Active Malware Issues (HJT log)

Ludocane · 2008/12/17

[Active] Malware Issues (HJT log)

I am having some Malware issues... I have run Spybot multiple times and have deleted some Malware/Trojan files but still I have issues. If i go into my documents and click on one my my folders like: My Music, My Pictures I get a pop-up that tells me my computer is infected and directs me to click ok to scan my computer, when clicking yes or no it takes me to Webfreescan.com Can anyone help me remove this?

RIST LOG (sorry for some reason it didn't open a "info.txt "
Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2008-12-17 15:57:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 32 GB (60%) free of 53 GB
Total RAM: 223 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:22 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\TunePat\TunePat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Koal.com - {3D1380C8-274A-4C31-8372-DD17055F1D33} - C:\WINDOWS\system32\knzg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TunePat] C:\Program Files\TunePat\TunePat.exe /silence
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\RunOnce: [SpybotDeletingA1817] command /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC611] cmd /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA9347] command /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC908] cmd /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA3225] command /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC4357] cmd /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA176] command /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC8546] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA1045] command /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC552] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC6466] cmd /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA2023] command /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC4260] cmd /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA4174] command /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC8421] cmd /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA4258] command /c del "C:\WINDOWS\system32\p.ico "
O4 - HKLM\..\RunOnce: [SpybotDeletingC7430] cmd /c del "C:\WINDOWS\system32\p.ico "
O4 - HKLM\..\RunOnce: [SpybotDeletingA3443] command /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC8002] cmd /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA1466] command /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC618] cmd /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA4571] command /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC4515] cmd /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA7979] command /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC536] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA2889] command /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC7107] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA4521] command /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC4687] cmd /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA7246] command /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC4923] cmd /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA2216] command /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingC1693] cmd /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url "
O4 - HKLM\..\RunOnce: [SpybotDeletingA3272] command /c del "C:\WINDOWS\system32\p.ico "
O4 - HKLM\..\RunOnce: [SpybotDeletingC6078] cmd /c del "C:\WINDOWS\system32\p.ico "
O4 - HKLM\..\RunOnce: [SpybotDeletingA2893] command /c del "c:\resycled\boot.com "
O4 - HKLM\..\RunOnce: [SpybotDeletingC6383] cmd /c del "c:\resycled\boot.com "
O4 - HKLM\..\RunOnce: [SpybotDeletingA8380] command /c del "C:\WINDOWS\SchedLgU.Txt "
O4 - HKLM\..\RunOnce: [SpybotDeletingC1897] cmd /c del "C:\WINDOWS\SchedLgU.Txt "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB707] command /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD9716] cmd /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB3894] command /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD1387] cmd /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB6821] command /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD8429] cmd /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB5983] command /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD334] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB1769] command /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD5201] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB6477] command /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD6000] cmd /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB3509] command /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD2475] cmd /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB1346] command /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD3511] cmd /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB4670] command /c del "C:\WINDOWS\system32\p.ico "
O4 - HKCU\..\RunOnce: [SpybotDeletingD4820] cmd /c del "C:\WINDOWS\system32\p.ico "
O4 - HKCU\..\RunOnce: [SpybotDeletingB1421] command /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD7816] cmd /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB5105] command /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD1045] cmd /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB7688] command /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD1384] cmd /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB6766] command /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD1985] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB5552] command /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD7722] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB8688] command /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD2802] cmd /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB9798] command /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD1214] cmd /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB9734] command /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingD8827] cmd /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url "
O4 - HKCU\..\RunOnce: [SpybotDeletingB5941] command /c del "C:\WINDOWS\system32\p.ico "
O4 - HKCU\..\RunOnce: [SpybotDeletingD1053] cmd /c del "C:\WINDOWS\system32\p.ico "
O4 - HKCU\..\RunOnce: [SpybotDeletingB3555] command /c del "c:\resycled\boot.com "
O4 - HKCU\..\RunOnce: [SpybotDeletingD2222] cmd /c del "c:\resycled\boot.com "
O4 - HKCU\..\RunOnce: [SpybotDeletingB9153] command /c del "C:\WINDOWS\SchedLgU.Txt "
O4 - HKCU\..\RunOnce: [SpybotDeletingD3464] cmd /c del "C:\WINDOWS\SchedLgU.Txt "
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14211 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D1380C8-274A-4C31-8372-DD17055F1D33}]
