:\WINDOWS\system32\vampd.ax
2008-05-15 09:32 . 2003-03-30 20:08 372,736 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-15 09:32 . 2008-01-25 21:06 364,544 --a------ C:\WINDOWS\system32\cdg.dll
2008-05-15 09:32 . 2006-09-27 17:46 348,160 --a------ C:\WINDOWS\system32\cdga.dll
2008-05-15 09:32 . 2006-07-08 04:07 114,688 --a------ C:\WINDOWS\system32\PropListCtrl.ocx
2008-05-15 09:32 . 2006-07-17 21:42 14,909 --a------ C:\WINDOWS\system32\A_reg.reg
2008-05-09 12:41 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\Synaptics
2008-05-09 12:41 . 2007-12-05 16:11 177,664 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-05-09 12:41 . 2007-12-05 16:12 110,592 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-05-09 12:41 . 2007-12-05 16:12 110,592 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-05-09 12:41 . 2007-12-05 17:10 77,824 --a------ C:\WINDOWS\system32\SynTPCoI.dll
2008-05-09 12:41 . 2007-12-05 16:12 73,728 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-05-09 12:41 . 2007-12-05 16:14 65,536 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-05-09 12:13 . 2007-03-21 13:33 1,257,566 -ra------ C:\WINDOWS\system32\dsa.dll
2008-05-09 12:13 . 2007-03-21 13:46 254,023 --a------ C:\WINDOWS\system32\wsfwDS.dll
2008-05-09 12:13 . 2007-03-21 13:46 249,925 --a------ C:\WINDOWS\system32\wsimd.dll
2008-05-09 12:13 . 2007-03-21 13:33 82,017 -ra------ C:\WINDOWS\system32\dsaNac.dll
2008-05-09 12:12 . 2008-05-09 12:12 <DIR> d-------- C:\Program Files\ThinkPad R51
2008-05-09 12:12 . 2007-10-26 01:20 549,184 --a------ C:\WINDOWS\system32\ar5211.sys
2008-05-09 12:12 . 2006-08-07 14:17 118,784 --a------ C:\WINDOWS\system32\ATHCFG10.DLL
2008-05-09 12:12 . 2007-10-26 01:20 100,996 --a------ C:\WINDOWS\system32\net5211.inf
2008-05-09 12:12 . 2007-07-03 18:46 57,344 --a------ C:\WINDOWS\system32\wsimd.sys
2008-05-09 12:12 . 2007-07-03 18:46 57,344 --------- C:\WINDOWS\system32\drivers\wsimd.sys
2008-05-09 12:12 . 2007-10-29 12:47 23,501 --a------ C:\WINDOWS\system32\net5211.cat
2008-05-09 12:12 . 2007-07-28 17:07 12,552 --a------ C:\WINDOWS\system32\wsimdp.cat
2008-05-09 12:12 . 2007-07-28 17:07 12,129 --a------ C:\WINDOWS\system32\wsimd.cat
2008-05-09 12:12 . 2007-07-03 18:46 5,361 --a------ C:\WINDOWS\system32\wsimdp.inf
2008-05-09 12:12 . 2007-07-03 18:46 2,179 --a------ C:\WINDOWS\system32\wsimd.inf
2008-05-09 11:56 . 2008-05-09 11:56 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-09 09:54 . 2008-05-09 09:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-09 09:53 . 2008-05-09 09:54 <DIR> d-------- C:\Program Files\Nero 7.8.5.0 Premium
2008-05-04 18:48 . 2008-05-06 10:24 <DIR> d-------- C:\Program Files\Spybot S&D
2008-05-04 18:48 . 2008-05-06 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-04 17:56 . 2008-05-04 17:56 <DIR> d-------- C:\Program Files\KillBox
2008-05-02 12:14 . 2008-05-02 12:17 <DIR> d-------- C:\Program Files\Kaspersky Antivirus 7
2008-05-01 18:12 . 2008-05-01 18:12 <DIR> d-------- C:\Program Files\ACW
2008-05-01 14:01 . 2008-05-01 14:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-05-01 12:31 . 2008-05-01 12:31 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-01 12:31 . 2008-05-01 12:31 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-01 12:22 . 2008-05-01 12:22 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Sunbelt Software
2008-05-01 11:54 . 2006-08-24 15:56 40,832 --a------ C:\WINDOWS\system32\drivers\apusbsnt.sys
2008-05-01 11:54 . 2005-03-15 11:11 17,920 --a------ C:\WINDOWS\system32\apintfnt.dll
2008-05-01 11:54 . 2006-08-24 15:57 11,776 --a------ C:\WINDOWS\system32\apusbdco.dll
2008-05-01 00:05 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-04-30 22:03 . 2008-04-30 22:17 <DIR> d-------- C:\Program Files\SpyZooka
2008-04-30 21:48 . 2008-04-30 21:50 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Mp3tag
2008-04-30 21:47 . 2008-04-30 21:47 <DIR> d-------- C:\Program Files\Mp3tag
2008-04-30 20:27 . 2008-05-03 08:28 <DIR> d-------- C:\Program Files\Virtual DJ Pro 5
2008-04-30 17:50 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-30 17:49 . 2008-04-30 17:50 <DIR> d-------- C:\Program Files\Java
2008-04-30 17:46 . 2008-04-30 17:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-30 13:49 . 2008-04-30 13:49 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-04-30 13:14 . 2008-04-30 13:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 01:49 . 2008-05-15 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-29 19:26 . 2008-04-29 19:26 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-29 19:18 . 2008-05-09 09:43 <DIR> d-------- C:\Program Files\Nero
2008-04-29 19:18 . 2008-05-02 03:31 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-29 19:18 . 2008-05-09 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-29 19:03 . 2008-04-29 19:03 <DIR> d-------- C:\Program Files\MagicISO
2008-04-28 19:29 . 2008-04-28 19:29 <DIR> d-------- C:\Program Files\CCleaner
2008-04-27 22:44 . 2008-04-30 21:02 <DIR> d-------- C:\WINDOWS\RegCure
2008-04-27 22:44 . 2008-04-30 21:02 <DIR> d-------- C:\Program Files\RegCure
2008-04-26 17:18 . 2008-04-26 17:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-24 12:05 . 2008-04-24 12:28 <DIR> d-------- C:\Program Files\QuickTax 2007
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Intuit Canada
2008-04-24 12:03 . 2008-04-24 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit Canada
2008-04-22 23:13 . 2008-04-22 23:13 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\GTek
2008-04-22 23:13 . 2008-04-22 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2008-04-22 23:13 . 2008-04-22 23:13 5,248 --a------ C:\WINDOWS\system32\OEMINFO.PNF

