1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] Win32 Services Error

Discussion in 'Malware and Virus Removal Archive' started by Zervic, 2009/01/18.

  1. 2009/01/18
    Zervic

    Zervic Inactive Thread Starter

    Joined:
    2009/01/18
    Messages:
    3
    Likes Received:
    0
    Thats the error I get. I see a lot of other people are getting this error. I scanned with Windows Defender, ESET Smart Security, and I'm scanning now with Panda. I also scanned with HJT, MsnVirRem, and CleanUp...here is my HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:11:06, on 2009.01.18
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TrueCrypt\TrueCrypt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Steam\Steam.exe
    C:\WINDOWS\system32\mdm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\AIM\aim.exe
    C:\program files\mozilla firefox\firefox.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Yzija] rundll32.exe "C:\WINDOWS\esuveruq.dll ",e
    O4 - HKLM\..\Run: [Eroziho] rundll32.exe "C:\WINDOWS\Jtiqal.dll ",e
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
    O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
    O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: ,wbsys.dll
    O20 - Winlogon Notify: hgGxXonL - hgGxXonL.dll (file missing)
    O20 - Winlogon Notify: ssqOgFWo - ssqOgFWo.dll (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

    --
    End of file - 11704 bytes

    Here is my Panda log:

    Code:
    ANALYSIS: 2009-01-18 03:39:20
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0

PROTECTIONS
Description                                  Version                       Active    Updated

Windows Defender                             1.1.4205.0                    No        No

MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location

00029434  spyware/virtumonde                 Spyware             No        1         Yes            No           hkey_local_machine\software\microsoft\removerp
00029434  spyware/virtumonde                 Spyware             No        1         Yes            No           HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
00029434  spyware/virtumonde                 Spyware             No        1         Yes            No           hkey_local_machine\software\microsoft\rdfa

SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              \

VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                \
    Here is my SmitFraudFix log:

    SmitFraudFix v2.391

    Scan done at 3:45:53.79, 2009.01.18
    Run from C:\Documents and Settings\Josh\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TrueCrypt\TrueCrypt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\program files\mozilla firefox\firefox.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Documents and Settings\Josh\Desktop\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Josh


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Josh\LOCALS~1\Temp


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Josh\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Josh\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "


    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, following keys are not inevitably infected!!!

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs "= ",wbsys.dll "
    "LoadAppInit_DLLs "=dword:00000001


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit "= "C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\ntos.exe, "
    "System "=" "
    "Startup "= "MCPSystemStartup "


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Compact Wireless-G USB Adapter - Packet Scheduler Miniport
    DNS Server Search Order: 24.205.192.61
    DNS Server Search Order: 66.215.64.14
    DNS Server Search Order: 24.205.1.14

    Description: Compact Wireless-G USB Adapter - Packet Scheduler Miniport
    DNS Server Search Order: 24.205.192.61
    DNS Server Search Order: 66.215.64.14
    DNS Server Search Order: 24.205.1.14

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8AD84E4B-C868-426F-95A8-3D425EB24D19}: DhcpNameServer=24.205.192.61 66.215.64.14 24.205.1.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{D80EFF1F-4824-4AA1-9707-1315CD6263B9}: DhcpNameServer=24.205.192.61 66.215.64.14 24.205.1.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8AD84E4B-C868-426F-95A8-3D425EB24D19}: DhcpNameServer=24.205.192.61 66.215.64.14 24.205.1.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{D80EFF1F-4824-4AA1-9707-1315CD6263B9}: DhcpNameServer=24.205.192.61 66.215.64.14 24.205.1.14
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{8AD84E4B-C868-426F-95A8-3D425EB24D19}: DhcpNameServer=24.205.192.61 66.215.64.14 24.205.1.14
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{D80EFF1F-4824-4AA1-9707-1315CD6263B9}: DhcpNameServer=24.205.192.61 66.215.64.14 24.205.1.14
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.205.192.61 66.215.64.14 24.205.1.14
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.205.192.61 66.215.64.14 24.205.1.14
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.205.192.61 66.215.64.14 24.205.1.14


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Any help sifting through all of this would be awesome. Thank you before hand.

    Edit: Her is my DDS log:


    DDS (Ver_09-01-07.01) - NTFSx86
    Run by Josh at 3:58:40.75 on 2009.01.18
    Internet Explorer: 8.0.6001.17184 BrowserJavaVersion: 1.6.0_07
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1201 [GMT -8:00]

    AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
    FW: ESET Personal firewall *enabled*
    FW: COMODO Firewall Pro *enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TrueCrypt\TrueCrypt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\program files\mozilla firefox\firefox.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Documents and Settings\Josh\Desktop\SmitfraudFix\Policies.exe
    C:\Documents and Settings\Josh\Desktop\VundoFix.exe
    C:\Documents and Settings\Josh\Desktop\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a favorites
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
    mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe "
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [Yzija] rundll32.exe "c:\windows\esuveruq.dll ",e
    mRun: [Eroziho] rundll32.exe "c:\windows\Jtiqal.dll ",e
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\josh\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\josh\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: Download all by Rapidown... - c:\program files\rapidown\rapidownGetAll.htm
    IE: Download by Rapidown... - c:\program files\rapidown\rapidownGet.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {57E91B47-F40A-11D1-B792-444553540011} - c:\program files\rapidown\rapidown.exe
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: hgGxXonL - hgGxXonL.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
    Notify: ssqOgFWo - ssqOgFWo.dll
    Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
    AppInit_DLLs: ,wbsys.dll
    SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
    LSA: Authentication Packages = msv1_0 relog_ap