Koal.com - C:\WINDOWS\system32\knzg.dll [2008-12-16 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower "=C:\WINDOWS\system32\SiSPower.dll [2008-03-20 53248]
"Blubster "=C:\Program Files\Blubster\Blubster.exe SILENT []
"SearchSettings "=C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]
"Easy Dock "= []
"Kernel and Hardware Abstraction Layer "=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"TunePat "=C:\Program Files\TunePat\TunePat.exe [2008-08-27 4235264]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA1817 "=command /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingC611 "=cmd /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingA9347 "=command /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingC908 "=cmd /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingA3225 "=command /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingC4357 "=cmd /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingA176 "=command /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingC8546 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingA1045 "=command /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingC552 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingC6466 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingA2023 "=command /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingC4260 "=cmd /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingA4174 "=command /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingC8421 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingA4258 "=command /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingC7430 "=cmd /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingA3443 "=command /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingC8002 "=cmd /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingA1466 "=command /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingC618 "=cmd /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingA4571 "=command /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingC4515 "=cmd /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingA7979 "=command /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingC536 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingA2889 "=command /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingC7107 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingA4521 "=command /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingC4687 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingA7246 "=command /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingC4923 "=cmd /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingA2216 "=command /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingC1693 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingA3272 "=command /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingC6078 "=cmd /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingA2893 "=command /c del c:\resycled\boot.com []
"SpybotDeletingC6383 "=cmd /c del c:\resycled\boot.com []
"SpybotDeletingA8380 "=command /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingC1897 "=cmd /c del C:\WINDOWS\SchedLgU.Txt []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Aim6 "= []
"Yahoo! Pager "=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB707 "=command /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingD9716 "=cmd /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingB3894 "=command /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingD1387 "=cmd /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingB6821 "=command /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingD8429 "=cmd /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingB5983 "=command /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingD334 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingB1769 "=command /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingD5201 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingB6477 "=command /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingD6000 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingB3509 "=command /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingD2475 "=cmd /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingB1346 "=command /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingD3511 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingB4670 "=command /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingD4820 "=cmd /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingB1421 "=command /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingD7816 "=cmd /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingB5105 "=command /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingD1045 "=cmd /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingB7688 "=command /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingD1384 "=cmd /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingB6766 "=command /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingD1985 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingB5552 "=command /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingD7722 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingB8688 "=command /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingD2802 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingB9798 "=command /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingD1214 "=cmd /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingB9734 "=command /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingD8827 "=cmd /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingB5941 "=command /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingD1053 "=cmd /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingB3555 "=command /c del c:\resycled\boot.com []
"SpybotDeletingD2222 "=cmd /c del c:\resycled\boot.com []
"SpybotDeletingB9153 "=command /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingD3464 "=cmd /c del C:\WINDOWS\SchedLgU.Txt []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
RCA Detective.lnk - C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=0
"NoDrives "=0
"NoDriveAutoRun "=60000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun "=
"NoDriveTypeAutoRun "=
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~1.0 "
"C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
"C:\Program Files\Blubster\Blubster.exe "= "C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\SmartFTP Client\SmartFTP.exe "= "C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~1.0 "
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\AutoRun.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99edc0bf-c8c3-11dd-b9d0-0003252316a9}]
shell\AutoRun\command - G:\AutoRun.EXE