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 20:12 --------- d-----w C:\Program Files\Azureus
2008-05-16 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-16 04:32 --------- d-----w C:\Program Files\XoftSpy SE
2008-05-16 00:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-15 16:34 --------- d-----w C:\Documents and Settings\Chris\Application Data\Azureus
2008-05-15 04:21 --------- d-----w C:\Program Files\AnyDVD
2008-05-09 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 18:01 --------- d-----w C:\Program Files\ThinkPad
2008-05-05 20:07 --------- d-----w C:\Program Files\Soulseek
2008-05-02 18:38 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd6637.sys
2008-05-01 22:02 --------- d-----w C:\Program Files\Power ISO
2008-04-30 19:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-30 19:16 --------- d-----w C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
2008-04-29 22:34 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-25 05:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-15 22:15 --------- d-----w C:\Program Files\Native Instruments
2008-04-15 22:13 --------- d-----w C:\Program Files\Syncrosoft
2008-04-15 21:52 --------- d-----w C:\Program Files\Games
2008-04-14 18:02 --------- d-----w C:\Program Files\DivX
2008-04-09 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-06 11:27 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-04-04 04:39 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-03 05:41 3,532 ----a-w C:\drmHeader.bin
2008-04-03 04:18 --------- d-----w C:\Program Files\Windows Live
2008-04-03 04:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-07-23 18:50 39,832 ----a-w C:\Documents and Settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
2007-02-06 00:11 87,608 ----a-w C:\Documents and Settings\Chris\Application Data\ezpinst.exe
2007-02-06 00:11 47,360 ----a-w C:\Documents and Settings\Chris\Application Data\pcouffin.sys
2006-10-10 13:25 14 ----a-w C:\Documents and Settings\Chris\getfile.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14370F76-7676-44A2-AD11-93A31C5FC9FC}]
   C:\WINDOWS\system32\ljJARkKA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA07D05F-5465-41ED-A457-3516E108D6BC}]
2008-05-15 09:37 370176 --a------ C:\WINDOWS\system32\yayaYsSJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f591201f-dc78-4126-8875-ce6b8b2117cd}]
2008-05-15 21:42 133120 --a------ C:\WINDOWS\system32\feqbfrob.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2kAutostart"="" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"AnyDVD"="C:\Program Files\AnyDVD\AnyDVDtray.exe" [2008-05-13 12:41 2091968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"TotalRecorderScheduler"="C:\Program Files\Total Recorder Professional 6\TotRecSched.exe" [2006-05-12 02:32 86016]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 16:14 122880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 16:14 524288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SBCSTray"="C:\Program Files\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 02:50 204800]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 02:38 110592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-16 01:37 262401]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 21:00 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
"{14370F76-7676-44A2-AD11-93A31C5FC9FC}"= C:\WINDOWS\system32\ljJARkKA.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJARkKA]
ljJARkKA.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-06-16 23:23 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ZMBV"= zmbv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Games\\Kyodai Mahjongg 2006\\kmj.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:LimeWire UDP
"6881:TCP"= 6881:TCP:Azureus TCP
"6881:UDP"= 6881:UDP:Azureus UDP
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-05-15 23:22]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2005-04-20 02:38]
R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-09-26 11:43]
R2 SwiWiFiComm;SwiWiFiComm;C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe [2007-03-16 15:50]
R3 apusbsnt;Sierra Wireless USB Modem Device Driver;C:\WINDOWS\system32\DRIVERS\apusbsnt.sys [2006-08-24 15:56]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 18:46]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinysxx.sys [2005-01-25 20:36]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;C:\WINDOWS\system32\DRIVERS\atinyvxx.sys [2005-01-25 20:36]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;C:\WINDOWS\system32\DRIVERS\atinyuxx.sys [2005-01-25 20:37]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;C:\WINDOWS\system32\Drivers\ATIUTD.sys [2005-01-25 20:37]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 17:41]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-26 11:43]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-26 11:43]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;C:\WINDOWS\system32\DRIVERS\atinyttx.sys [2005-01-25 20:33]