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\josh\applic~1\mozilla\firefox\profiles\ajaevwzs.default\
    FF - plugin: c:\program files\mozilla firefox\plugins\np32dsw.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npBitCometAgent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL
    FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPSWF32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - HiddenExtension: XUL Cache: {EAFC0575-D39B-49E2-BB8C-1706F16FAC29} - c:\windows\system32\config\systemprofile\local settings\application data\{eafc0575-d39b-49e2-bb8c-1706f16fac29}\
    FF - HiddenExtension: XUL Cache: {92C432EF-28BC-4D31-8E74-3A5EC46E1AFE} - c:\documents and settings\josh\local settings\application data\{92C432EF-28BC-4D31-8E74-3A5EC46E1AFE}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: nglayout.initialpaint.delay - 600

    ============= SERVICES / DRIVERS ===============

    R1 httpp;httpp;c:\windows\system32\drivers\httpp.sys [2009-1-10 86144]
    R4 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2008-3-13 472320]
    R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S1 1cea388a;1cea388a;c:\windows\system32\drivers\1cea388a.sys --> c:\windows\system32\drivers\1cea388a.sys [?]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-8-7 9344]
    S3 CXFALCON;AVerMedia AVerTV Video Capture (Falcon);c:\windows\system32\drivers\AF2VCap.sys [2005-5-19 106880]
    S3 new_drv;!!!!;\??\c:\windows\new_drv.sys --> c:\windows\new_drv.sys [?]
    S4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]

