1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Xp Hangs in normal mode no internet in safe mode with networking

Discussion in 'Malware and Virus Removal Archive' started by darkpix, 2008/12/27.

  1. 2008/12/27
    darkpix

    darkpix Inactive Thread Starter

    Joined:
    2008/12/27
    Messages:
    4
    Likes Received:
    0
    [Active] Xp Hangs in normal mode no internet in safe mode with networking

    Hi
    A couple weeks ago I got hit with Vundo trojans I used superantispyware and malware bytes to clean it over and over but it kept coming back.
    Today, my computer stopped working in normal mode. It would freeze while loading apps. I went into safe mode and disabled everything non windows but still no luck. It wont load.

    Also. In safe mode with networking, I have no internet. If I click on ie or firefox, nothing happens but it uses up 100% of the processor, but it never starts.

    I am using xp pro with sp3

    I just ran combofix - it removed a bunch of malaware and everything seems to be working again.


    Darkpix
     
    Last edited: 2008/12/27
    darkpix,
    #1
  2. 2008/12/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS darkpix :)

    Please post the contents of C:\ComboFix.txt for review. There may be more goodies left to remove.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2009/01/03
    darkpix

    darkpix Inactive Thread Starter

    Joined:
    2008/12/27
    Messages:
    4
    Likes Received:
    0
    hi noahdfear, thanks. I had missed your reply,

    I ran combofix again just now and created a new log
    I have not had any more issues but I appreciate you a deeper look

    thanks in advance
    dp


    ((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
    .