.
Contents of the 'Scheduled Tasks' folder
"2006-03-11 10:42:52 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
"2008-05-16 17:54:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-16 17:51:33 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-15 09:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2005-06-06 04:59:37 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy 4\XoftSpy.exe
"2008-05-16 17:51:33 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpy SE\XoftSpy.exe
"2008-05-10 10:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpy SE\XoftSpy.exe
.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-16 11:58:58 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-16 17:58:52
ComboFix2.txt  2008-05-01 00:15:51

Pre-Run: 5,194,858,496 bytes free
Post-Run: 5,618,933,760 bytes free

276 --- E O F --- 2008-05-12 16:11:25

__________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:06 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Total Recorder Professional 6\TotRecSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CounterSpy\SBCSTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {14370F76-7676-44A2-AD11-93A31C5FC9FC} - C:\WINDOWS\system32\ljJARkKA.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA07D05F-5465-41ED-A457-3516E108D6BC} - C:\WINDOWS\system32\yayaYsSJ.dll
O2 - BHO: {dc7112b8-b6ec-5788-6214-87cdf102195f} - {f591201f-dc78-4126-8875-ce6b8b2117cd} - C:\WINDOWS\system32\feqbfrob.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\Total Recorder Professional 6\TotRecSched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107394181500
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62EC955C-255C-405C-A396-1967C4580BEB}: NameServer = 204.174.120.45 204.174.120.46
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljJARkKA - ljJARkKA.dll (file missing)
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\CounterSpy\SBCSSvc.exe
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe

--
End of file - 9671 bytes
  Post #239575
 
Posted 5/16/2008 1:23 PM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,427, Visits: 54,734
Copy and paste ALL the following text in the code box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.
File::
C:\WINDOWS\system32\feqbfrob.dll
C:\WINDOWS\BMc303b894.xml
C:\WINDOWS\system32\yayaYsSJ.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14370F76-7676-44A2-AD11-93A31C5FC9FC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA07D05F-5465-41ED-A457-3516E108D6BC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f591201f-dc78-4126-8875-ce6b8b2117cd}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{14370F76-7676-44A2-AD11-93A31C5FC9FC}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJARkKA]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.



This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.

_______________________________________________________________



ASAP & UNITE member since 2006



Use OpenDNS
  Post #239576
 
Posted 5/16/2008 2:35 PM
Associate Member

Associate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate Member

Group: Forum Members
Last Login: 7/29/2008 6:35 PM
Posts: 278, Visits: 273
ComboFix 08-05-15.3 - Chris 2008-05-16 13:14:02.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.348 [GMT -6:00]
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chris\Desktop\CFScript.txt
 * Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\BMc303b894.xml
C:\WINDOWS\system32\feqbfrob.dll
C:\WINDOWS\system32\yayaYsSJ.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMc303b894.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\feqbfrob.dll
C:\WINDOWS\system32\JSsYayay.ini
C:\WINDOWS\system32\JSsYayay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\yayaYsSJ.dll

.
(((((((((((((((((((((((((   Files Created from 2008-04-16 to 2008-05-16  )))))))))))))))))))))))))))))))
.