    =============== Created Last 30 ================

    2009-01-18 03:53 <DIR> --d----- C:\VundoFix Backups
    2009-01-18 03:51 <DIR> --d----- c:\docume~1\josh\applic~1\Malwarebytes
    2009-01-18 03:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-01-18 03:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-18 03:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-01-18 03:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-01-18 03:25 <DIR> --d----- c:\program files\CleanUp!
    2009-01-18 03:19 28,544 a------- c:\windows\system32\drivers\pavboot.sys
    2009-01-18 03:18 <DIR> --d----- c:\program files\Panda Security
    2009-01-18 03:10 <DIR> --d----- c:\program files\Trend Micro
    2009-01-16 22:40 195,096 a------- c:\windows\system32\lvci11901262.dll
    2009-01-16 10:56 <DIR> --d----- C:\BackupDrivers
    2009-01-16 10:56 0 a------- C:\dmlt.exe
    2009-01-16 10:56 41,984 a------- C:\tvtuvy.exe
    2009-01-16 10:55 134,144 a------- C:\lkfwtkmy.exe
    2009-01-16 10:55 2 a------- C:\-526364923
    2009-01-16 10:55 124,928 a------- C:\nykvltjg.exe
    2009-01-16 10:55 2,798 a------- c:\windows\system32\work.ini
    2009-01-16 10:55 54,272 a------- C:\ksscvra.exe
    2009-01-16 10:55 313,380 a------- c:\windows\system32\hguest.exe
    2009-01-16 10:55 24,576 a------- C:\xvqagdj.exe
    2009-01-16 10:55 228 a------- c:\windows\system32\hgset.ini
    2009-01-16 10:50 1,686,016 a------- c:\windows\system32\clinetsuitex6.ocx
    2009-01-16 10:50 427,864 a------- c:\windows\system32\XceedZip.dll
    2009-01-16 10:50 <DIR> --d----- c:\program files\Driver-Soft
    2009-01-16 10:25 133,120 a------- c:\windows\esuveruq.dll
    2009-01-16 09:43 41,984 -------- c:\windows\Jtiqal.dll
    2009-01-16 09:43 41,984 a------- c:\windows\system32\chert5-998.exe
    2009-01-15 17:49 768,024 a------- c:\windows\system32\drivers\lvrs.sys
    2009-01-15 17:49 29,562 a------- c:\windows\system32\Repository.reg
    2009-01-15 17:49 13,848 a------- c:\windows\system32\drivers\lv302af.sys
    2009-01-15 17:43 195,096 a------- c:\windows\system32\lvci11701196.dll
    2009-01-15 17:43 81,110 a------- c:\windows\system32\lvcoinst.ini
    2009-01-15 17:43 494,104 a------- c:\windows\system32\LVUI2.dll
    2009-01-15 17:43 432,664 a------- c:\windows\system32\LVUI2RC.dll
    2009-01-15 17:43 416,280 a------- c:\windows\system32\lvcodec2.dll
    2009-01-15 17:43 41,752 a------- c:\windows\system32\drivers\LVUSBSta.sys
    2009-01-15 17:43 2,686,104 a------- c:\windows\system32\drivers\LV302V32.SYS
    2009-01-13 07:45 8 a------- c:\windows\system32\nvModes.dat
    2009-01-13 03:43 40,960 a------- c:\windows\system32\bnjevjec.dll
    2009-01-13 03:42 1,637,630 a--sh--- c:\windows\system32\giSBaJjl.ini
    2009-01-13 03:42 369 a--sh--- c:\windows\system32\giSBaJjl.ini2
    2009-01-13 03:30 262,144 a------- c:\windows\system32\wrap_oal.dll
    2009-01-13 03:30 86,016 a------- c:\windows\system32\OpenAL32.dll
    2009-01-13 03:29 21,664 a------- c:\windows\system32\drivers\Entech.sys
    2009-01-13 03:29 6,173 a------- c:\windows\system32\drivers\Entech.vxd
    2009-01-13 03:29 5,632 a------- c:\windows\system32\drivers\Entech64.sys
    2009-01-13 03:29 3,972 a------- c:\windows\system32\drivers\PciBus.sys
    2009-01-13 03:29 <DIR> --d----- c:\windows\system32\Futuremark
    2009-01-12 10:05 1,347 a------- c:\windows\system32\ahtn.htm
    2009-01-12 10:05 1 a------- c:\windows\system32\uniq.tll
    2009-01-12 10:05 1 a------- c:\windows\system32\test.ttt
    2009-01-12 10:04 31,232 a------- c:\windows\system32\pcload.exe
    2009-01-11 17:56 45 a------- c:\windows\system32\initdebug.nfo
    2009-01-10 00:43 86,144 a------- c:\windows\system32\drivers\httpp.sys
    2009-01-10 00:43 932 a------- c:\windows\system32\drivers\core.cache.dsk
    2009-01-10 00:43 <DIR> --d----- c:\windows\system32\tp2
    2009-01-10 00:43 <DIR> --d----- c:\windows\system32\enUZ
    2009-01-10 00:35 1,380,861 ---sh--- c:\windows\system32\kqobggid.ini
    2009-01-10 00:33 714,879 a--sh--- c:\windows\system32\oUBJRXyb.ini
    2009-01-10 00:33 370 a--sh--- c:\windows\system32\oUBJRXyb.ini2
    2009-01-06 01:15 <DIR> --d----- c:\program files\Bonjour
    2009-01-06 01:13 <DIR> --d----- c:\program files\iPod
    2009-01-06 01:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-06 01:10 7,143 a------- c:\windows\system32\nvide.nvu
    2009-01-06 01:09 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
    2009-01-06 01:09 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
    2009-01-06 01:09 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
    2009-01-06 01:09 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
    2009-01-06 01:09 16,384 ac------ c:\windows\system32\dllcache\ipsink.ax
    2009-01-06 01:09 15,232 ac------ c:\windows\system32\dllcache\streamip.sys
    2009-01-06 01:09 16,384 a------- c:\windows\system32\ipsink.ax
    2009-01-06 01:09 15,232 a------- c:\windows\system32\drivers\StreamIP.sys
    2009-01-06 01:09 11,136 ac------ c:\windows\system32\dllcache\slip.sys
    2009-01-06 01:09 11,136 a------- c:\windows\system32\drivers\SLIP.sys
    2009-01-06 01:08 19,200 ac------ c:\windows\system32\dllcache\wstcodec.sys
    2009-01-06 01:08 19,200 a------- c:\windows\system32\drivers\WSTCODEC.SYS
    2009-01-06 01:08 85,248 ac------ c:\windows\system32\dllcache\nabtsfec.sys
    2009-01-06 01:08 85,248 a------- c:\windows\system32\drivers\NABTSFEC.sys
    2009-01-06 01:08 17,024 ac------ c:\windows\system32\dllcache\ccdecode.sys
    2009-01-06 01:08 17,024 a------- c:\windows\system32\drivers\CCDECODE.sys
    2009-01-06 01:07 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
    2009-01-06 01:07 53,760 a------- c:\windows\system32\vfwwdm32.dll
    2009-01-06 01:07 91,136 ac------ c:\windows\system32\dllcache\kswdmcap.ax
    2009-01-06 01:07 61,952 ac------ c:\windows\system32\dllcache\kstvtune.ax
    2009-01-06 01:07 43,008 ac------ c:\windows\system32\dllcache\ksxbar.ax
    2009-01-06 01:07 61,952 a------- c:\windows\system32\kstvtune.ax
    2009-01-06 01:07 43,008 a------- c:\windows\system32\ksxbar.ax
    2009-01-06 01:07 91,136 -------- c:\windows\system32\kswdmcap.ax
    2009-01-06 00:54 <DIR> --d-h--- C:\0ee21a74708ed7583eafd99713bd2a
    2009-01-06 00:54 <DIR> --d----- c:\windows\SxsCaPendDel
    2009-01-06 00:49 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
    2009-01-06 00:47 <DIR> --d-hr-- C:\AHCache
    2009-01-06 00:42 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
    2009-01-06 00:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
    2009-01-06 00:40 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
    2009-01-06 00:34 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
    2009-01-06 00:34 28,416 a------- c:\windows\system32\uxtuneup.dll
    2009-01-05 13:16 20,747 a------- c:\windows\system32\drivers\AegisP.sys
    2009-01-05 13:16 7,846 a------- c:\windows\system32\rt73.cat
    2009-01-05 13:16 252,928 a------- c:\windows\system32\drivers\rt73.sys
    2009-01-05 13:16 245,248 a------- c:\windows\system32\rt73.sys
    2009-01-05 13:16 32,768 a------- c:\windows\system32\GTGina.dll
    2009-01-05 13:16 17,992 a------- c:\windows\system32\drivers\bcm42rly.sys
    2009-01-05 13:16 17,992 a------- c:\windows\bcm42rly.sys
    2009-01-05 13:16 <DIR> --d----- c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
    2009-01-04 08:43 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
    2009-01-04 08:43 22,328 a------- c:\docume~1\josh\applic~1\PnkBstrK.sys
    2009-01-04 08:43 103,736 a------- c:\windows\system32\PnkBstrB.exe
    2009-01-04 08:43 66,872 a------- c:\windows\system32\PnkBstrA.exe
    2009-01-04 08:43 669,184 a------- c:\windows\system32\pbsvc.exe
    2009-01-04 08:43 1,358,192 a------- c:\windows\system32\D3DCompiler_35.dll
    2009-01-04 08:43 444,776 a------- c:\windows\system32\d3dx10_35.dll
    2009-01-04 08:42 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
    2009-01-03 12:16 <DIR> --d-h--- C:\Temp
    2009-01-02 17:30 <DIR> --d----- c:\windows\system32\Lang
    2009-01-02 17:27 553 a------- c:\windows\USetup.iss
    2009-01-02 17:27 <DIR> --d----- c:\windows\system32\RTCOM
    2009-01-02 17:26 266,240 a------- c:\windows\system32\RTSndMgr.CPL
    2009-01-02 17:26 77,824 a------- c:\windows\SOUNDMAN.EXE
    2009-01-02 17:26 9,715,200 a------- c:\windows\RTLCPL.EXE
    2009-01-02 17:26 4,968,448 a------- c:\windows\system32\drivers\RtkHDAud.sys
    2009-01-02 17:26 1,200,128 a------- c:\windows\RtlUpd.exe
    2009-01-02 17:26 18,081,280 a------- c:\windows\RTHDCPL.EXE
    2009-01-02 17:26 2,168,320 a------- c:\windows\MicCal.exe
    2009-01-02 17:26 2,808,832 a------- c:\windows\ALCWZRD.EXE
    2009-01-02 17:26 278,528 a------- c:\windows\system32\ALSNDMGR.CPL
    2009-01-02 17:26 57,344 a------- c:\windows\ALCMTR.EXE
    2009-01-02 17:26 <DIR> --d----- c:\program files\Realtek
    2009-01-02 17:26 528,384 a------- c:\windows\RtlExUpd.dll
    2009-01-02 12:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
    2009-01-02 11:54 <DIR> --d-h--- C:\SWSetup