    2009-01-02 22:54 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
    2009-01-02 22:54 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
    2009-01-02 22:54 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
    2009-01-02 22:54 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
    2008-12-28 15:04 . 2008-12-28 15:04 <DIR> d-------- c:\program files\MagicDisc
    2008-12-28 15:04 . 2008-07-28 17:19 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
    2008-12-27 02:07 . 2008-10-16 13:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
    2008-12-27 02:07 . 2007-04-17 02:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
    2008-12-27 02:07 . 2007-03-07 22:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
    2008-12-27 02:07 . 2008-10-16 13:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
    2008-12-27 02:07 . 2008-10-16 13:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
    2008-12-27 02:07 . 2008-10-16 13:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
    2008-12-27 02:07 . 2008-10-16 13:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
    2008-12-27 02:07 . 2008-10-16 13:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
    2008-12-27 02:07 . 2008-10-16 06:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
    2008-12-27 01:05 . 2008-12-27 01:05 <DIR> d-------- c:\windows\system32\URTTEMP
    2008-12-27 00:47 . 2008-10-24 04:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2008-12-27 00:46 . 2008-08-14 03:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-12-27 00:46 . 2008-08-14 03:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-12-27 00:46 . 2008-08-14 02:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-12-27 00:46 . 2008-08-14 02:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-12-27 00:43 . 2008-06-13 04:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
    2008-12-27 00:37 . 2008-12-27 00:37 <DIR> d-------- c:\program files\Avira
    2008-12-27 00:37 . 2008-12-27 00:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-12-27 00:25 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
    2008-12-26 22:52 . 2008-12-26 22:52 265 --a------ c:\windows\SysMech6.INI
    2008-12-26 22:23 . 2008-12-26 22:23 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}_Backup
    2008-12-26 22:23 . 2008-12-27 00:31 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}
    2008-12-26 22:23 . 2008-12-26 22:23 4,096 --a------ C:\00007E00-D260D260_Backup
    2008-12-26 22:23 . 2008-12-27 00:31 4,096 --a------ C:\00007E00-D260D260
    2008-12-26 21:46 . 2008-12-26 21:46 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
    2008-12-26 21:43 . 2008-12-27 00:25 <DIR> d-------- c:\program files\Kaspersky Lab
    2008-12-26 21:43 . 2008-12-27 00:32 <DIR> d-------- c:\program files\iolo
    2008-12-26 21:43 . 2002-08-09 08:00 1,731,584 --a------ c:\windows\system32\XercesLib.dll
    2008-12-26 21:43 . 2002-08-09 08:00 1,500,160 --a------ c:\windows\system32\CC3260MT.DLL
    2008-12-26 21:43 . 2002-08-09 08:00 325,120 --a------ c:\windows\system32\xercesxmldom.dll
    2008-12-26 19:23 . 2003-09-12 14:32 3,162,278 --a------ c:\windows\{00000002-00000000-0000000D-00001102-00000004-00531102}.CDF
    2008-12-26 19:09 . 2008-04-13 20:39 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
    2008-12-26 19:08 . 2001-08-23 05:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
    2008-12-26 19:07 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
    2008-12-26 19:06 . 2008-12-26 19:06 749 -rah----- c:\windows\WindowsShell.Manifest
    2008-12-26 19:06 . 2008-12-26 19:06 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
    2008-12-26 19:06 . 2008-12-26 19:06 749 -rah----- c:\windows\system32\sapi.cpl.manifest
    2008-12-26 19:06 . 2008-12-26 19:06 749 -rah----- c:\windows\system32\nwc.cpl.manifest
    2008-12-26 19:06 . 2008-12-26 19:06 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
    2008-12-26 19:06 . 2008-12-26 19:06 488 -rah----- c:\windows\system32\logonui.exe.manifest
    2008-12-26 17:10 . 2008-12-26 17:10 1,871 --a------ c:\windows\setupapi.old
    2008-12-23 17:57 . 2008-12-23 17:57 <DIR> d-------- c:\program files\Xvid
    2008-12-23 17:57 . 2008-12-23 18:03 <DIR> d-------- c:\documents and settings\dmb\Application Data\AVI ReComp
    2008-12-23 17:57 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax
    2008-12-23 17:55 . 2008-12-23 17:57 <DIR> d-------- c:\program files\AVI ReComp
    2008-12-23 17:51 . 2008-12-29 03:08 54,156 --ah----- c:\windows\QTFont.qfn
    2008-12-23 17:51 . 2008-12-23 17:51 1,409 --a------ c:\windows\QTFont.for
    2008-12-22 02:10 . 2008-12-22 21:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
    2008-12-22 01:31 . 2008-12-27 22:24 <DIR> d-------- c:\program files\COMODO
    2008-12-21 17:21 . 2008-12-21 17:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-12-21 17:20 . 2008-12-26 13:14 <DIR> d-------- c:\program files\SUPERAntiSpyware
    2008-12-21 17:20 . 2008-12-21 17:20 <DIR> d-------- c:\documents and settings\dmb\Application Data\SUPERAntiSpyware.com
    2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- c:\documents and settings\dmb\Application Data\Media Player Classic
    2008-12-21 14:52 . 2008-12-21 14:51 410,984 --a------ c:\windows\system32\deploytk.dll
    2008-12-21 12:59 . 2008-12-21 12:59 <DIR> d-------- c:\program files\K-Lite Codec Pack
    2008-12-21 12:34 . 2008-12-21 13:04 <DIR> d-------- c:\documents and settings\dmb\Application Data\Dr. DivX 2.0 OSS
    2008-12-21 12:25 . 2008-12-21 12:25 <DIR> d-------- C:\divx
    2008-12-21 12:23 . 2008-12-21 12:23 <DIR> d-------- c:\documents and settings\dmb\Application Data\DivX
    2008-12-21 12:20 . 2008-12-21 13:03 <DIR> d-------- c:\program files\DivX
    2008-12-20 23:42 . 2007-12-17 13:53 159,458 --a------ c:\windows\system32\nvapps.nvb
    2008-12-20 23:35 . 2008-12-20 23:35 4,444 --a------ c:\windows\system32\pid.PNF
    2008-12-20 23:34 . 2008-04-13 22:40 1,296,669 -ra------ c:\windows\SET8B.tmp
    2008-12-20 23:34 . 2008-04-13 22:34 1,088,840 -ra------ c:\windows\SET8E.tmp
    2008-12-20 23:34 . 2008-04-13 22:34 16,535 -ra------ c:\windows\SET9A.tmp
    2008-12-20 22:14 . 2008-04-13 17:12 221,696 --a--c--- c:\windows\system32\dllcache\seo.dll
    2008-12-20 22:14 . 2008-04-13 17:12 189,440 --a--c--- c:\windows\system32\dllcache\smtpadm.dll
    2008-12-20 22:14 . 2008-04-13 17:12 10,752 --a------ c:\windows\system32\smtpapi.dll
    2008-12-20 22:14 . 2008-04-13 17:12 10,752 --a--c--- c:\windows\system32\dllcache\smtpapi.dll
    2008-12-20 22:14 . 2008-04-13 17:12 9,728 --a------ c:\windows\system32\rwnh.dll
    2008-12-20 22:14 . 2008-04-13 17:12 9,728 --a--c--- c:\windows\system32\dllcache\rwnh.dll
    2008-12-20 17:25 . 2008-12-28 15:10 268 --ah----- C:\sqmdata19.sqm
    2008-12-20 17:05 . 2008-12-20 17:05 <DIR> d-------- c:\program files\Windows Resource Kits
    2008-12-20 16:07 . 2008-12-22 22:00 268 --ah----- C:\sqmdata18.sqm
    2008-12-20 12:40 . 2008-12-22 21:43 268 --ah----- C:\sqmdata17.sqm
    2008-12-20 12:11 . 2008-12-22 21:32 268 --ah----- C:\sqmdata16.sqm
    2008-12-20 12:11 . 2008-12-22 21:32 244 --ah----- C:\sqmnoopt18.sqm
    2008-12-20 11:57 . 2008-12-22 21:03 268 --ah----- C:\sqmdata15.sqm
    2008-12-20 11:57 . 2008-12-22 21:03 244 --ah----- C:\sqmnoopt17.sqm
    2008-12-19 19:14 . 2008-12-22 20:26 268 --ah----- C:\sqmdata14.sqm
    2008-12-19 19:14 . 2008-12-22 20:26 244 --ah----- C:\sqmnoopt16.sqm
    2008-12-19 18:59 . 2008-12-22 19:37 268 --ah----- C:\sqmdata13.sqm
    2008-12-19 18:59 . 2008-12-22 19:37 244 --ah----- C:\sqmnoopt15.sqm
    2008-12-19 18:53 . 2008-12-22 11:42 268 --ah----- C:\sqmdata12.sqm
    2008-12-19 18:53 . 2008-12-22 11:42 244 --ah----- C:\sqmnoopt14.sqm
    2008-12-19 18:47 . 2008-12-26 13:56 <DIR> d-------- c:\documents and settings\dmb\Application Data\Online Solutions
    2008-12-19 11:52 . 2008-12-19 11:52 <DIR> d-------- c:\program files\Online Solutions
    2008-12-19 11:52 . 2008-12-19 11:52 <DIR> d-------- c:\program files\Common Files\Online Solutions Shared
    2008-12-19 09:19 . 2008-12-22 11:15 268 --ah----- C:\sqmdata11.sqm
    2008-12-19 09:19 . 2008-12-22 11:15 244 --ah----- C:\sqmnoopt13.sqm
    2008-12-19 01:38 . 2008-12-22 01:08 268 --ah----- C:\sqmdata10.sqm
    2008-12-19 01:38 . 2008-12-22 01:08 244 --ah----- C:\sqmnoopt12.sqm
    2008-12-18 23:57 . 2008-12-21 17:19 268 --ah----- C:\sqmdata09.sqm
    2008-12-18 23:57 . 2008-12-21 17:19 244 --ah----- C:\sqmnoopt11.sqm
    2008-12-17 11:45 . 2008-12-21 16:46 268 --ah----- C:\sqmdata08.sqm
    2008-12-17 11:45 . 2008-12-21 16:46 244 --ah----- C:\sqmnoopt10.sqm
    2008-12-17 10:41 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
    2008-12-17 10:33 . 2008-12-21 11:31 268 --ah----- C:\sqmdata07.sqm
    2008-12-17 10:33 . 2008-12-21 11:31 244 --ah----- C:\sqmnoopt09.sqm
    2008-12-17 00:50 . 2008-12-21 05:12 268 --ah----- C:\sqmdata06.sqm
    2008-12-17 00:50 . 2008-12-21 05:12 244 --ah----- C:\sqmnoopt08.sqm
    2008-12-16 18:29 . 2008-12-16 18:29 70,144 --a------ c:\windows\system32\wvUKBRHw.dll
    2008-12-15 19:10 . 2008-12-15 19:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2008-12-15 19:10 . 2008-12-15 19:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2008-12-07 18:21 . 2008-12-07 18:21 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio
    2008-12-07 18:21 . 2008-12-12 01:44 156 --a------ c:\windows\Twunk001.MTX
    2008-12-07 18:21 . 2008-12-12 01:44 2 --a------ c:\windows\Twain001.Mtx
    2008-12-07 18:21 . 2008-12-07 18:21 0 --a------ c:\windows\Twunk002.MTX
    2008-12-07 17:55 . 2008-12-07 17:55 <DIR> d-------- c:\documents and settings\dmb\Application Data\Roxio
    2008-12-07 17:09 . 2008-12-07 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
    2008-12-07 17:09 . 2008-12-07 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
    2008-12-07 17:05 . 2008-12-22 20:38 <DIR> d-------- c:\program files\Common Files\Roxio Shared
    2008-12-07 17:05 . 2008-12-22 20:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
    2008-12-07 16:56 . 2008-12-07 16:56 <DIR> d-------- c:\program files\Research In Motion
    2008-12-07 16:38 . 2008-12-07 16:38 256 --a------ c:\documents and settings\dmb\pool.bin
    2008-12-07 14:37 . 2008-12-22 20:22 256 --a------ c:\windows\system32\pool.bin
    2008-12-07 14:25 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
    2008-12-07 14:20 . 2008-12-22 20:25 <DIR> d-------- c:\program files\Common Files\Research In Motion
    2008-12-07 08:39 . 2008-12-07 08:39 <DIR> d-------- c:\documents and settings\dmb\Application Data\Red Kawa
    2008-12-07 08:30 . 2008-12-07 08:30 <DIR> d-------- c:\windows\system32\LogFiles