======List of files/folders created in the last 3 months======

2008-12-17 15:50:52 ----D---- C:\rsit
2008-12-16 12:21:02 ----A---- C:\WINDOWS\system32\knzg.dll
2008-12-16 12:02:28 ----A---- C:\WINDOWS\SWFDecompiler.INI
2008-12-16 12:01:36 ----D---- C:\Program Files\Common Files\SourceTec
2008-12-16 12:01:32 ----D---- C:\Program Files\SourceTec
2008-12-15 18:16:18 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-15 18:02:22 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-12-15 18:02:21 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-12-15 17:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-15 17:50:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-15 17:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-15 17:17:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-15 16:59:08 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-12-15 16:43:34 ----D---- C:\Program Files\Adobe Solutions Network
2008-12-15 16:40:28 ----D---- C:\Program Files\Adobe CS3
2008-12-15 14:47:19 ----D---- C:\Program Files\Macromedia
2008-12-15 13:58:29 ----D---- C:\Documents and Settings\Owner\Application Data\Download Manager
2008-12-13 20:38:28 ----D---- C:\Program Files\iToys
2008-12-12 19:20:22 ----D---- C:\Program Files\KingsIsle Entertainment
2008-12-10 16:32:28 ----A---- C:\WINDOWS\system32\msqpdxrsvdnrsr.dll
2008-12-10 16:28:12 ----D---- C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
2008-12-10 16:28:12 ----D---- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-12-10 16:27:29 ----D---- C:\Program Files\GlobalSCAPE
2008-12-10 16:18:45 ----D---- C:\Program Files\SmartFTP FTP Library
2008-12-05 11:28:43 ----D---- C:\Documents and Settings\All Users\Application Data\Launcher
2008-12-05 11:25:54 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2008-12-05 10:24:36 ----D---- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2008-12-05 10:24:08 ----D---- C:\Documents and Settings\Owner\Application Data\MozillaControl
2008-12-05 09:29:33 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-12-05 09:27:25 ----D---- C:\Program Files\VideoLAN
2008-12-05 09:27:20 ----D---- C:\Program Files\Graboid
2008-12-04 10:53:13 ----D---- C:\Program Files\Trainer Maker Kit
2008-11-27 00:25:01 ----D---- C:\Program Files\GodswarOnline
2008-11-25 23:04:14 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-11-25 23:02:45 ----D---- C:\Program Files\WorldOfGoo
2008-11-20 16:33:05 ----D---- C:\Program Files\SmartFTP Client
2008-11-20 16:31:27 ----D---- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-11-18 22:02:54 ----D---- C:\Program Files\mIRC
2008-11-18 22:02:54 ----D---- C:\Documents and Settings\Owner\Application Data\mIRC
2008-11-17 17:07:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-17 17:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-16 20:21:57 ----D---- C:\WINDOWS\Applian FLV Player
2008-11-16 20:21:57 ----D---- C:\Program Files\FLV Player
2008-11-16 20:21:50 ----A---- C:\WINDOWS\Applian FLV Player Setup Log.txt
2008-11-01 22:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-01 22:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-01 22:26:36 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-01 22:22:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-01 22:21:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-01 22:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-01 19:47:35 ----A---- C:\WINDOWS\cdplayer.ini
2008-10-01 18:34:52 ----A---- C:\Player Loader_log.txt
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-27 22:03:14 ----D---- C:\Program Files\iPod
2008-09-27 22:02:51 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 22:02:50 ----D---- C:\Program Files\iTunes
2008-09-27 22:00:12 ----D---- C:\Program Files\Bonjour
2008-09-27 21:58:32 ----D---- C:\Program Files\QuickTime
2008-09-27 21:56:06 ----D---- C:\Program Files\Apple Software Update
2008-09-27 21:55:13 ----D---- C:\Program Files\Common Files\Apple
2008-09-24 20:47:56 ----A---- C:\WINDOWS\EasyRip.ini
2008-09-21 10:59:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-21 10:57:35 ----D---- C:\Program Files\TunePat
2008-09-21 10:50:09 ----D---- C:\Converted