    ==================== Find3M ====================

    2009-01-18 03:46 3,494 a------- c:\windows\system32\tmp.reg
    2008-12-16 21:58 25,624 a------- c:\windows\system32\drivers\LVPr2Mon.sys
    2008-12-16 21:50 13,584 a------- c:\windows\system32\drivers\iKeyLgFT.dll
    2008-12-16 21:38 227,172 a------- c:\windows\system32\drivers\LVFeL000.cfg
    2008-12-16 21:38 146,680 a------- c:\windows\system32\drivers\LVFeL001.cfg
    2008-12-16 21:38 85,302 a------- c:\windows\system32\drivers\LVFeL002.cfg
    2008-12-16 21:38 69,592 a------- c:\windows\system32\drivers\LVFaL000.cfg
    2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
    2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
    2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
    2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe
    2008-11-12 19:42 16,185 a------- c:\windows\favybyjezo.sys
    2008-11-12 19:42 15,466 a------- c:\program files\common files\giwizegul.bin
    2008-11-12 19:42 15,218 a------- c:\program files\common files\ijyb._dl
    2008-11-12 19:42 13,812 a------- c:\windows\system32\gubesu.dll
    2008-11-12 19:42 11,772 a------- c:\docume~1\alluse~1\applic~1\ydoji.bat
    2008-11-12 19:42 11,730 a------- c:\windows\system32\cesoh.dat
    2008-11-12 19:42 10,292 a------- c:\docume~1\josh\applic~1\refurer.scr
    2008-11-12 19:42 10,255 a------- c:\program files\common files\ymobosolu.dl
    2008-04-22 21:22 256 ac------ c:\documents and settings\josh\pool.bin

    ============= FINISH: 4:00:06.35 ===============
     
    Last edited: 2009/01/18
    Zervic,
    #1
  2. 2009/01/18
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Zervic :)

    Please visit the following webpage for instructions for downloading and running ComboFix

    How to use ComboFix


    Download ComboFix by sUBs from here, saving the file to your desktop.


    Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    **NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.


    Please do not put the log in a code box or quote box. Just post it as plain text. It would be helpful for me as well if you would leave the board font at the default settings. Thanks!
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2009/01/19
    Zervic

    Zervic Inactive Thread Starter

    Joined:
    2009/01/18
    Messages:
    3
    Likes Received:
    0
    Sorry about the font and the code box's...here is my combofix log:

    ComboFix 09-01-18.01 - Josh 2009-01-18 21:54:10.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1287 [GMT -8:00]
    Running from: c:\documents and settings\Josh\Desktop\ComboFix.exe
    AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
    FW: COMODO Firewall Pro *enabled*
    FW: ESET Personal firewall *disabled*
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\Josh\Application Data\.#
    c:\documents and settings\Josh\Application Data\.#\MBX@1328@E739D0.###
    c:\documents and settings\Josh\Application Data\.#\MBX@1328@E739E0.###
    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\giSBaJjl.ini
    c:\windows\system32\giSBaJjl.ini2
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\kqobggid.ini
    c:\windows\system32\mdm.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\oUBJRXyb.ini
    c:\windows\system32\oUBJRXyb.ini2
    c:\windows\system32\Process.exe
    c:\windows\system32\senekaypiqvdnb.dat
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\test.ttt
    c:\windows\system32\tmp.reg
    c:\windows\system32\uniq.tll
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    c:\windows\Tasks\antqtpjl.job

    ----- BITS: Possible infected sites -----

    hxxp://childhe.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_new_drv
    -------\Service_seneka


    ((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
    .