2008-05-16 13:02 . 2008-05-16 13:02 125,952 --a------ C:\WINDOWS\system32\xgddunxf.dll
2008-05-16 13:02 . 2008-05-16 13:02 125,952 --a------ C:\WINDOWS\system32\hdouopdd.dll
2008-05-16 10:47 . 2008-05-16 10:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-16 09:08 . 2008-05-16 09:30 <DIR> d-------- C:\Program Files\SpyNoMore
2008-05-15 23:52 . 2008-05-15 23:52 <DIR> d-------- C:\Program Files\Avira
2008-05-15 23:22 . 2008-05-15 23:22 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-05-15 23:21 . 2008-05-15 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-05-15 23:20 . 2008-05-16 00:06 <DIR> d-------- C:\Program Files\CounterSpy
2008-05-15 18:14 . 2008-05-16 13:07 4,566 --a------ C:\WINDOWS\imsins.BAK
2008-05-15 10:32 . 2008-05-15 10:59 <DIR> d-------- C:\Program Files\Cucusoft AVI To DVD Pro
2008-05-15 09:32 . 2008-05-15 09:33 <DIR> d-------- C:\Program Files\Cucusoft Ultimate Video Converter
2008-05-15 09:32 . 2006-09-11 04:13 409,600 --a------ C:\WINDOWS\system32\vampd.ax
2008-05-15 09:32 . 2003-03-30 20:08 372,736 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-15 09:32 . 2008-01-25 21:06 364,544 --a------ C:\WINDOWS\system32\cdg.dll
2008-05-15 09:32 . 2006-09-27 17:46 348,160 --a------ C:\WINDOWS\system32\cdga.dll
2008-05-15 09:32 . 2006-07-08 04:07 114,688 --a------ C:\WINDOWS\system32\PropListCtrl.ocx
2008-05-15 09:32 . 2006-07-17 21:42 14,909 --a------ C:\WINDOWS\system32\A_reg.reg
2008-05-09 12:41 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\Synaptics
2008-05-09 12:41 . 2007-12-05 16:11 177,664 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-05-09 12:41 . 2007-12-05 16:12 110,592 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-05-09 12:41 . 2007-12-05 16:12 110,592 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-05-09 12:41 . 2007-12-05 17:10 77,824 --a------ C:\WINDOWS\system32\SynTPCoI.dll
2008-05-09 12:41 . 2007-12-05 16:12 73,728 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-05-09 12:41 . 2007-12-05 16:14 65,536 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-05-09 12:13 . 2007-03-21 13:33 1,257,566 -ra------ C:\WINDOWS\system32\dsa.dll
2008-05-09 12:13 . 2007-03-21 13:46 254,023 --a------ C:\WINDOWS\system32\wsfwDS.dll
2008-05-09 12:13 . 2007-03-21 13:46 249,925 --a------ C:\WINDOWS\system32\wsimd.dll
2008-05-09 12:13 . 2007-03-21 13:33 82,017 -ra------ C:\WINDOWS\system32\dsaNac.dll
2008-05-09 12:12 . 2008-05-09 12:12 <DIR> d-------- C:\Program Files\ThinkPad R51
2008-05-09 12:12 . 2007-10-26 01:20 549,184 --a------ C:\WINDOWS\system32\ar5211.sys
2008-05-09 12:12 . 2006-08-07 14:17 118,784 --a------ C:\WINDOWS\system32\ATHCFG10.DLL
2008-05-09 12:12 . 2007-10-26 01:20 100,996 --a------ C:\WINDOWS\system32\net5211.inf
2008-05-09 12:12 . 2007-07-03 18:46 57,344 --a------ C:\WINDOWS\system32\wsimd.sys
2008-05-09 12:12 . 2007-07-03 18:46 57,344 --------- C:\WINDOWS\system32\drivers\wsimd.sys
2008-05-09 12:12 . 2007-10-29 12:47 23,501 --a------ C:\WINDOWS\system32\net5211.cat
2008-05-09 12:12 . 2007-07-28 17:07 12,552 --a------ C:\WINDOWS\system32\wsimdp.cat
2008-05-09 12:12 . 2007-07-28 17:07 12,129 --a------ C:\WINDOWS\system32\wsimd.cat
2008-05-09 12:12 . 2007-07-03 18:46 5,361 --a------ C:\WINDOWS\system32\wsimdp.inf
2008-05-09 12:12 . 2007-07-03 18:46 2,179 --a------ C:\WINDOWS\system32\wsimd.inf
2008-05-09 11:56 . 2008-05-09 11:56 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-09 09:54 . 2008-05-09 09:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-09 09:53 . 2008-05-09 09:54 <DIR> d-------- C:\Program Files\Nero 7.8.5.0 Premium
2008-05-04 18:48 . 2008-05-06 10:24 <DIR> d-------- C:\Program Files\Spybot S&D
2008-05-04 18:48 . 2008-05-06 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-04 17:56 . 2008-05-04 17:56 <DIR> d-------- C:\Program Files\KillBox
2008-05-02 12:14 . 2008-05-02 12:17 <DIR> d-------- C:\Program Files\Kaspersky Antivirus 7
2008-05-01 18:12 . 2008-05-01 18:12 <DIR> d-------- C:\Program Files\ACW
2008-05-01 14:01 . 2008-05-01 14:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-05-01 12:31 . 2008-05-01 12:31 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-01 12:31 . 2008-05-01 12:31 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-01 12:22 . 2008-05-01 12:22 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Sunbelt Software
2008-05-01 11:54 . 2006-08-24 15:56 40,832 --a------ C:\WINDOWS\system32\drivers\apusbsnt.sys
2008-05-01 11:54 . 2005-03-15 11:11 17,920 --a------ C:\WINDOWS\system32\apintfnt.dll
2008-05-01 11:54 . 2006-08-24 15:57 11,776 --a------ C:\WINDOWS\system32\apusbdco.dll
2008-05-01 00:05 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-04-30 22:03 . 2008-04-30 22:17 <DIR> d-------- C:\Program Files\SpyZooka
2008-04-30 21:48 . 2008-04-30 21:50 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Mp3tag
2008-04-30 21:47 . 2008-04-30 21:47 <DIR> d-------- C:\Program Files\Mp3tag
2008-04-30 20:27 . 2008-05-03 08:28 <DIR> d-------- C:\Program Files\Virtual DJ Pro 5
2008-04-30 17:50 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-30 17:49 . 2008-04-30 17:50 <DIR> d-------- C:\Program Files\Java
2008-04-30 17:46 . 2008-04-30 17:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-30 13:49 . 2008-04-30 13:49 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-04-30 13:14 . 2008-04-30 13:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 01:49 . 2008-05-15 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-29 19:26 . 2008-04-29 19:26 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-29 19:18 . 2008-05-09 09:43 <DIR> d-------- C:\Program Files\Nero
2008-04-29 19:18 . 2008-05-02 03:31 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-29 19:18 . 2008-05-09 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-29 19:03 . 2008-04-29 19:03 <DIR> d-------- C:\Program Files\MagicISO
2008-04-28 19:29 . 2008-04-28 19:29 <DIR> d-------- C:\Program Files\CCleaner
2008-04-27 22:44 . 2008-04-30 21:02 <DIR> d-------- C:\WINDOWS\RegCure
2008-04-27 22:44 . 2008-04-30 21:02 <DIR> d-------- C:\Program Files\RegCure
2008-04-26 17:18 . 2008-04-26 17:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-24 12:05 . 2008-04-24 12:28 <DIR> d-------- C:\Program Files\QuickTax 2007
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Intuit Canada
2008-04-24 12:03 . 2008-04-24 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit Canada
2008-04-22 23:13 . 2008-04-22 23:13 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\GTek
2008-04-22 23:13 . 2008-04-22 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2008-04-22 23:13 . 2008-04-22 23:13 5,248 --a------ C:\WINDOWS\system32\OEMINFO.PNF