======List of files/folders modified in the last 3 months======

2008-12-17 15:51:13 ----D---- C:\WINDOWS\Prefetch
2008-12-17 14:08:32 ----D---- C:\Program Files\Mozilla Firefox
2008-12-17 13:30:30 ----D---- C:\WINDOWS\TEMP
2008-12-17 13:28:30 ----A---- C:\WINDOWS\wininit.ini
2008-12-17 13:28:29 ----RD---- C:\Program Files
2008-12-17 13:28:28 ----D---- C:\WINDOWS\system32
2008-12-17 12:49:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-17 10:08:02 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-12-17 10:08:02 ----D---- C:\WINDOWS
2008-12-16 12:01:36 ----D---- C:\Program Files\Common Files
2008-12-16 09:12:37 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-12-16 07:06:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-15 18:14:57 ----SHD---- C:\WINDOWS\Installer
2008-12-15 18:08:54 ----D---- C:\Program Files\Adobe
2008-12-15 17:56:49 ----D---- C:\Program Files\Common Files\Adobe
2008-12-15 17:51:55 ----HD---- C:\WINDOWS\inf
2008-12-15 17:51:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-15 17:51:15 ----A---- C:\WINDOWS\imsins.BAK
2008-12-15 17:32:32 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-15 17:27:45 ----D---- C:\Program Files\Internet Explorer
2008-12-15 17:22:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 14:49:48 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-12-15 14:48:33 ----D---- C:\Program Files\Common Files\Vbox
2008-12-15 14:47:18 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 18:27:54 ----A---- C:\WINDOWS\ModemLog_Conexant SoftK56 Data Fax Modem.txt
2008-12-13 20:38:30 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-12-10 16:32:28 ----D---- C:\WINDOWS\system32\drivers
2008-12-06 12:57:01 ----D---- C:\Program Files\Tales of Pirates Online
2008-12-05 23:44:50 ----D---- C:\WINDOWS\system32\Adobe
2008-12-05 13:10:25 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-05 13:10:23 ----RSD---- C:\WINDOWS\assembly
2008-12-05 10:21:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-05 10:17:46 ----D---- C:\WINDOWS\WinSxS
2008-12-04 10:53:10 ----D---- C:\WINDOWS\system
2008-11-24 15:58:02 ----D---- C:\WINDOWS\Help
2008-11-11 22:06:51 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-11-01 22:24:27 ----A---- C:\WINDOWS\win.ini
2008-11-01 16:56:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-01 16:56:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-01 16:02:36 ----A---- C:\WINDOWS\SpeedGear.INI
2008-10-23 07:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 03:47:07 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-17 02:08:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 07:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 07:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 01:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-10-03 04:15:47 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-09-27 22:03:55 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-11-23 35840]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2008-03-20 18944]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-02-22 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-07-01 626977]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-06-26 341760]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-08 1041536]
R3 HSFHWSIS;HSFHWSIS; C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-09-08 193280]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2008-03-20 323072]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-03-26 180000]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-08 685184]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\Bots\GameGuard\dump_wmimmc.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MusCDriverV32;MusCDriverV32; C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2008-09-18 23096]
S3 MusCVideo32;MusCVideo32; C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys [2008-09-18 3768]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-15 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-05-04 69632]
S4 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-02-22 172032]

-----------------EOF-----------------

PeteC · 2008/12/17

Welcome to WindowsBBS

Please read this and post the logs requested in this thread ....

Ludocane · 2008/12/17

I fixed what I could, for some reason when i ran it no "info.txt" file opened...

PeteC · 2008/12/17

Please wait for one of our trained malware analysts - of which I am not one , to take a look and sort out the info.txt problem.

sniper9228 · 2008/12/17

[QUOTE RIST LOG (sorry for some reason it didn't open a "info.txt" QUOTE]

If it does not open info.txt, run rsit again.

PeteC · 2008/12/17

Sniper - please leave malware matters to the experts.

PeteC · 2008/12/17

Ludocane

No CODE tags please - makes the logs nigh on impossible to read quickly.

noahdfear · 2008/12/19

If you have not restarted the computer since running the RSIT scan, please do so. Then please download DDS and save it to your desktop.

Disable any script blocking protection

Double click dds.scr to run the tool.

When done, DDS will open two (2) logs:

DDS.txt

Attach.txt

Save both reports to your desktop.

Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment. No need for that though ..... just post it as you would any other log. You might need to put the logs in separate posts.