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-03 05:45 --------- d-----w c:\documents and settings\dmb\Application Data\uTorrent
    2009-01-02 00:15 43,698 ----a-w c:\windows\system32\xvid-uninstall.exe
    2009-01-02 00:15 --------- d-----w c:\program files\AviSynth 2.5
    2009-01-02 00:15 --------- d-----w c:\program files\AutoGK
    2009-01-01 00:54 --------- d-----w c:\program files\FlashFXP
    2008-12-28 22:48 --------- d-----w c:\program files\Common Files\Adobe
    2008-12-27 03:56 --------- d-----w c:\program files\MagicISO
    2008-12-27 01:32 --------- d-----w c:\program files\Winamp
    2008-12-22 12:04 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2008-12-22 00:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-12-21 21:51 --------- d-----w c:\program files\Java
    2008-12-21 08:36 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-16 15:49 --------- d-----w c:\documents and settings\dmb\Application Data\Skype
    2008-12-16 08:49 --------- d-----w c:\documents and settings\dmb\Application Data\skypePM
    2008-12-14 08:50 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
    2008-12-08 00:10 --------- d-----w c:\documents and settings\dmb\Application Data\InstallShield
    2008-12-08 00:05 --------- d-----w c:\program files\Common Files\InstallShield
    2008-12-03 07:23 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-11-29 11:41 2,294,291 ----a-w c:\windows\system32\x264vfw.dll
    2008-11-23 21:24 --------- d-----w c:\documents and settings\dmb\Application Data\Nik Software
    2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
    2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
    2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
    2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
    2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
    2008-11-17 06:21 --------- d-----w c:\documents and settings\NetworkService\Application Data\DivX
    2008-11-13 05:22 --------- d-----w c:\program files\Allok Video to 3GP Converter
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 21:12 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 21:07 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-05-19 02:43 317,987 ----a-w c:\program files\setuplog.txt
    2008-04-17 02:35 45,152 ----a-w c:\documents and settings\dmb\Application Data\GDIPFONTCACHEV1.DAT
    2008-08-13 04:41 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-08-13 04:41 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-08-13 04:41 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-08-13 04:41 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-08-13 04:41 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2008-09-19 04:00 64,096 --sha-w c:\windows\system32\worajiju.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-12-27_17.27.54.04 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-08-30 05:51:12 351,744 ----a-w c:\windows\system32\avisynth.dll
    + 2006-12-31 02:16:36 313,344 ----a-w c:\windows\system32\avisynth.dll
    - 2008-12-27 02:17:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-12-28 07:38:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-12-27 02:17:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-12-28 07:38:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-12-27 02:17:04 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-28 07:38:26 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2004-05-26 13:37:34 719,872 ----a-w c:\windows\system32\devil.dll
    + 2004-05-26 12:37:34 719,872 ----a-w c:\windows\system32\devil.dll
    - 2008-12-27 10:37:26 1,801,880 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-01-03 05:52:06 1,801,880 ----a-w c:\windows\system32\FNTCACHE.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 68856]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "dvd43 "= "c:\program files\dvd43\dvd43_tray.exe" [2007-11-20 731136]
    "avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "Auto EPSON Stylus Photo R300 Series on XBOX (from TK) "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
    "EPSON Stylus Photo R300 Series on XBOX (from TK) "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
    "EPSON Stylus Photo R300 Series (from EDITONE) "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
    "Auto EPSON Stylus Photo R300 Series on WII (from EDITONE) "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
    "nwiz "= "nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix "= "shell32" [X]
    "tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

    c:\documents and settings\dmb\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-28 575488]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.CDVC "= cdvccodc.dll
    "msacm.l3fhg "= mp3fhg.acm
    "msacm.divxa32 "= divxa32.acm
    "VIDC.X264 "= x264vfw.dll
    "VIDC.HFYU "= huffyuv.dll
    "vidc.i263 "= i263_32.drv