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 20:12 --------- d-----w C:\Program Files\Azureus
2008-05-16 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-16 04:32 --------- d-----w C:\Program Files\XoftSpy SE
2008-05-16 00:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-15 16:34 --------- d-----w C:\Documents and Settings\Chris\Application Data\Azureus
2008-05-15 04:21 --------- d-----w C:\Program Files\AnyDVD
2008-05-09 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 18:01 --------- d-----w C:\Program Files\ThinkPad
2008-05-05 20:07 --------- d-----w C:\Program Files\Soulseek
2008-05-02 18:38 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd6637.sys
2008-05-01 22:02 --------- d-----w C:\Program Files\Power ISO
2008-04-30 19:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-30 19:16 --------- d-----w C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
2008-04-29 22:34 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-25 05:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-15 22:15 --------- d-----w C:\Program Files\Native Instruments
2008-04-15 22:13 --------- d-----w C:\Program Files\Syncrosoft
2008-04-15 21:52 --------- d-----w C:\Program Files\Games
2008-04-14 18:02 --------- d-----w C:\Program Files\DivX
2008-04-09 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-06 11:27 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-04-04 04:39 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-03 05:41 3,532 ----a-w C:\drmHeader.bin
2008-04-03 04:18 --------- d-----w C:\Program Files\Windows Live
2008-04-03 04:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-03-02 00:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-07-23 18:50 39,832 ----a-w C:\Documents and Settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
2007-02-06 00:11 87,608 ----a-w C:\Documents and Settings\Chris\Application Data\ezpinst.exe
2007-02-06 00:11 47,360 ----a-w C:\Documents and Settings\Chris\Application Data\pcouffin.sys
2006-10-10 13:25 14 ----a-w C:\Documents and Settings\Chris\getfile.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2kAutostart"="" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"AnyDVD"="C:\Program Files\AnyDVD\AnyDVDtray.exe" [2008-05-13 12:41 2091968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"TotalRecorderScheduler"="C:\Program Files\Total Recorder Professional 6\TotRecSched.exe" [2006-05-12 02:32 86016]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 16:14 122880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 16:14 524288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SBCSTray"="C:\Program Files\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 02:50 204800]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 02:38 110592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-16 01:37 262401]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 21:00 344064]
"BMc303b894"="C:\WINDOWS\system32\hdouopdd.dll" [2008-05-16 13:02 125952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-06-16 23:23 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ZMBV"= zmbv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Games\\Kyodai Mahjongg 2006\\kmj.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:LimeWire UDP
"6881:TCP"= 6881:TCP:Azureus TCP
"6881:UDP"= 6881:UDP:Azureus UDP
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-05-15 23:22]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2005-04-20 02:38]
R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-09-26 11:43]
R2 SwiWiFiComm;SwiWiFiComm;C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe [2007-03-16 15:50]
R3 apusbsnt;Sierra Wireless USB Modem Device Driver;C:\WINDOWS\system32\DRIVERS\apusbsnt.sys [2006-08-24 15:56]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 18:46]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinysxx.sys [2005-01-25 20:36]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;C:\WINDOWS\system32\DRIVERS\atinyvxx.sys [2005-01-25 20:36]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;C:\WINDOWS\system32\DRIVERS\atinyuxx.sys [2005-01-25 20:37]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;C:\WINDOWS\system32\Drivers\ATIUTD.sys [2005-01-25 20:37]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 17:41]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-26 11:43]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-26 11:43]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;C:\WINDOWS\system32\DRIVERS\atinyttx.sys [2005-01-25 20:33]

.
Contents of the 'Scheduled Tasks' folder
"2006-03-11 10:42:52 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
"2008-05-16 19:24:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-16 19:21:18 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-15 09:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2005-06-06 04:59:37 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy 4\XoftSpy.exe
"2008-05-16 19:21:18 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpy SE\XoftSpy.exe
"2008-05-10 10:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpy SE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 13:22:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\hdouopdd.dll
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-16 13:30:10 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-16 19:29:42
ComboFix2.txt  2008-05-16 17:58:59
ComboFix3.txt  2008-05-01 00:15:51

Pre-Run: 5,610,016,768 bytes free
Post-Run: 5,600,915,456 bytes free

312 --- E O F --- 2008-05-16 18:11:05

__________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:42 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Total Recorder Professional 6\TotRecSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CounterSpy\SBCSTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\Total Recorder Professional 6\TotRecSched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BMc303b894] Rundll32.exe "C:\WINDOWS\system32\hdouopdd.dll",s
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107394181500
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62EC955C-255C-405C-A396-1967C4580BEB}: NameServer = 204.174.120.45 204.174.120.46
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\CounterSpy\SBCSSvc.exe
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe

--
End of file - 9355 bytes
  Post #239580
 
Posted 5/16/2008 4:39 PM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,427, Visits: 54,734
Copy and paste ALL the following text in the code box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.
File::
C:\WINDOWS\system32\xgddunxf.dll
C:\WINDOWS\system32\hdouopdd.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMc303b894"=-

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.