Ludocane · 2008/12/19

Ok lets see, Here is the DDS Log:

DDS (Version 1.1.0) - NTFSx86
Run by Owner at 14:07:41.53 on Fri 12/19/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?src=aim
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\search settings\kb127\SearchSettings.dll
BHO: {3D1380C8-274A-4C31-8372-DD17055F1D33} - c:\windows\system32\knzg.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\search settings\kb127\SearchSettings.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [Blubster] c:\program files\blubster\Blubster.exe SILENT
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [Easy Dock]
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TunePat] c:\program files\tunepat\TunePat.exe /silence
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bp3facv4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gaiaonline.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2008-12-17 18:19 45 a------- C:\TEST.XML
2008-12-16 12:21 21,446 a------- c:\windows\system32\sf.ico
2008-12-16 12:21 13,942 a------- c:\windows\system32\m3.ico
2008-12-16 12:21 4,286 a------- c:\windows\system32\s.ico
2008-12-16 12:21 3,095 a------- c:\windows\ios.dat
2008-12-16 12:21 98,304 a------- c:\windows\system32\knzg.dll
2008-12-16 12:02 23 a------- c:\windows\SWFDecompiler.INI
2008-12-16 12:01 <DIR> --d----- c:\program files\common files\SourceTec
2008-12-16 12:01 <DIR> --d----- c:\program files\SourceTec
2008-12-15 18:02 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe
2008-12-15 18:02 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2008-12-15 16:59 <DIR> --d----- c:\program files\common files\Macrovision Shared
2008-12-15 16:43 <DIR> --d----- c:\program files\Adobe Solutions Network
2008-12-15 16:40 <DIR> --d----- c:\program files\Adobe CS3
2008-12-15 14:47 <DIR> --d----- c:\program files\Macromedia
2008-12-13 20:38 <DIR> --d----- c:\program files\iToys
2008-12-12 19:20 <DIR> --d----- c:\program files\KingsIsle Entertainment
2008-12-10 16:32 41,984 a------- c:\windows\system32\msqpdxrsvdnrsr.dll
2008-12-10 16:32 62,464 a------- c:\windows\system32\drivers\msqpdxmqltofxb.sys
2008-12-10 16:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GlobalSCAPE
2008-12-10 16:27 <DIR> --d----- c:\program files\GlobalSCAPE
2008-12-10 16:18 <DIR> --d----- c:\program files\SmartFTP FTP Library
2008-12-10 14:54 268 a---h--- C:\sqmdata00.sqm
2008-12-05 11:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Launcher
2008-12-05 10:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Graboid Inc
2008-12-05 10:24 <DIR> --d----- c:\docume~1\owner\applic~1\MozillaControl
2008-12-05 09:29 <DIR> --d----- c:\program files\Mozilla ActiveX Control v1.7.12
2008-12-05 09:27 <DIR> --d----- c:\program files\VideoLAN
2008-12-05 09:27 <DIR> --d----- c:\program files\Graboid
2008-12-04 10:53 <DIR> --d----- c:\program files\Trainer Maker Kit
2008-11-27 00:25 <DIR> --d----- c:\program files\GodswarOnline
2008-11-25 23:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2DBoy
2008-11-25 23:02 <DIR> --d----- c:\program files\WorldOfGoo
2008-11-20 16:33 <DIR> --d----- c:\program files\SmartFTP Client
2008-11-20 16:31 <DIR> --d----- c:\program files\SmartFTP Client 3.0 Setup Files

==================== Find3M ====================

2008-12-15 13:13 382 a------- c:\program files\Shortcut to Program Files.lnk
2008-11-01 19:02 1,890 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-24 05:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 07:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-03 04:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-04 17:12 952 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-09-04 17:12 88 ---shr-- c:\docume~1\alluse~1\applic~1\E94F573D45.sys
2008-08-11 22:55 0 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2007-06-28 20:23 32 a----r-- c:\documents and settings\all users\hash.dat
2007-03-16 13:52 14,704 a------- c:\program files\Flash CS3 Professional Read Me.html
2005-04-03 08:24 56 ---shr-- c:\windows\system32\86F63302B7.sys