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    --a------ 2008-01-11 18:54 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    --a------ 2008-11-15 11:37 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
    --a------ 2007-03-20 15:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-06-27 18:03 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 20:42 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBP]
    --a------ 2007-08-13 00:33 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    --a------ 2007-08-30 10:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-12-05 01:41 81920 c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-12-21 14:51 136600 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-08-13 00:33 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    --a------ 2006-08-11 13:56 17920 c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    --a------ 2006-08-11 13:56 18944 c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc "=2 (0x2)
    "Viewpoint Manager Service "=2 (0x2)
    "usnjsvc "=3 (0x3)
    "StarWindServiceAE "=2 (0x2)
    "SSScsiSV "=3 (0x3)
    "SPTISRV "=3 (0x3)
    "SonicStage Back-End Service "=3 (0x3)
    "ScsiAccess "=2 (0x2)
    "RoxLiveShare9 "=2 (0x2)
    "PACSPTISVR "=3 (0x3)
    "ose "=3 (0x3)
    "odserv "=3 (0x3)
    "NVSvc "=2 (0x2)
    "NMIndexingService "=3 (0x3)
    "Nexus Server "=2 (0x2)
    "MSCSPTISRV "=3 (0x3)
    "Microsoft Office Groove Audit Service "=3 (0x3)
    "LiveUpdate "=3 (0x3)
    "LicCtrlService "=2 (0x2)
    "JavaQuickStarterService "=2 (0x2)
    "idsvc "=3 (0x3)
    "IDriverT "=3 (0x3)
    "gusvc "=2 (0x2)
    "FLEXnet Licensing Service "=3 (0x3)
    "EPSON_PM_RPCV2_01 "=2 (0x2)
    "Bonjour Service "=2 (0x2)
    "Adobe Version Cue CS3 "=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe "=
    "c:\\Program Files\\Adobe\\Adobe Contribute CS3\\Contribute.exe "=
    "c:\\Program Files\\IBP 9\\IBP.exe "=
    "c:\\Program Files\\Brother\\BRAdmin Professional\\BRAdmPro.exe "=
    "c:\\Program Files\\Adobe\\Adobe Premiere Pro CS3\\Adobe Premiere Pro.exe "=
    "c:\\Program Files\\Adobe\\Adobe Soundbooth CS3\\Adobe Soundbooth CS3.exe "=
    "c:\\Program Files\\Adobe\\Adobe Encore CS3\\Adobe Encore.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE "=
    "c:\\Program Files\\Trillian\\trillian.exe "=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\MSN Messenger\\livecall.exe "=
    "c:\\Program Files\\Windows Media Player\\wmpnscfg.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "c:\\WINDOWS\\system32\\logon.scr "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP "= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP "= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP "= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP "= 50901:TCP:Adobe Version Cue CS3 Server
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009

    R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
    R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
    S2 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys []
    S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
    S4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2008-02-04 2560]
    S4 Nexus Server;Nexus Server (Carbon Coder);c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe []
    S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-18 24652]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{081fe5a7-4b5b-11dc-a57f-000c6e3e120a}]
    \Shell\AutoRun\command - L:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

    2009-01-03 c:\windows\Tasks\kaxnfrcg.job
    - c:\windows\system32\rundll32.exe [2008-04-13 20:42]

    2009-01-03 c:\windows\Tasks\uxgezwnm.job
    - c:\windows\system32\rundll32.exe [2008-04-13 20:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = 71.140.173.217:2601
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    FF - ProfilePath - c:\documents and settings\dmb\Application Data\Mozilla\Firefox\Profiles\bizeiw87.default\
    FF - component: c:\program files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-02 23:05:22
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-01-02 23:16:48
    ComboFix-quarantined-files.txt 2009-01-03 06:16:33
    ComboFix2.txt 2009-01-03 03:06:17
    ComboFix3.txt 2008-12-28 00:29:57
    ComboFix4.txt 2008-12-27 07:21:03

    Pre-Run: 32,259,432,448 bytes free
    Post-Run: 32,241,848,320 bytes free
     
    darkpix,
    #3
  5. 2009/01/04
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Little bit of cleanup yet to do. Once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
c:\windows\system32\wvUKBRHw.dll
c:\windows\system32\worajiju.dll
c:\windows\Tasks\kaxnfrcg.job
c:\windows\Tasks\uxgezwnm.job
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    **NOTE - Allow ComboFix to update if prompted.
     
    noahdfear,
    #4
  6. 2009/01/05
    darkpix

    darkpix Inactive Thread Starter

    Joined:
    2008/12/27
    Messages:
    4
    Likes Received:
    0
    thank you noahdfear, I truly appreciate your time and expertise.

    I will run the script when I get home tonight and will post the new log.

    Sincerely
    darkpix
     
    darkpix,
    #5
  7. 2009/01/06
    darkpix

    darkpix Inactive Thread Starter

    Joined:
    2008/12/27
    Messages:
    4
    Likes Received:
    0
    hi

    Here is the lastest Log


    Running from: c:\documents and settings\dmb\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\dmb\Desktop\CFScript.txt
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
    * Created a new restore point


    FILE ::
    c:\windows\system32\worajiju.dll
    c:\windows\system32\wvUKBRHw.dll
    c:\windows\Tasks\kaxnfrcg.job
    c:\windows\Tasks\uxgezwnm.job
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\worajiju.dll
    c:\windows\system32\wvUKBRHw.dll
    c:\windows\Tasks\kaxnfrcg.job
    c:\windows\Tasks\uxgezwnm.job

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
    .