    2009-01-18 03:53 . 2009-01-18 03:53 <DIR> d-------- C:\VundoFix Backups
    2009-01-18 03:51 . 2009-01-18 03:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-18 03:51 . 2009-01-18 03:51 <DIR> d-------- c:\documents and settings\Josh\Application Data\Malwarebytes
    2009-01-18 03:51 . 2009-01-18 03:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-18 03:51 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-18 03:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-18 03:25 . 2009-01-18 03:25 <DIR> d-------- c:\program files\CleanUp!
    2009-01-18 03:19 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
    2009-01-18 03:18 . 2009-01-18 03:18 <DIR> d-------- c:\program files\Panda Security
    2009-01-18 03:10 . 2009-01-18 03:10 <DIR> d-------- c:\program files\Trend Micro
    2009-01-16 22:40 . 2008-12-16 21:55 195,096 --a------ c:\windows\system32\lvci11901262.dll
    2009-01-16 10:56 . 2009-01-16 10:58 <DIR> d-------- C:\BackupDrivers
    2009-01-16 10:56 . 2009-01-16 10:56 0 --a------ C:\dmlt.exe
    2009-01-16 10:55 . 2009-01-16 10:55 124,928 --a------ C:\nykvltjg.exe
    2009-01-16 10:55 . 2009-01-16 10:55 54,272 --a------ C:\ksscvra.exe
    2009-01-16 10:55 . 2009-01-16 10:55 24,576 --a------ C:\xvqagdj.exe
    2009-01-16 10:55 . 2009-01-16 14:56 2,798 --a------ c:\windows\system32\work.ini
    2009-01-16 10:55 . 2009-01-17 02:35 228 --a------ c:\windows\system32\hgset.ini
    2009-01-16 10:55 . 2009-01-16 10:55 2 --a------ C:\-526364923
    2009-01-16 10:50 . 2009-01-16 10:50 <DIR> d-------- c:\program files\Driver-Soft
    2009-01-16 10:50 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx
    2009-01-16 10:50 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll
    2009-01-16 09:43 . 2009-01-16 09:43 41,984 --a------ c:\windows\system32\chert5-998.exe
    2009-01-15 17:49 . 2008-12-16 22:00 768,024 --a------ c:\windows\system32\drivers\lvrs.sys
    2009-01-15 17:49 . 2008-12-16 21:37 29,562 --a------ c:\windows\system32\Repository.reg
    2009-01-15 17:49 . 2008-12-16 21:53 13,848 --a------ c:\windows\system32\drivers\lv302af.sys
    2009-01-15 17:43 . 2008-12-16 21:53 2,686,104 --a------ c:\windows\system32\drivers\LV302V32.SYS
    2009-01-15 17:43 . 2008-12-16 22:00 494,104 --a------ c:\windows\system32\LVUI2.dll
    2009-01-15 17:43 . 2008-12-16 22:01 432,664 --a------ c:\windows\system32\LVUI2RC.dll
    2009-01-15 17:43 . 2008-12-16 21:55 416,280 --a------ c:\windows\system32\lvcodec2.dll
    2009-01-15 17:43 . 2008-02-05 18:18 195,096 --a------ c:\windows\system32\lvci11701196.dll
    2009-01-15 17:43 . 2008-12-16 21:37 81,110 --a------ c:\windows\system32\lvcoinst.ini
    2009-01-15 17:43 . 2008-12-16 22:01 41,752 --a------ c:\windows\system32\drivers\LVUSBSta.sys
    2009-01-13 07:45 . 2009-01-13 07:45 8 --a------ c:\windows\system32\nvModes.dat
    2009-01-13 03:30 . 2009-01-13 03:30 262,144 --a------ c:\windows\system32\wrap_oal.dll
    2009-01-13 03:30 . 2009-01-13 03:30 86,016 --a------ c:\windows\system32\OpenAL32.dll
    2009-01-13 03:29 . 2009-01-13 03:29 <DIR> d-------- c:\windows\system32\Futuremark
    2009-01-13 03:29 . 2004-10-25 20:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys
    2009-01-13 03:29 . 1999-11-02 10:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd
    2009-01-13 03:29 . 2004-06-22 15:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys
    2009-01-13 03:29 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys
    2009-01-12 10:04 . 2009-01-12 10:04 31,232 --a------ c:\windows\system32\pcload.exe
    2009-01-11 17:56 . 2009-01-11 17:56 45 --a------ c:\windows\system32\initdebug.nfo
    2009-01-10 00:43 . 2009-01-10 00:43 <DIR> d-------- c:\windows\system32\tp2
    2009-01-10 00:43 . 2009-01-10 00:43 <DIR> d-------- c:\windows\system32\enUZ
    2009-01-06 01:15 . 2009-01-06 01:15 <DIR> d-------- c:\program files\Bonjour
    2009-01-06 01:13 . 2009-01-06 01:13 <DIR> d-------- c:\program files\iPod
    2009-01-06 01:12 . 2009-01-06 01:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-06 01:10 . 2008-07-10 04:07 7,143 --a------ c:\windows\system32\nvide.nvu
    2009-01-06 01:09 . 2008-03-20 16:06 16,384 --a------ c:\windows\system32\ipsink.ax
    2009-01-06 01:09 . 2008-03-20 16:06 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
    2009-01-06 01:09 . 2008-03-20 10:09 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys
    2009-01-06 01:09 . 2008-03-20 10:09 15,232 --a--c--- c:\windows\system32\dllcache\streamip.sys
    2009-01-06 01:09 . 2008-03-20 10:09 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
    2009-01-06 01:09 . 2008-03-20 10:09 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
    2009-01-06 01:09 . 2008-03-20 10:09 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
    2009-01-06 01:09 . 2008-03-20 10:09 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
    2009-01-06 01:09 . 2008-03-20 10:02 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
    2009-01-06 01:09 . 2008-03-20 10:02 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
    2009-01-06 01:08 . 2008-03-20 10:10 85,248 --a------ c:\windows\system32\drivers\NABTSFEC.sys
    2009-01-06 01:08 . 2008-03-20 10:10 85,248 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
    2009-01-06 01:08 . 2008-03-20 10:10 19,200 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