============= FINISH: 14:15:45.03 ===============

Ludocane · 2008/12/19

And here is the Attach File:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2005 9:44:29 AM
System Uptime: 12/19/2008 1:50:14 PM (1 hours ago)

Motherboard: Arima | |
Processor: Mobile AMD Sempron(tm) Processor 2800+ | CPU 1 | 798/200mhz

==== Disk Partitions =========================

==== Installed Programs ======================

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 6.0
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
AIM 6
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Bonjour
CDDRV_Installer
CuteFTP 8 Home
FPS Creator Model Pack - 16
FPS Creator Model Pack - 2
FPS Creator Model Pack - 3
FPS Creator Model Pack - 4
FPS Creator Model Pack - 5
FPS Creator Model Pack - 6
FPS Creator Model Pack - 7
FPS Creator Model Pack - 9
Graboid Video 1.3
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
iTunes
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 5
KhalInstallWrapper
Lexmark Printer Software Uninstall
Logitech SetPoint
Macromedia Flash MX
Macromedia Flash Player 8
ME2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySQL Connector/ODBC 3.51
MySQL Server 5.0
Opera 9.63
Outreach 1.0 (BETA)
PDF Settings
PowerDVD
QuickTime
RCA Detective 1.0.0.96
RCA Detective™ 2.0.0.98
RCA easyRip™ 1.4.5.0
RealPlayer Basic
Realtek AC'97 Audio
Refresher
RGSS-RTP Standard
RPG Maker VX
RPG Maker VX RTP
RPGToolkit, Version 3.1.0
RPGXP
Search Settings 1.2
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SiS VGA Utilities
SiSAGP driver
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
SmartFTP FTP Library (remove only)
SoftK56 Data Fax CARP
Sothink SWF Decompiler
Speed Gear v6.0
Spybot - Search & Destroy
SQLyog Community 6.03
StyleXP (remove only)
Synaptics Pointing Device Driver
System Requirements Lab
Tales of Pirates Online 1.37
thesimpsonsmovie1.zip
TunePat 1.10
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
VideoLAN VLC media player 0.8.6d
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual Basic 5.0 Control Creation Edition
WebFldrs XP
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Wizard101
Yahoo! Messenger
Yahtzee 1.1.6

==== End Of File ===========================

noahdfear · 2008/12/21

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix

Download ComboFix by sUBs from here, saving the file to your desktop.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

Ludocane · 2008/12/23

ComboFix 08-12-23.01 - Owner 2008-12-23 23:20:35.5 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Favorites\Cheap Pharmacy Online.url
c:\documents and settings\Owner\Favorites\Search Online.url
c:\documents and settings\Owner\Favorites\SMS TRAP.url
c:\documents and settings\Owner\Favorites\VIP Casino.url
c:\documents and settings\Owner\Start Menu\Search Online.url
c:\documents and settings\Owner\Start Menu\SMS TRAP.url
c:\documents and settings\Owner\Start Menu\VIP Casino.url
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\setup.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\c.ico
c:\windows\system32\drivers\msqpdxmqltofxb.sys
c:\windows\system32\m.ico
c:\windows\system32\msqpdxrsvdnrsr.dll
c:\windows\system32\p.ico
c:\windows\system32\s.ico
c:\windows\system32\winio.vxd
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com

----- BITS: Possible infected sites -----

hxxp://www.graboid.com
.
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.