    2009-01-04 02:12 . 2009-01-04 02:12 <DIR> d-------- c:\program files\mkv2vob
    2009-01-03 14:49 . 2009-01-03 23:00 <DIR> d-------- c:\program files\SUPERAntiSpyware
    2009-01-03 14:49 . 2009-01-03 14:49 <DIR> d-------- c:\documents and settings\dmb\Application Data\SUPERAntiSpyware.com
    2009-01-03 14:49 . 2009-01-03 14:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-02 22:54 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
    2009-01-02 22:54 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
    2009-01-02 22:54 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
    2009-01-02 22:54 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
    2008-12-28 15:04 . 2008-12-28 15:04 <DIR> d-------- c:\program files\MagicDisc
    2008-12-28 15:04 . 2008-07-28 17:19 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
    2008-12-27 02:07 . 2008-10-16 13:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
    2008-12-27 02:07 . 2007-04-17 02:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
    2008-12-27 02:07 . 2007-03-07 22:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
    2008-12-27 02:07 . 2008-10-16 13:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
    2008-12-27 02:07 . 2008-10-16 13:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
    2008-12-27 02:07 . 2008-10-16 13:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
    2008-12-27 02:07 . 2008-10-16 13:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
    2008-12-27 02:07 . 2008-10-16 13:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
    2008-12-27 02:07 . 2008-10-16 06:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
    2008-12-27 01:05 . 2008-12-27 01:05 <DIR> d-------- c:\windows\system32\URTTEMP
    2008-12-27 00:47 . 2008-10-24 04:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2008-12-27 00:46 . 2008-08-14 03:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-12-27 00:46 . 2008-08-14 03:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-12-27 00:46 . 2008-08-14 02:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-12-27 00:46 . 2008-08-14 02:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-12-27 00:43 . 2008-06-13 04:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
    2008-12-27 00:37 . 2008-12-27 00:37 <DIR> d-------- c:\program files\Avira
    2008-12-27 00:37 . 2008-12-27 00:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-12-27 00:25 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
    2008-12-26 22:52 . 2008-12-26 22:52 265 --a------ c:\windows\SysMech6.INI
    2008-12-26 22:23 . 2008-12-26 22:23 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}_Backup
    2008-12-26 22:23 . 2008-12-27 00:31 4,096 --a------ C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}
    2008-12-26 22:23 . 2008-12-26 22:23 4,096 --a------ C:\00007E00-D260D260_Backup
    2008-12-26 22:23 . 2008-12-27 00:31 4,096 --a------ C:\00007E00-D260D260
    2008-12-26 21:46 . 2008-12-26 21:46 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
    2008-12-26 21:43 . 2008-12-27 00:25 <DIR> d-------- c:\program files\Kaspersky Lab
    2008-12-26 21:43 . 2008-12-27 00:32 <DIR> d-------- c:\program files\iolo
    2008-12-26 21:43 . 2002-08-09 08:00 1,731,584 --a------ c:\windows\system32\XercesLib.dll
    2008-12-26 21:43 . 2002-08-09 08:00 1,500,160 --a------ c:\windows\system32\CC3260MT.DLL
    2008-12-26 21:43 . 2002-08-09 08:00 325,120 --a------ c:\windows\system32\xercesxmldom.dll
    2008-12-26 19:23 . 2003-09-12 14:32 3,162,278 --a------ c:\windows\{00000002-00000000-0000000D-00001102-00000004-00531102}.CDF
    2008-12-26 19:09 . 2008-04-13 20:39 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
    2008-12-26 19:08 . 2001-08-23 05:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
    2008-12-26 19:07 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
    2008-12-26 19:06 . 2008-12-26 19:06 749 -rah----- c:\windows\WindowsShell.Manifest
    2008-12-26 19:06 . 2008-12-26 19:06 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
    2008-12-26 19:06 . 2008-12-26 19:06 749 -rah----- c:\windows\system32\sapi.cpl.manifest
    2008-12-26 19:06 . 2008-12-26 19:06 749 -rah----- c:\windows\system32\nwc.cpl.manifest
    2008-12-26 19:06 . 2008-12-26 19:06 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
    2008-12-26 19:06 . 2008-12-26 19:06 488 -rah----- c:\windows\system32\logonui.exe.manifest
    2008-12-26 17:10 . 2008-12-26 17:10 1,871 --a------ c:\windows\setupapi.old
    2008-12-23 17:57 . 2008-12-23 17:57 <DIR> d-------- c:\program files\Xvid
    2008-12-23 17:57 . 2008-12-23 18:03 <DIR> d-------- c:\documents and settings\dmb\Application Data\AVI ReComp
    2008-12-23 17:57 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax
    2008-12-23 17:55 . 2008-12-23 17:57 <DIR> d-------- c:\program files\AVI ReComp
    2008-12-23 17:51 . 2008-12-29 03:08 54,156 --ah----- c:\windows\QTFont.qfn
    2008-12-23 17:51 . 2008-12-23 17:51 1,409 --a------ c:\windows\QTFont.for
    2008-12-22 02:10 . 2008-12-22 21:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
    2008-12-22 01:31 . 2008-12-27 22:24 <DIR> d-------- c:\program files\COMODO
    2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- c:\documents and settings\dmb\Application Data\Media Player Classic
    2008-12-21 14:52 . 2008-12-21 14:51 410,984 --a------ c:\windows\system32\deploytk.dll
    2008-12-21 12:59 . 2008-12-21 12:59 <DIR> d-------- c:\program files\K-Lite Codec Pack
    2008-12-21 12:34 . 2008-12-21 13:04 <DIR> d-------- c:\documents and settings\dmb\Application Data\Dr. DivX 2.0 OSS
    2008-12-21 12:25 . 2008-12-21 12:25 <DIR> d-------- C:\divx
    2008-12-21 12:23 . 2008-12-21 12:23 <DIR> d-------- c:\documents and settings\dmb\Application Data\DivX
    2008-12-21 12:20 . 2008-12-21 13:03 <DIR> d-------- c:\program files\DivX
    2008-12-20 23:42 . 2007-12-17 13:53 159,458 --a------ c:\windows\system32\nvapps.nvb
    2008-12-20 23:35 . 2008-12-20 23:35 4,444 --a------ c:\windows\system32\pid.PNF
    2008-12-20 23:34 . 2008-04-13 22:40 1,296,669 -ra------ c:\windows\SET8B.tmp
    2008-12-20 23:34 . 2008-04-13 22:34 1,088,840 -ra------ c:\windows\SET8E.tmp
    2008-12-20 23:34 . 2008-04-13 22:34 16,535 -ra------ c:\windows\SET9A.tmp
    2008-12-20 22:14 . 2008-04-13 17:12 221,696 --a--c--- c:\windows\system32\dllcache\seo.dll
    2008-12-20 22:14 . 2008-04-13 17:12 189,440 --a--c--- c:\windows\system32\dllcache\smtpadm.dll
    2008-12-20 22:14 . 2008-04-13 17:12 10,752 --a------ c:\windows\system32\smtpapi.dll
    2008-12-20 22:14 . 2008-04-13 17:12 10,752 --a--c--- c:\windows\system32\dllcache\smtpapi.dll
    2008-12-20 22:14 . 2008-04-13 17:12 9,728 --a------ c:\windows\system32\rwnh.dll
    2008-12-20 22:14 . 2008-04-13 17:12 9,728 --a--c--- c:\windows\system32\dllcache\rwnh.dll
    2008-12-20 17:25 . 2008-12-28 15:10 268 --ah----- C:\sqmdata19.sqm
    2008-12-20 17:05 . 2008-12-20 17:05 <DIR> d-------- c:\program files\Windows Resource Kits
    2008-12-20 16:07 . 2008-12-22 22:00 268 --ah----- C:\sqmdata18.sqm
    2008-12-20 12:40 . 2008-12-22 21:43 268 --ah----- C:\sqmdata17.sqm
    2008-12-20 12:11 . 2008-12-22 21:32 268 --ah----- C:\sqmdata16.sqm
    2008-12-20 12:11 . 2008-12-22 21:32 244 --ah----- C:\sqmnoopt18.sqm
    2008-12-20 11:57 . 2008-12-22 21:03 268 --ah----- C:\sqmdata15.sqm
    2008-12-20 11:57 . 2008-12-22 21:03 244 --ah----- C:\sqmnoopt17.sqm
    2008-12-19 19:14 . 2008-12-22 20:26 268 --ah----- C:\sqmdata14.sqm
    2008-12-19 19:14 . 2008-12-22 20:26 244 --ah----- C:\sqmnoopt16.sqm
    2008-12-19 18:59 . 2008-12-22 19:37 268 --ah----- C:\sqmdata13.sqm
    2008-12-19 18:59 . 2008-12-22 19:37 244 --ah----- C:\sqmnoopt15.sqm
    2008-12-19 18:53 . 2008-12-22 11:42 268 --ah----- C:\sqmdata12.sqm
    2008-12-19 18:53 . 2008-12-22 11:42 244 --ah----- C:\sqmnoopt14.sqm
    2008-12-19 18:47 . 2008-12-26 13:56 <DIR> d-------- c:\documents and settings\dmb\Application Data\Online Solutions
    2008-12-19 11:52 . 2008-12-19 11:52 <DIR> d-------- c:\program files\Online Solutions
    2008-12-19 11:52 . 2008-12-19 11:52 <DIR> d-------- c:\program files\Common Files\Online Solutions Shared
    2008-12-19 09:19 . 2008-12-22 11:15 268 --ah----- C:\sqmdata11.sqm
    2008-12-19 09:19 . 2008-12-22 11:15 244 --ah----- C:\sqmnoopt13.sqm
    2008-12-19 01:38 . 2008-12-22 01:08 268 --ah----- C:\sqmdata10.sqm
    2008-12-19 01:38 . 2008-12-22 01:08 244 --ah----- C:\sqmnoopt12.sqm
    2008-12-18 23:57 . 2008-12-21 17:19 268 --ah----- C:\sqmdata09.sqm
    2008-12-18 23:57 . 2008-12-21 17:19 244 --ah----- C:\sqmnoopt11.sqm
    2008-12-17 11:45 . 2008-12-21 16:46 268 --ah----- C:\sqmdata08.sqm
    2008-12-17 11:45 . 2008-12-21 16:46 244 --ah----- C:\sqmnoopt10.sqm
    2008-12-17 10:41 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
    2008-12-17 10:33 . 2008-12-21 11:31 268 --ah----- C:\sqmdata07.sqm
    2008-12-17 10:33 . 2008-12-21 11:31 244 --ah----- C:\sqmnoopt09.sqm
    2008-12-17 00:50 . 2008-12-21 05:12 268 --ah----- C:\sqmdata06.sqm
    2008-12-17 00:50 . 2008-12-21 05:12 244 --ah----- C:\sqmnoopt08.sqm
    2008-12-15 19:10 . 2008-12-15 19:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2008-12-15 19:10 . 2008-12-15 19:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2008-12-07 18:21 . 2008-12-07 18:21 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio
    2008-12-07 18:21 . 2008-12-12 01:44 156 --a------ c:\windows\Twunk001.MTX
    2008-12-07 18:21 . 2008-12-12 01:44 2 --a------ c:\windows\Twain001.Mtx
    2008-12-07 18:21 . 2008-12-07 18:21 0 --a------ c:\windows\Twunk002.MTX
    2008-12-07 17:55 . 2008-12-07 17:55 <DIR> d-------- c:\documents and settings\dmb\Application Data\Roxio
    2008-12-07 17:09 . 2008-12-07 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
    2008-12-07 17:09 . 2008-12-07 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
    2008-12-07 17:05 . 2008-12-22 20:38 <DIR> d-------- c:\program files\Common Files\Roxio Shared
    2008-12-07 17:05 . 2008-12-22 20:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
    2008-12-07 16:56 . 2008-12-07 16:56 <DIR> d-------- c:\program files\Research In Motion
    2008-12-07 16:38 . 2008-12-07 16:38 256 --a------ c:\documents and settings\dmb\pool.bin
    2008-12-07 14:37 . 2008-12-22 20:22 256 --a------ c:\windows\system32\pool.bin
    2008-12-07 14:25 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
    2008-12-07 14:20 . 2008-12-22 20:25 <DIR> d-------- c:\program files\Common Files\Research In Motion
    2008-12-07 08:39 . 2008-12-07 08:39 <DIR> d-------- c:\documents and settings\dmb\Application Data\Red Kawa
    2008-12-07 08:30 . 2008-12-07 08:30 <DIR> d-------- c:\windows\system32\LogFiles