    2009-01-06 01:08 . 2008-03-20 10:10 19,200 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
    2009-01-06 01:08 . 2008-03-20 10:09 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
    2009-01-06 01:08 . 2008-03-20 10:09 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
    2009-01-06 01:07 . 2008-03-20 16:06 91,136 --------- c:\windows\system32\kswdmcap.ax
    2009-01-06 01:07 . 2008-03-20 16:06 91,136 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
    2009-01-06 01:07 . 2008-03-20 16:06 61,952 --a------ c:\windows\system32\kstvtune.ax
    2009-01-06 01:07 . 2008-03-20 16:06 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
    2009-01-06 01:07 . 2008-03-20 16:06 53,760 --a------ c:\windows\system32\vfwwdm32.dll
    2009-01-06 01:07 . 2008-03-20 16:06 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
    2009-01-06 01:07 . 2008-03-20 16:06 43,008 --a------ c:\windows\system32\ksxbar.ax
    2009-01-06 01:07 . 2008-03-20 16:06 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
    2009-01-06 01:06 . 2009-01-06 01:08 <DIR> d-------- c:\program files\QuickTime
    2009-01-06 00:54 . 2009-01-06 19:32 <DIR> d-------- c:\windows\SxsCaPendDel
    2009-01-06 00:54 . 2009-01-06 00:55 <DIR> d--h----- C:\0ee21a74708ed7583eafd99713bd2a
    2009-01-06 00:49 . 2009-01-06 01:34 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
    2009-01-06 00:47 . 2009-01-06 00:47 <DIR> dr-h----- C:\AHCache
    2009-01-06 00:42 . 2009-01-06 00:42 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
    2009-01-06 00:41 . 2009-01-06 00:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
    2009-01-06 00:40 . 2009-01-06 00:41 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
    2009-01-06 00:34 . 2009-01-06 00:34 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-06 00:34 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
    2009-01-05 13:16 . 2009-01-05 13:16 <DIR> d-------- c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
    2009-01-05 13:16 . 2006-01-12 20:46 252,928 --a------ c:\windows\system32\drivers\rt73.sys
    2009-01-05 13:16 . 2005-11-24 16:51 245,248 --a------ c:\windows\system32\rt73.sys
    2009-01-05 13:16 . 2005-11-03 14:41 32,768 --a------ c:\windows\system32\GTGina.dll
    2009-01-05 13:16 . 2009-01-05 13:16 20,747 --a------ c:\windows\system32\drivers\AegisP.sys
    2009-01-05 13:16 . 2005-02-01 15:18 17,992 --a------ c:\windows\system32\drivers\bcm42rly.sys
    2009-01-05 13:16 . 2005-02-01 15:18 17,992 --a------ c:\windows\bcm42rly.sys
    2009-01-05 13:16 . 2005-12-06 01:24 7,846 --a------ c:\windows\system32\rt73.cat
    2009-01-04 08:46 . 2009-01-04 08:46 <DIR> d-------- c:\program files\GameSpy
    2009-01-04 08:44 . 2009-01-04 08:44 <DIR> dr-h----- c:\documents and settings\Josh\Application Data\SecuROM
    2009-01-04 08:43 . 2007-07-19 15:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
    2009-01-04 08:43 . 2009-01-04 08:43 669,184 --a------ c:\windows\system32\pbsvc.exe
    2009-01-04 08:43 . 2007-07-19 15:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
    2009-01-04 08:43 . 2009-01-04 08:43 103,736 --a------ c:\windows\system32\PnkBstrB.exe
    2009-01-04 08:43 . 2009-01-04 08:43 66,872 --a------ c:\windows\system32\PnkBstrA.exe
    2009-01-04 08:43 . 2009-01-04 08:43 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
    2009-01-04 08:43 . 2009-01-04 08:43 22,328 --a------ c:\documents and settings\Josh\Application Data\PnkBstrK.sys
    2009-01-04 08:42 . 2007-07-19 15:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
    2009-01-04 08:28 . 2009-01-04 08:28 <DIR> d-------- c:\program files\Electronic Arts
    2009-01-03 12:16 . 2009-01-18 03:25 <DIR> d--h----- C:\Temp
    2009-01-03 12:14 . 2009-01-13 22:31 <DIR> d-------- c:\documents and settings\Josh\Application Data\dvdcss
    2009-01-02 17:30 . 2009-01-02 17:30 <DIR> d-------- c:\windows\system32\Lang
    2009-01-02 17:27 . 2009-01-02 17:27 <DIR> d-------- c:\windows\system32\RTCOM
    2009-01-02 17:27 . 2007-11-14 12:18 553 --a------ c:\windows\USetup.iss
    2009-01-02 17:26 . 2009-01-02 17:26 <DIR> d-------- c:\program files\Realtek
    2009-01-02 17:26 . 2008-12-26 13:20 18,081,280 --a------ c:\windows\RTHDCPL.EXE
    2009-01-02 17:26 . 2008-06-19 13:27 9,715,200 --a------ c:\windows\RTLCPL.EXE
    2009-01-02 17:26 . 2008-12-26 14:27 4,968,448 --a------ c:\windows\system32\drivers\RtkHDAud.sys
    2009-01-02 17:26 . 2008-06-19 13:42 2,808,832 --a------ c:\windows\ALCWZRD.EXE
    2009-01-02 17:26 . 2008-09-30 13:38 2,168,320 --a------ c:\windows\MicCal.exe
    2009-01-02 17:26 . 2008-09-19 14:48 1,200,128 --a------ c:\windows\RtlUpd.exe
    2009-01-02 17:26 . 2008-08-25 13:17 528,384 --a------ c:\windows\RtlExUpd.dll
    2009-01-02 17:26 . 2008-06-19 13:24 278,528 --a------ c:\windows\system32\ALSNDMGR.CPL
    2009-01-02 17:26 . 2008-03-13 11:52 266,240 --a------ c:\windows\system32\RTSndMgr.CPL
    2009-01-02 17:26 . 2008-08-19 10:26 77,824 --a------ c:\windows\SOUNDMAN.EXE
    2009-01-02 17:26 . 2008-06-19 13:20 57,344 --a------ c:\windows\ALCMTR.EXE
    2009-01-02 12:49 . 2009-01-02 12:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
    2009-01-02 11:54 . 2009-01-02 11:54 <DIR> d--h----- C:\SWSetup
    2009-01-02 11:54 . 2009-01-02 11:54 <DIR> d-------- c:\program files\Hewlett-Packard