This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.

_______________________________________________________________



ASAP & UNITE member since 2006



Use OpenDNS
  Post #239585
 
Posted 5/16/2008 6:38 PM
Associate Member

Associate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate Member

Group: Forum Members
Last Login: 7/29/2008 6:35 PM
Posts: 278, Visits: 273
ComboFix 08-05-15.3 - Chris 2008-05-16 17:19:29.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.370 [GMT -6:00]
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chris\Desktop\CFScript.txt
 * Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\system32\hdouopdd.dll
C:\WINDOWS\system32\xgddunxf.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\hdouopdd.dll
C:\WINDOWS\system32\xgddunxf.dll

.
(((((((((((((((((((((((((   Files Created from 2008-04-16 to 2008-05-16  )))))))))))))))))))))))))))))))
.

2008-05-16 13:57 . 2008-05-16 13:57 <DIR> d-------- C:\Documents and Settings\Christopher\Accessories
2008-05-16 13:24 . 2008-05-16 13:24 0 --a------ C:\WINDOWS\BMc303b894.xml
2008-05-16 10:47 . 2008-05-16 10:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-16 09:08 . 2008-05-16 09:30 <DIR> d-------- C:\Program Files\SpyNoMore
2008-05-15 23:52 . 2008-05-15 23:52 <DIR> d-------- C:\Program Files\Avira
2008-05-15 23:22 . 2008-05-15 23:22 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-05-15 23:21 . 2008-05-15 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-05-15 23:20 . 2008-05-16 00:06 <DIR> d-------- C:\Program Files\CounterSpy
2008-05-15 18:14 . 2008-05-16 13:07 4,566 --a------ C:\WINDOWS\imsins.BAK
2008-05-15 10:32 . 2008-05-15 10:59 <DIR> d-------- C:\Program Files\Cucusoft AVI To DVD Pro
2008-05-15 09:32 . 2008-05-15 09:33 <DIR> d-------- C:\Program Files\Cucusoft Ultimate Video Converter
2008-05-15 09:32 . 2006-09-11 04:13 409,600 --a------ C:\WINDOWS\system32\vampd.ax
2008-05-15 09:32 . 2003-03-30 20:08 372,736 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-15 09:32 . 2008-01-25 21:06 364,544 --a------ C:\WINDOWS\system32\cdg.dll
2008-05-15 09:32 . 2006-09-27 17:46 348,160 --a------ C:\WINDOWS\system32\cdga.dll
2008-05-15 09:32 . 2006-07-08 04:07 114,688 --a------ C:\WINDOWS\system32\PropListCtrl.ocx
2008-05-15 09:32 . 2006-07-17 21:42 14,909 --a------ C:\WINDOWS\system32\A_reg.reg
2008-05-09 12:41 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\Synaptics
2008-05-09 12:41 . 2007-12-05 16:11 177,664 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-05-09 12:41 . 2007-12-05 16:12 110,592 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-05-09 12:41 . 2007-12-05 16:12 110,592 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-05-09 12:41 . 2007-12-05 17:10 77,824 --a------ C:\WINDOWS\system32\SynTPCoI.dll
2008-05-09 12:41 . 2007-12-05 16:12 73,728 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-05-09 12:41 . 2007-12-05 16:14 65,536 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-05-09 12:13 . 2007-03-21 13:33 1,257,566 -ra------ C:\WINDOWS\system32\dsa.dll
2008-05-09 12:13 . 2007-03-21 13:46 254,023 --a------ C:\WINDOWS\system32\wsfwDS.dll
2008-05-09 12:13 . 2007-03-21 13:46 249,925 --a------ C:\WINDOWS\system32\wsimd.dll
2008-05-09 12:13 . 2007-03-21 13:33 82,017 -ra------ C:\WINDOWS\system32\dsaNac.dll
2008-05-09 12:12 . 2008-05-09 12:12 <DIR> d-------- C:\Program Files\ThinkPad R51
2008-05-09 12:12 . 2007-10-26 01:20 549,184 --a------ C:\WINDOWS\system32\ar5211.sys
2008-05-09 12:12 . 2006-08-07 14:17 118,784 --a------ C:\WINDOWS\system32\ATHCFG10.DLL
2008-05-09 12:12 . 2007-10-26 01:20 100,996 --a------ C:\WINDOWS\system32\net5211.inf
2008-05-09 12:12 . 2007-07-03 18:46 57,344 --a------ C:\WINDOWS\system32\wsimd.sys
2008-05-09 12:12 . 2007-07-03 18:46 57,344 --------- C:\WINDOWS\system32\drivers\wsimd.sys
2008-05-09 12:12 . 2007-10-29 12:47 23,501 --a------ C:\WINDOWS\system32\net5211.cat
2008-05-09 12:12 . 2007-07-28 17:07 12,552 --a------ C:\WINDOWS\system32\wsimdp.cat
2008-05-09 12:12 . 2007-07-28 17:07 12,129 --a------ C:\WINDOWS\system32\wsimd.cat
2008-05-09 12:12 . 2007-07-03 18:46 5,361 --a------ C:\WINDOWS\system32\wsimdp.inf
2008-05-09 12:12 . 2007-07-03 18:46 2,179 --a------ C:\WINDOWS\system32\wsimd.inf
2008-05-09 11:56 . 2008-05-09 11:56 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-09 09:54 . 2008-05-09 09:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-09 09:53 . 2008-05-09 09:54 <DIR> d-------- C:\Program Files\Nero 7.8.5.0 Premium
2008-05-04 18:48 . 2008-05-06 10:24 <DIR> d-------- C:\Program Files\Spybot S&D
2008-05-04 18:48 . 2008-05-06 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-04 17:56 . 2008-05-04 17:56 <DIR> d-------- C:\Program Files\KillBox
2008-05-02 12:14 . 2008-05-02 12:17 <DIR> d-------- C:\Program Files\Kaspersky Antivirus 7
2008-05-01 18:12 . 2008-05-01 18:12 <DIR> d-------- C:\Program Files\ACW
2008-05-01 14:01 . 2008-05-01 14:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-05-01 12:31 . 2008-05-01 12:31 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-01 12:31 . 2008-05-01 12:31 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-01 12:22 . 2008-05-01 12:22 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Sunbelt Software
2008-05-01 11:54 . 2006-08-24 15:56 40,832 --a------ C:\WINDOWS\system32\drivers\apusbsnt.sys
2008-05-01 11:54 . 2005-03-15 11:11 17,920 --a------ C:\WINDOWS\system32\apintfnt.dll
2008-05-01 11:54 . 2006-08-24 15:57 11,776 --a------ C:\WINDOWS\system32\apusbdco.dll
2008-05-01 00:05 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-04-30 22:03 . 2008-04-30 22:17 <DIR> d-------- C:\Program Files\SpyZooka
2008-04-30 21:48 . 2008-04-30 21:50 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Mp3tag
2008-04-30 21:47 . 2008-04-30 21:47 <DIR> d-------- C:\Program Files\Mp3tag
2008-04-30 20:27 . 2008-05-03 08:28 <DIR> d-------- C:\Program Files\Virtual DJ Pro 5
2008-04-30 17:50 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-30 17:49 . 2008-04-30 17:50 <DIR> d-------- C:\Program Files\Java
2008-04-30 17:46 . 2008-04-30 17:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-30 13:49 . 2008-04-30 13:49 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-04-30 13:14 . 2008-04-30 13:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 01:49 . 2008-05-15 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-29 19:26 . 2008-04-29 19:26 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-29 19:18 . 2008-05-09 09:43 <DIR> d-------- C:\Program Files\Nero
2008-04-29 19:18 . 2008-05-02 03:31 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-29 19:18 . 2008-05-09 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-29 19:03 . 2008-04-29 19:03 <DIR> d-------- C:\Program Files\MagicISO
2008-04-28 19:29 . 2008-04-28 19:29 <DIR> d-------- C:\Program Files\CCleaner
2008-04-27 22:44 . 2008-04-30 21:02 <DIR> d-------- C:\WINDOWS\RegCure
2008-04-27 22:44 . 2008-04-30 21:02 <DIR> d-------- C:\Program Files\RegCure
2008-04-26 17:18 . 2008-04-26 17:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-24 12:05 . 2008-04-24 12:28 <DIR> d-------- C:\Program Files\QuickTax 2007
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Intuit Canada
2008-04-24 12:03 . 2008-04-24 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit Canada
2008-04-22 23:13 . 2008-04-22 23:13 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\GTek
2008-04-22 23:13 . 2008-04-22 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2008-04-22 23:13 . 2008-04-22 23:13 5,248 --a------ C:\WINDOWS\system32\OEMINFO.PNF