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-06 08:14 --------- d-----w c:\documents and settings\dmb\Application Data\uTorrent
    2009-01-04 09:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-01-02 00:15 43,698 ----a-w c:\windows\system32\xvid-uninstall.exe
    2009-01-02 00:15 --------- d-----w c:\program files\AviSynth 2.5
    2009-01-02 00:15 --------- d-----w c:\program files\AutoGK
    2009-01-01 00:54 --------- d-----w c:\program files\FlashFXP
    2008-12-28 22:48 --------- d-----w c:\program files\Common Files\Adobe
    2008-12-27 07:22 --------- d-----w c:\program files\Smarty Uninstaller Pro
    2008-12-27 03:56 --------- d-----w c:\program files\MagicISO
    2008-12-27 01:32 --------- d-----w c:\program files\Winamp
    2008-12-23 03:45 --------- d-----w c:\program files\Symantec
    2008-12-23 03:32 --------- d-----w c:\program files\Symantec AntiVirus
    2008-12-23 03:29 --------- d-----w c:\program files\PeerGuardian2
    2008-12-22 12:04 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2008-12-21 21:51 --------- d-----w c:\program files\Java
    2008-12-21 08:36 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-20 19:43 --------- d-----w c:\documents and settings\dmb\Application Data\Twain
    2008-12-18 01:49 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-12-18 01:49 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2008-12-18 01:27 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
    2008-12-18 01:27 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
    2008-12-18 01:27 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2008-12-18 01:27 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
    2008-12-16 15:49 --------- d-----w c:\documents and settings\dmb\Application Data\Skype
    2008-12-16 08:49 --------- d-----w c:\documents and settings\dmb\Application Data\skypePM
    2008-12-14 08:50 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
    2008-12-08 00:10 --------- d-----w c:\documents and settings\dmb\Application Data\InstallShield
    2008-12-08 00:05 --------- d-----w c:\program files\Common Files\InstallShield
    2008-12-05 19:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-12-05 18:20 --------- d-----w c:\documents and settings\dmb\Application Data\Malwarebytes
    2008-12-05 18:20 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-05 08:59 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
    2008-12-04 11:58 --------- d-----w c:\program files\Lavasoft
    2008-12-04 11:02 --------- d-----w c:\program files\a-squared Anti-Malware
    2008-12-03 16:46 --------- d-----w c:\program files\Vertus Fluid Mask 3
    2008-12-03 07:23 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-12-03 07:00 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-11-29 11:41 2,294,291 ----a-w c:\windows\system32\x264vfw.dll
    2008-11-23 21:24 --------- d-----w c:\documents and settings\dmb\Application Data\Nik Software
    2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
    2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
    2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
    2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
    2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
    2008-11-17 06:21 --------- d-----w c:\documents and settings\NetworkService\Application Data\DivX
    2008-11-13 05:22 --------- d-----w c:\program files\Allok Video to 3GP Converter
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 21:12 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 21:07 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-05-19 02:43 317,987 ----a-w c:\program files\setuplog.txt
    2008-04-17 02:35 45,152 ----a-w c:\documents and settings\dmb\Application Data\GDIPFONTCACHEV1.DAT
    2008-08-13 04:41 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-08-13 04:41 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-08-13 04:41 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-08-13 04:41 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-08-13 04:41 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-12-27_17.27.54.04 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-22 00:20:24 34,304 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
    + 2009-01-03 21:49:20 34,304 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
    - 2008-08-30 05:51:12 351,744 ----a-w c:\windows\system32\avisynth.dll
    + 2006-12-31 02:16:36 313,344 ----a-w c:\windows\system32\avisynth.dll
    - 2008-12-27 02:17:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-12-28 07:38:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-12-27 02:17:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-12-28 07:38:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-12-27 02:17:04 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-28 07:38:26 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2004-05-26 13:37:34 719,872 ----a-w c:\windows\system32\devil.dll
    + 2004-05-26 12:37:34 719,872 ----a-w c:\windows\system32\devil.dll
    - 2008-12-27 10:37:26 1,801,880 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-01-03 05:52:06 1,801,880 ----a-w c:\windows\system32\FNTCACHE.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 68856]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "dvd43 "= "c:\program files\dvd43\dvd43_tray.exe" [2007-11-20 731136]
    "avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "Auto EPSON Stylus Photo R300 Series on XBOX (from TK) "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
    "EPSON Stylus Photo R300 Series on XBOX (from TK) "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
    "EPSON Stylus Photo R300 Series (from EDITONE) "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
    "Auto EPSON Stylus Photo R300 Series on WII (from EDITONE) "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
    "nwiz "= "nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix "= "shell32" [X]
    "tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