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-19 05:54 --------- d-----w c:\program files\Steam
    2009-01-19 02:39 --------- d-----w c:\documents and settings\Josh\Application Data\LimeWire
    2009-01-18 11:26 --------- d-----w c:\program files\FlashGet
    2009-01-17 18:52 --------- d-----w c:\program files\AIM
    2009-01-17 16:55 --------- d-----w c:\program files\Common Files\Adobe
    2009-01-17 06:40 --------- d-----w c:\program files\Common Files\Logishrd
    2009-01-17 06:39 --------- d-----w c:\program files\Logitech
    2009-01-17 06:39 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
    2009-01-17 01:31 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 3
    2009-01-16 01:48 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
    2009-01-16 01:39 --------- d-----w c:\program files\Common Files\Stardock
    2009-01-14 19:32 --------- d-----w c:\program files\VideoLAN
    2009-01-14 18:25 --------- d-----w c:\program files\Xilisoft
    2009-01-14 18:06 --------- d-----w c:\program files\X-Script
    2009-01-13 11:28 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-13 10:46 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
    2009-01-12 18:57 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
    2009-01-09 22:47 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-01-09 22:47 --------- d-----w c:\program files\AGEIA Technologies
    2009-01-09 00:59 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
    2009-01-09 00:37 --------- d-----w c:\program files\BitComet
    2009-01-06 09:36 --------- d-----w c:\documents and settings\Josh\Application Data\Uniblue
    2009-01-06 09:34 --------- d-----w c:\program files\Uniblue
    2009-01-06 09:13 --------- d-----w c:\program files\iTunes
    2009-01-06 09:13 --------- d-----w c:\program files\Common Files\Apple
    2009-01-06 08:59 --------- d-----w c:\program files\Safari
    2009-01-06 08:37 --------- d-----w c:\program files\TuneUp Utilities 2008
    2009-01-06 02:31 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-17 05:58 25,624 ----a-w c:\windows\system32\drivers\LVPr2Mon.sys
    2008-12-17 05:50 13,584 ----a-w c:\windows\system32\drivers\iKeyLgFT.dll
    2008-12-17 05:38 85,302 ----a-w c:\windows\system32\drivers\LVFeL002.cfg
    2008-12-17 05:38 69,592 ----a-w c:\windows\system32\drivers\LVFaL000.cfg
    2008-12-17 05:38 227,172 ----a-w c:\windows\system32\drivers\LVFeL000.cfg
    2008-12-17 05:38 146,680 ----a-w c:\windows\system32\drivers\LVFeL001.cfg
    2008-11-28 00:15 --------- d-----w c:\program files\Mozilla Thunderbird
    2008-11-13 03:42 16,185 ----a-w c:\windows\favybyjezo.sys
    2008-11-13 03:42 15,466 ----a-w c:\program files\Common Files\giwizegul.bin
    2008-11-13 03:42 15,218 ----a-w c:\program files\Common Files\ijyb._dl
    2008-11-13 03:42 11,772 ----a-w c:\documents and settings\All Users\Application Data\ydoji.bat
    2008-11-13 03:42 10,292 ----a-w c:\documents and settings\Josh\Application Data\refurer.scr
    2008-11-13 03:42 10,255 ----a-w c:\program files\Common Files\ymobosolu.dl
    2008-04-23 05:22 256 -c--a-w c:\documents and settings\Josh\pool.bin
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-03-20 15360]
    "TrueCrypt "= "c:\program files\TrueCrypt\TrueCrypt.exe" [2008-03-16 1103040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-11-04 13574144]
    "TrueImageMonitor.exe "= "c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]
    "AcronisTimounterMonitor "= "c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]
    "Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]
    "egui "= "c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-11-04 86016]
    "LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "nwiz "= "nwiz.exe" [2008-11-04 c:\windows\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-11-28 c:\windows\KHALMNPR.Exe]
    "RTHDCPL "= "RTHDCPL.EXE" [2008-12-26 c:\windows\RTHDCPL.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-23 437160]