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 20:12 --------- d-----w C:\Program Files\Azureus
2008-05-16 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-16 04:32 --------- d-----w C:\Program Files\XoftSpy SE
2008-05-16 00:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-15 16:34 --------- d-----w C:\Documents and Settings\Chris\Application Data\Azureus
2008-05-15 04:21 --------- d-----w C:\Program Files\AnyDVD
2008-05-09 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 18:01 --------- d-----w C:\Program Files\ThinkPad
2008-05-05 20:07 --------- d-----w C:\Program Files\Soulseek
2008-05-02 18:38 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd6637.sys
2008-05-01 22:02 --------- d-----w C:\Program Files\Power ISO
2008-04-30 19:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-30 19:16 --------- d-----w C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
2008-04-29 22:34 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-25 05:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-15 22:15 --------- d-----w C:\Program Files\Native Instruments
2008-04-15 22:13 --------- d-----w C:\Program Files\Syncrosoft
2008-04-15 21:52 --------- d-----w C:\Program Files\Games
2008-04-14 18:02 --------- d-----w C:\Program Files\DivX
2008-04-09 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-06 11:27 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-04-04 04:39 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-03 05:41 3,532 ----a-w C:\drmHeader.bin
2008-04-03 04:18 --------- d-----w C:\Program Files\Windows Live
2008-04-03 04:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-03-02 00:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-07-23 18:50 39,832 ----a-w C:\Documents and Settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
2007-02-06 00:11 87,608 ----a-w C:\Documents and Settings\Chris\Application Data\ezpinst.exe
2007-02-06 00:11 47,360 ----a-w C:\Documents and Settings\Chris\Application Data\pcouffin.sys
2006-10-10 13:25 14 ----a-w C:\Documents and Settings\Chris\getfile.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2kAutostart"="" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"AnyDVD"="C:\Program Files\AnyDVD\AnyDVDtray.exe" [2008-05-13 12:41 2091968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"TotalRecorderScheduler"="C:\Program Files\Total Recorder Professional 6\TotRecSched.exe" [2006-05-12 02:32 86016]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 16:14 122880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 16:14 524288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SBCSTray"="C:\Program Files\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 02:50 204800]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 02:38 110592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-16 01:37 262401]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 21:00 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-06-16 23:23 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ZMBV"= zmbv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Games\\Kyodai Mahjongg 2006\\kmj.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:LimeWire UDP
"6881:TCP"= 6881:TCP:Azureus TCP
"6881:UDP"= 6881:UDP:Azureus UDP
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-05-15 23:22]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2005-04-20 02:38]
R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-09-26 11:43]
R2 SwiWiFiComm;SwiWiFiComm;C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe [2007-03-16 15:50]
R3 apusbsnt;Sierra Wireless USB Modem Device Driver;C:\WINDOWS\system32\DRIVERS\apusbsnt.sys [2006-08-24 15:56]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 18:46]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinysxx.sys [2005-01-25 20:36]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;C:\WINDOWS\system32\DRIVERS\atinyvxx.sys [2005-01-25 20:36]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;C:\WINDOWS\system32\DRIVERS\atinyuxx.sys [2005-01-25 20:37]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;C:\WINDOWS\system32\Drivers\ATIUTD.sys [2005-01-25 20:37]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 17:41]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-26 11:43]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-26 11:43]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;C:\WINDOWS\system32\DRIVERS\atinyttx.sys [2005-01-25 20:33]