    c:\documents and settings\dmb\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-28 575488]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel "= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.CDVC "= cdvccodc.dll
    "msacm.l3fhg "= mp3fhg.acm
    "msacm.divxa32 "= divxa32.acm
    "VIDC.X264 "= x264vfw.dll
    "VIDC.HFYU "= huffyuv.dll
    "vidc.i263 "= i263_32.drv

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    --a------ 2008-01-11 18:54 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    --a------ 2008-11-15 11:37 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
    --a------ 2007-03-20 15:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-06-27 18:03 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 20:42 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBP]
    --a------ 2007-08-13 00:33 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    --a------ 2007-08-30 10:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-12-05 01:41 81920 c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-12-21 14:51 136600 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-08-13 00:33 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    --a------ 2006-08-11 13:56 17920 c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    --a------ 2006-08-11 13:56 18944 c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc "=2 (0x2)
    "Viewpoint Manager Service "=2 (0x2)
    "usnjsvc "=3 (0x3)
    "StarWindServiceAE "=2 (0x2)
    "SSScsiSV "=3 (0x3)
    "SPTISRV "=3 (0x3)
    "SonicStage Back-End Service "=3 (0x3)
    "ScsiAccess "=2 (0x2)
    "RoxLiveShare9 "=2 (0x2)
    "PACSPTISVR "=3 (0x3)
    "ose "=3 (0x3)
    "odserv "=3 (0x3)
    "NVSvc "=2 (0x2)
    "NMIndexingService "=3 (0x3)
    "Nexus Server "=2 (0x2)
    "MSCSPTISRV "=3 (0x3)
    "Microsoft Office Groove Audit Service "=3 (0x3)
    "LiveUpdate "=3 (0x3)
    "LicCtrlService "=2 (0x2)
    "JavaQuickStarterService "=2 (0x2)
    "idsvc "=3 (0x3)
    "IDriverT "=3 (0x3)
    "gusvc "=2 (0x2)
    "FLEXnet Licensing Service "=3 (0x3)
    "EPSON_PM_RPCV2_01 "=2 (0x2)
    "Bonjour Service "=2 (0x2)
    "Adobe Version Cue CS3 "=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe "=
    "c:\\Program Files\\Adobe\\Adobe Contribute CS3\\Contribute.exe "=
    "c:\\Program Files\\IBP 9\\IBP.exe "=
    "c:\\Program Files\\Brother\\BRAdmin Professional\\BRAdmPro.exe "=
    "c:\\Program Files\\Adobe\\Adobe Premiere Pro CS3\\Adobe Premiere Pro.exe "=
    "c:\\Program Files\\Adobe\\Adobe Soundbooth CS3\\Adobe Soundbooth CS3.exe "=
    "c:\\Program Files\\Adobe\\Adobe Encore CS3\\Adobe Encore.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE "=
    "c:\\Program Files\\Trillian\\trillian.exe "=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\MSN Messenger\\livecall.exe "=
    "c:\\Program Files\\Windows Media Player\\wmpnscfg.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "c:\\WINDOWS\\system32\\logon.scr "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP "= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP "= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP "= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP "= 50901:TCP:Adobe Version Cue CS3 Server
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009

    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
    S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-02-04 2560]
    S4 Nexus Server;Nexus Server (Carbon Coder);c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe --> c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [?]
    S4 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys --> c:\windows\system32\drivers\securentm.sys [?]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-18 24652]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - SASENUM
    *NewlyCreated* - SASKUTIL