    c:\documents and settings\Josh\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
    Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-03-14 3581680]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-01-15 66864]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-03-09 789008]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel "= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop "= 1 (0x1)
    "NoActiveDesktopChanges "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-01-09 08:30 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    2005-01-31 15:13 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    2008-03-13 19:50 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ c:\windows\system32\ctrubrjx.exe c:\windows\system32\ctrubrjx.exe:changelist\0c:\windows\system32\dfznejlg.exe c:\windows\system32\dfznejlg.exe:changelist\0autocheck autochk *\0lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "aawservice "=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\AIM\\aim.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Steam\\steamapps\\thesultanofswing\\counter-strike\\hl.exe "=
    "c:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe "=
    "c:\\Program Files\\OGPlanet\\Albatross18\\update.exe "=
    "c:\\Program Files\\BitComet\\BitComet.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe "=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "12388:TCP "= 12388:TCP:BitComet 12388 TCP
    "12388:UDP "= 12388:UDP:BitComet 12388 UDP
    "6881:TCP "= 6881:TCP:BitComet 6881 TCP
    "6881:UDP "= 6881:UDP:BitComet 6881 UDP

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-18 28544]
    R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]
    R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S1 1cea388a;1cea388a;c:\windows\system32\drivers\1cea388a.sys --> c:\windows\system32\drivers\1cea388a.sys [?]
    S1 httpp;httpp;c:\windows\system32\drivers\httpp.sys --> c:\windows\system32\drivers\httpp.sys [?]
    S3 CXFALCON;AVerMedia AVerTV Video Capture (Falcon);c:\windows\system32\drivers\AF2VCap.sys [2005-05-19 106880]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10fd857c-ed33-11dc-87df-806d6172696f}]
    \Shell\AutoRun\command - F:\setupSNK.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-19 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

    2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:34]

    2009-01-19 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-hgGxXonL - hgGxXonL.dll
    Notify-ssqOgFWo - ssqOgFWo.dll
    MSConfigStartUp-e0a04faa - c:\windows\system32\diggboqk.dll
    MSConfigStartUp-Eroziho - c:\windows\Jtiqal.dll
    MSConfigStartUp-ttool - c:\windows\9129837.exe
    MSConfigStartUp-Yzija - c:\windows\esuveruq.dll


    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm
    IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\rapidown.exe
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
    FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\ajaevwzs.default\
    FF - plugin: c:\program files\mozilla firefox\plugins\np32dsw.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npBitCometAgent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL
    FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPSWF32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: nglayout.initialpaint.delay - 600
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-18 22:01:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1076)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\progra~1\COMMON~1\Stardock\mcpstub.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

    - - - - - - - > 'lsass.exe'(1140)
    c:\windows\system32\relog_ap.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\COMMON~1\Stardock\SDMCP.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-18 22:08:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-19 06:08:08

    Pre-Run: 86,148,034,560 bytes free
    Post-Run: 86,023,901,184 bytes free

    411 --- E O F --- 2009-01-19 06:07:07
     
    Zervic,
    #3
  5. 2009/01/19
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please allow ComboFix to download and install the Recovery Console when prompted.

    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    
http://www.windowsbbs.com/malware-virus-removal/80652-active-win32-services-error.html#post439222
File::
c:\windows\system32\config\systemprofile\local settings\application data\{eafc0575-d39b-49e2-bb8c-1706f16fac29}
c:\documents and settings\josh\local settings\application data\{92C432EF-28BC-4D31-8E74-3A5EC46E1AFE}
c:\windows\system32\ctrubrjx.exe
c:\windows\system32\dfznejlg.exe
c:\windows\favybyjezo.sys
c:\program files\Common Files\giwizegul.bin
c:\program files\Common Files\ijyb._dl
c:\documents and settings\All Users\Application Data\ydoji.bat
c:\documents and settings\Josh\Application Data\refurer.scr
c:\program files\Common Files\ymobosolu.dl
c:\documents and settings\Josh\pool.bin
Rootkit::
c:\windows\system32\drivers\1cea388a.sys
c:\windows\system32\drivers\httpp.sys
Suspect::[22]
c:\windows\system32\lvci11901262.dll
C:\dmlt.exe
C:\nykvltjg.exe
C:\ksscvra.exe
C:\xvqagdj.exe
c:\windows\system32\work.ini
c:\windows\system32\hgset.ini
C:\-526364923
c:\windows\system32\chert5-998.exe
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
 "BootExecute "=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\
  00,6c,73,64,65,6c,65,74,65,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\expl orer]
 "NoSetActiveDesktop "=-
 "NoActiveDesktopChanges "=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
DDS::
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FireFox::
FF - HiddenExtension: XUL Cache: {EAFC0575-D39B-49E2-BB8C-1706F16FAC29} - c:\windows\system32\config\systemprofile\local settings\application data\{eafc0575-d39b-49e2-bb8c-1706f16fac29}\
FF - HiddenExtension: XUL Cache: {92C432EF-28BC-4D31-8E74-3A5EC46E1AFE} - c:\documents and settings\josh\local settings\application data\{92C432EF-28BC-4D31-8E74-3A5EC46E1AFE}
Driver::
1cea388a
httpp
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


    Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. If the upload fails you will be be presented with instructions for uploading it manually. Please do so. Thanks!
     
    noahdfear,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...