.
Contents of the 'Scheduled Tasks' folder
"2006-03-11 10:42:52 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
"2008-05-16 23:30:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-16 23:26:08 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-15 09:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2005-06-06 04:59:37 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy 4\XoftSpy.exe
"2008-05-16 23:26:08 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpy SE\XoftSpy.exe
"2008-05-10 10:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpy SE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 17:27:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-16 17:35:56 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-16 23:35:39
ComboFix2.txt  2008-05-16 19:30:11
ComboFix3.txt  2008-05-16 17:58:59
ComboFix4.txt  2008-05-01 00:15:51

Pre-Run: 5,696,503,808 bytes free
Post-Run: 5,672,001,536 bytes free

303 --- E O F --- 2008-05-16 18:11:05
___________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:50 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Total Recorder Professional 6\TotRecSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CounterSpy\SBCSTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\Total Recorder Professional 6\TotRecSched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107394181500
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62EC955C-255C-405C-A396-1967C4580BEB}: NameServer = 204.174.120.45 204.174.120.46
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\CounterSpy\SBCSSvc.exe
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe

--
End of file - 9239 bytes
  Post #239594
 
Posted 5/16/2008 10:05 PM
Associate Member

Associate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate Member

Group: Forum Members
Last Login: 7/29/2008 6:35 PM
Posts: 278, Visits: 273
My PC seems to be running 'excellent' once again Richie. THANKS. I'd like to add, I do not use p2p programs other than soulseek which is strictly mp3 so no viruses/malware. I did have my browser security and cookies set to low, actually cookies were set to 'accept all cookies!' I would assume this is not good! I can't believe I found my browser settings in this state. I use bit torrents sometimes as carefully as i can and i know this poses a risk as well. What would you recommend I run for AV and spyware guard? It seems very tough to find 1 program to protect from and remove all infections. SpyNoMore seems to find the most but I realize this is a case-by-case type of thing. Anyway, it just seems to be happening all-too-often lately! I'm sure there's a guide somewhere on here. I'll search for one in the meantime. Thanks again.

Chris

  Post #239601
 
Posted 5/17/2008 3:31 AM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,427, Visits: 54,734
Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy ALL the text inside the code box below to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\WINDOWS\BMc303b894.xml

Return to OTMoveIt, right click on the "Paste List of Files/Folders to Move" window under the "yellow" bar,and choose Paste,see image below:



Click on the Moveit! button
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt by clicking on the "Exit" button.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Please download Malwarebytes Anti-Malware:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.
(If using Windows Vista,be sure to "Run As Administrator").

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Also post a new Hijackthis log please.

_______________________________________________________________



ASAP & UNITE member since 2006



Use OpenDNS
  Post #239608
 
Posted 5/17/2008 12:29 PM
Associate Member

Associate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate MemberAssociate Member

Group: Forum Members
Last Login: 7/29/2008 6:35 PM
Posts: 278, Visits: 273
C:\WINDOWS\BMc303b894.xml moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05172008_110652

______________________________________________________________________

Malwarebytes' Anti-Malware 1.12
Database version: 758

Scan type: Quick Scan
Objects scanned: 50370
Time elapsed: 13 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_____________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:52 AM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Total Recorder Professional 6\TotRecSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CounterSpy\SBCSTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Chris\Desktop\OldTimerMoveIt2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\Total Recorder Professional 6\TotRecSched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107394181500
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62EC955C-255C-405C-A396-1967C4580BEB}: NameServer = 204.174.120.45 204.174.120.46
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\CounterSpy\SBCSSvc.exe
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe

--
End of file - 9278 bytes
  Post #239640
 
« Prev Topic | Next Topic »


12»»

All times are GMT -6:00, Time now is 9:45am

Powered By InstantForum.NET v4.1.4 © 2009
Execution: 0.099. 9 queries. Compression Disabled.