2008-12-23 23:19 . 2008-12-23 23:18 388,608 --a------ c:\windows\system32\CF12205.exe
2008-12-21 11:36 . 2008-12-21 11:36 106,496 --a------ c:\windows\system32\hozr.dll
2008-12-20 15:06 . 2008-12-20 15:06 230 --a------ c:\windows\system32\spupdsvc.inf
2008-12-18 17:37 . 2008-12-18 17:37 <DIR> d-------- c:\program files\Opera
2008-12-17 18:19 . 2008-12-17 18:27 45 --a------ C:\TEST.XML
2008-12-17 15:50 . 2008-12-17 15:51 <DIR> d-------- C:\rsit
2008-12-16 12:21 . 2008-12-16 12:21 98,304 --a------ c:\windows\system32\knzg.dll
2008-12-16 12:21 . 2008-12-21 11:36 21,446 --a------ c:\windows\system32\sf.ico
2008-12-16 12:21 . 2008-12-21 11:36 13,942 --a------ c:\windows\system32\m3.ico
2008-12-16 12:21 . 2008-12-21 11:36 3,095 --a------ c:\windows\ios.dat
2008-12-16 12:02 . 2008-12-16 12:02 23 --a------ c:\windows\SWFDecompiler.INI
2008-12-16 12:01 . 2008-12-16 12:01 <DIR> d-------- c:\program files\SourceTec
2008-12-16 12:01 . 2008-12-16 12:01 <DIR> d-------- c:\program files\Common Files\SourceTec
2008-12-15 18:16 . 2008-12-16 06:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-15 18:02 . 2007-02-20 16:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-12-15 18:02 . 2007-02-20 16:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-12-15 16:59 . 2008-12-15 16:59 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-15 16:43 . 2008-12-15 16:43 <DIR> d-------- c:\program files\Adobe Solutions Network
2008-12-15 16:40 . 2008-12-15 16:56 <DIR> d-------- c:\program files\Adobe CS3
2008-12-15 14:47 . 2008-12-15 14:47 <DIR> d-------- c:\program files\Macromedia
2008-12-15 13:58 . 2008-12-15 14:31 <DIR> d-------- c:\documents and settings\Owner\Application Data\Download Manager
2008-12-13 20:38 . 2008-12-13 20:38 <DIR> d-------- c:\program files\iToys
2008-12-12 19:20 . 2008-12-12 19:20 <DIR> d-------- c:\program files\KingsIsle Entertainment
2008-12-10 16:28 . 2008-12-10 16:28 <DIR> d-------- c:\documents and settings\Owner\Application Data\GlobalSCAPE
2008-12-10 16:28 . 2008-12-10 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\GlobalSCAPE
2008-12-10 16:27 . 2008-12-10 16:27 <DIR> d-------- c:\program files\GlobalSCAPE
2008-12-10 16:18 . 2008-12-10 16:19 <DIR> d-------- c:\program files\SmartFTP FTP Library
2008-12-10 14:54 . 2008-12-10 14:54 268 --ah----- C:\sqmdata00.sqm
2008-12-05 11:28 . 2008-12-05 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Launcher
2008-12-05 11:25 . 2008-12-05 11:25 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc
2008-12-05 10:24 . 2008-12-05 10:25 <DIR> d-------- c:\documents and settings\Owner\Application Data\MozillaControl
2008-12-05 10:24 . 2008-12-05 10:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Graboid Inc
2008-12-05 09:29 . 2008-12-05 09:30 <DIR> d-------- c:\program files\Mozilla ActiveX Control v1.7.12
2008-12-05 09:27 . 2008-12-05 09:27 <DIR> d-------- c:\program files\VideoLAN
2008-12-05 09:27 . 2008-12-05 10:23 <DIR> d-------- c:\program files\Graboid
2008-12-04 10:53 . 2008-12-04 11:07 <DIR> d-------- c:\program files\Trainer Maker Kit
2008-11-27 00:25 . 2008-12-05 14:00 <DIR> d-------- c:\program files\GodswarOnline
2008-11-25 23:04 . 2008-11-25 23:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-11-25 23:02 . 2008-11-25 23:03 <DIR> d-------- c:\program files\WorldOfGoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 22:45 --------- d-----w c:\program files\Tales of Pirates Online
2008-12-22 03:48 382,974,024 ----a-w c:\program files\top_setup_1.37.exe.sl
2008-12-21 21:56 --------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2008-12-21 17:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-20 21:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-20 20:47 --------- d-----w c:\program files\Common Files\AOL
2008-12-18 11:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-15 23:56 --------- d-----w c:\program files\Common Files\Adobe
2008-12-15 20:48 --------- d-----w c:\program files\Common Files\Vbox
2008-12-15 19:13 382 ----a-w c:\program files\Shortcut to Program Files.lnk
2008-11-20 22:33 --------- d-----w c:\program files\SmartFTP Client
2008-11-20 22:31 --------- d-----w c:\program files\SmartFTP Client 3.0 Setup Files
2008-11-20 20:55 --------- d-----w c:\documents and settings\Owner\Application Data\mIRC
2008-11-19 12:21 --------- d-----w c:\program files\mIRC
2008-11-17 02:21 --------- d-----w c:\program files\FLV Player
2008-11-12 04:06 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-04 23:12 952 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-09-04 23:12 88 --sh--r c:\documents and settings\All Users\Application Data\E94F573D45.sys
2008-08-12 04:55 0 ----a-w c:\documents and settings\Owner\jagex_runescape_preferences.dat
2007-06-29 02:23 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-03-16 19:52 14,704 ----a-w c:\program files\Flash CS3 Professional Read Me.html
2005-04-03 14:24 56 --sh--r c:\windows\system32\86F63302B7.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D1380C8-274A-4C31-8372-DD17055F1D33}]
2008-12-16 12:21 98304 --a------ c:\windows\system32\knzg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B05D1A1E-9F4C-4CCE-91AD-DB5CFF9796DD}]
2008-12-21 11:36 106496 --a------ c:\windows\system32\hozr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 4662776]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings "= "c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"TunePat "= "c:\program files\TunePat\TunePat.exe" [2008-08-27 4235264]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SiSPower "= "SiSPower.dll" [2008-03-20 c:\windows\system32\SiSPower.dll]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