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{081fe5a7-4b5b-11dc-a57f-000c6e3e120a}]
    \Shell\AutoRun\command - L:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = 71.140.173.217:2601
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-06 01:44:04
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*NULL*Version]
    "Version "=hex:30,42,7e,40,00,e2,27,08,8d,e4,70,0d,16,66,df,56,f3,ac,ca,6f,75,\
    c7,f6,e0,c2,2f,98,3e,b1,ae,af,30,62,ff,71,6b,2b,51,c0,86,4f,3c,82,18,a4,07,\
    ce,33,1b,ed,f3,54,49,fe,14,fc,2e,71,5e,94,5b,7e,4f,01,c3,c0,9d,22,a0,12,36,\
    02,77,c9,fe,02,03,69,54,e4,2f,3b,c5,7c,a1,2f,43,c6,cc,be,0f,a7,1b,0a,94,85,\
    a8,73,2a,22,e4,c5,a8,63,9b,24,0e,8f,ab,4e,a3,47,f1,77,5c,e9,48,5b,fd,63,5c,\
    f3,05,c9,ac,cf,cb,66,a2,fb,0f,5a,49,88,2e,61,09,5d,c4,f7,57,4e,7c,b2,69,4a,\
    ac,a2,8d,91,77,45,3f,89,ac,e2,00,ca,9a,d5,18,89,7e,40,cb,ea,30,f4,7f,90,78,\
    0f,91,f4,d8,d6,67,33,42,00,49,7a,9d,de,09,d4,10,d8,73,6f,8f,22,d7,95,b4,46,\
    44,d0,3d,9e,b2,01,48,50,3b,40,70,94,08,68,24,54,89,fa,46,d7,c1,fc,1a,24,59,\
    4f,e4,cf,32,87,05,d9,06,70,fd,3c,83,79,b8,be,81,fa,89,78,62,db,82,eb,38,d4,\
    6f,38,e0,14,f1,0d,0e,b0,d0,be,88,01,3c,3d

    [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*NULL*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
    "1 "=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,\
    fd
    "2 "=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,\
    78,d5,ad,68,1b,c8,4a,9b,03
    "3 "=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,\
    70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
    ce,f1,75,fc,f7,96,07,41

    [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*NULL*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
    "1 "=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,\
    42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
    "2 "=hex:68,72,c9,10,9a,ad,02,87
    "3 "=hex:81,20,8f,ab,28,6a,52,9c
    "4 "=hex:2f,ad,a2,e7,8a,bf,05,5e
    "5 "=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,\
    1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
    b4,c9,be,e5,6a,38,97,8e
    "6 "=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,\
    51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
    "7 "=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,\
    42,0c,3f,30,d4,d3,b8,cd,35,e1,af,a1,62,ac,13,f7,4b,e6,59,dd,a2,d7,4f,7f,25
    "8 "=hex:e3,36,21,8b,47,07,6d,39,53,04,16,c8,0c,ba,71,42,07,af,eb,7e,87,75,7c,\
    c3,c0,c1,8e,2b,c9,d1,ea,67,cc,0e,20,f0,70,de,5d,ad,8e,89,15,6d,02,4b,37,11,\
    62,1c,8f,d8,02,fb,45,95,48,31,8f,bb,3b,2e,04,7b,2b,f0,cd,db,e2,33,4a,43,74,\
    04,4a,4f,c0,87,16,83,1b,dd,9d,bf,ba,6a,35,59
    "9 "=hex:81,20,8f,ab,28,6a,52,9c
    "18 "=hex:70,56,26,33,e3,20,f8,ab
    "10 "=hex:81,20,8f,ab,28,6a,52,9c
    "11 "=hex:81,20,8f,ab,28,6a,52,9c
    "12 "=hex:81,20,8f,ab,28,6a,52,9c
    "13 "=hex:81,20,8f,ab,28,6a,52,9c
    "14 "=hex:81,20,8f,ab,28,6a,52,9c
    "24 "=hex:81,20,8f,ab,28,6a,52,9c
    "26 "=hex:81,20,8f,ab,28,6a,52,9c
    "27 "=hex:81,20,8f,ab,28,6a,52,9c
    "19 "=hex:81,20,8f,ab,28,6a,52,9c
    "22 "=hex:81,20,8f,ab,28,6a,52,9c

    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*NULL*Version]
    "Version "=hex:30,42,7e,40,00,e2,27,08,8d,e4,70,0d,16,66,df,56,f3,ac,ca,6f,75,\
    c7,f6,e0,c2,2f,98,3e,b1,ae,af,30,62,ff,71,6b,2b,51,c0,86,4f,3c,82,18,a4,07,\
    ce,33,1b,ed,f3,54,49,fe,14,fc,2e,71,5e,94,5b,7e,4f,01,c3,c0,9d,22,a0,12,36,\
    02,77,c9,fe,02,03,69,54,e4,2f,3b,c5,7c,a1,2f,43,c6,cc,be,0f,a7,1b,0a,94,85,\
    a8,73,2a,22,e4,c5,a8,63,9b,24,0e,8f,ab,4e,a3,47,f1,77,5c,e9,48,5b,fd,63,5c,\
    f3,05,c9,ac,cf,cb,66,a2,fb,0f,5a,49,88,2e,61,09,5d,c4,f7,57,4e,7c,b2,69,4a,\
    ac,a2,8d,91,77,45,3f,89,ac,e2,00,ca,9a,d5,18,89,7e,40,cb,ea,30,f4,7f,90,78,\
    0f,91,f4,d8,d6,67,33,42,00,49,7a,9d,de,09,d4,10,d8,73,6f,8f,22,d7,95,b4,46,\
    44,d0,3d,9e,b2,01,48,50,3b,40,70,94,08,68,24,54,89,fa,46,d7,c1,fc,1a,24,59,\
    4f,e4,cf,32,87,05,d9,06,70,fd,3c,83,79,b8,be,81,fa,89,78,62,db,82,eb,38,d4,\
    6f,38,e0,14,f1,0d,0e,b0,d0,be,88,01,3c,3d
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(2752)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    Completion time: 2009-01-06 1:47:31
    ComboFix-quarantined-files.txt 2009-01-06 08:46:16
    ComboFix2.txt 2009-01-06 08:27:18
    ComboFix3.txt 2009-01-03 06:16:54
    ComboFix4.txt 2009-01-03 03:06:17
    ComboFix5.txt 2009-01-06 08:40:16

    Pre-Run: 81,030,127,616 bytes free
    Post-Run: 81,016,643,584 bytes free

    486
     
    darkpix,
    #6
  8. 2009/01/06
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. Lets get an online scan to be sure we haven't missed something. Please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

    Post the Kaspersky log here.
     
    noahdfear,
    #7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...