RCA Detective.lnk - c:\documents and settings\Owner\My Documents\RCA Detective\RCADetective.exe [2008-09-09 1069056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-13 805392]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-08-15 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP "= 9842:TCP:*isabled:SolidNetworkManager
"9842:UDP "= 9842:UDP:*isabled:SolidNetworkManager

R0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys [2008-09-21 13312]
R2 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-08-22 24652]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\DRIVERS\HSFHWSIS.sys [2005-02-22 193280]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Bots\GameGuard\dump_wmimmc.sys []
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-09-21 23096]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\DRIVERS\MusCVideo32.sys [2008-09-21 3768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\AutoRun.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99edc0bf-c8c3-11dd-b9d0-0003252316a9}]
\Shell\AutoRun\command - G:\AutoRun.EXE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Blubster - c:\program files\Blubster\Blubster.exe
HKLM-Run-Easy Dock - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bp3facv4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gaiaonline.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 23:30:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2008-12-23 23:40:03
ComboFix-quarantined-files.txt 2008-12-24 05:39:45
ComboFix2.txt 2008-07-07 05:35:03

Pre-Run: 34,822,848,512 bytes free
Post-Run: 34,935,541,760 bytes free

194 --- E O F --- 2008-12-22 23:30:19

noahdfear · 2008/12/27

Sorry for the delay.

Once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
c:\windows\system32\knzg.dll
c:\windows\system32\sf.ico
c:\windows\system32\m3.ico
c:\windows\ios.dat
c:\windows\system32\hozr.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D1380C8-274A-4C31-8372-DD17055F1D33}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B05D1A1E-9F4C-4CCE-91AD-DB5CFF9796DD}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99edc0bf-c8c3-11dd-b9d0-0003252316a9}]
FileLook::
c:\windows\system32\DRIVERS\tpcdrdrv.sys
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

Log in or Sign up

Active Malware Issues (HJT log)

Ludocane Inactive Thread Starter

PeteC SuperGeek Staff

Ludocane Inactive Thread Starter

PeteC SuperGeek Staff

sniper9228 Well-Known Member

PeteC SuperGeek Staff

PeteC SuperGeek Staff

noahdfear Inactive

Ludocane Inactive Thread Starter

Ludocane Inactive Thread Starter

noahdfear Inactive

Ludocane Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Active Malware Issues (HJT log)

Ludocane Inactive Thread Starter

PeteC SuperGeek Staff

Ludocane Inactive Thread Starter

PeteC SuperGeek Staff

sniper9228 Well-Known Member

PeteC SuperGeek Staff

PeteC SuperGeek Staff

noahdfear Inactive

Ludocane Inactive Thread Starter

Ludocane Inactive Thread Starter

noahdfear Inactive

Ludocane Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches