welp please :(

[joshnx]

ComboFix 09-03-14.02 - josh 2009-03-15 23:50:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1436 [GMT 5.5:30]
Running from: c:\documents and settings\josh\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\BM4f4207c5.txt
c:\windows\BM4f4207c5.xml
c:\windows\pskt.ini
c:\windows\system32\MVDfNqss.ini
c:\windows\system32\MVDfNqss.ini2
c:\windows\system32\prsgrc.dll
c:\windows\system32\sshshqll.ini
c:\windows\system32\xcomm.dll

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-15 23:29 . 2009-03-15 23:29 <DIR> d-------- c:\program files\Trend Micro
2009-03-15 19:07 . 2009-03-15 23:54 34,816 --a------ c:\windows\system32\rpcnetp.exe
2009-03-14 17:41 . 2009-03-14 19:31 0 --a------ C:\tmp.xml
2009-03-14 17:20 . 2009-03-14 17:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2009-03-14 17:19 . 2008-02-01 15:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys
2009-03-14 17:19 . 2008-02-01 15:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys
2009-03-14 14:31 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys
2009-03-14 14:31 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-03-14 14:31 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-03-14 14:31 . 2009-03-14 14:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-14 14:31 . 2009-03-14 14:31 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-14 00:53 . 2009-03-14 00:53 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-14 00:40 . 2009-03-14 15:56 <DIR> d-------- c:\documents and settings\josh\Application Data\PC Suite
2009-03-14 00:40 . 2009-03-14 05:24 <DIR> d-------- c:\documents and settings\josh\Application Data\Nokia
2009-03-14 00:40 . 2009-03-14 01:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2009-03-14 00:09 . 2009-03-14 00:09 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-03-14 00:09 . 2009-03-14 17:19 <DIR> d-------- c:\program files\Common Files\Nokia
2009-03-14 00:09 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-03-14 00:08 . 2009-03-14 00:08 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-03-14 00:08 . 2009-03-14 17:19 <DIR> d-------- c:\program files\Nokia
2009-03-14 00:08 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-03-14 00:08 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-03-14 00:08 . 2008-02-01 15:17 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2009-03-14 00:08 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-03-14 00:08 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-03-14 00:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-03-14 00:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-03-14 00:07 . 2009-03-14 00:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2009-03-13 23:40 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-13 23:40 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-13 23:40 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-13 23:40 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-13 23:40 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-13 23:40 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-13 19:02 . 2009-03-13 19:02 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Intel
2009-03-13 19:02 . 2009-03-13 19:02 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Intel
2009-03-13 19:01 . 2009-03-13 19:01 <DIR> d-------- c:\program files\Common Files\Intel
2009-03-13 19:00 . 2009-03-13 19:00 <DIR> d-------- c:\documents and settings\josh\Application Data\Intel
2009-03-13 19:00 . 2009-03-13 19:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Intel
2009-03-13 03:47 . 2009-03-13 03:47 <DIR> d-------- c:\program files\Oxygen Software
2009-03-12 10:04 . 2009-03-12 10:04 <DIR> d-------- c:\program files\Unibrain
2009-03-11 01:13 . 2008-03-26 11:15 53,248 --a------ c:\windows\system32\CSVer.dll
2009-02-28 08:53 . 2009-02-28 08:53 <DIR> d-------- c:\documents and settings\LocalService\Application Data\WTablet
2009-02-27 22:11 . 2002-03-20 17:14 21,376 -ra------ c:\windows\system32\drivers\dm9usb.sys
2009-02-26 18:27 . 2009-02-26 18:27 6,855,014 --a------ C:\apoca copy.jpg
2009-02-26 16:18 . 2009-02-21 03:28 358,965,094 --a------ C:\apoca.psd
2009-02-26 14:40 . 2009-03-15 01:50 7,680 --ahs---- c:\windows\Thumbs.db
2009-02-25 17:29 . 2009-02-25 17:30 <DIR> d-------- c:\program files\CONEXANT
2009-02-25 17:29 . 2008-02-01 13:18 732,160 --a------ c:\windows\system32\drivers\CHDAud.sys
2009-02-25 17:17 . 2009-02-25 17:17 <DIR> d-------- C:\temp
2009-02-20 02:23 . 2009-02-20 02:23 <DIR> d-------- c:\program files\Common Files\snp2uvc
2009-02-20 02:23 . 2006-12-28 16:20 9,599,744 --a------ c:\windows\system32\drivers\snp2uvc.sys
2009-02-20 02:23 . 2006-12-28 19:48 589,824 --a------ c:\windows\vsnp2uvc.exe
2009-02-20 02:23 . 2007-01-11 18:01 299,008 --a------ c:\windows\system32\vsnp2uvc.dll
2009-02-20 02:23 . 2006-12-22 16:25 98,304 --a------ c:\windows\system32\rsnp2uvc.dll
2009-02-20 02:23 . 2005-11-23 13:55 53,248 --a------ c:\windows\system32\csnp2uvc.dll
2009-02-20 02:23 . 2006-12-28 11:21 27,904 --a------ c:\windows\system32\drivers\sncduvc.sys
2009-02-20 02:23 . 2006-05-19 11:39 15,497 --a------ c:\windows\snp2uvc.ini
2009-02-20 02:23 . 2006-05-19 11:53 13,022 --a------ c:\windows\snp2uvc.src
2009-02-19 23:11 . 2009-02-19 23:11 <DIR> d-------- c:\program files\Uniblue
2009-02-19 23:11 . 2009-02-19 23:11 <DIR> d-------- c:\documents and settings\josh\Application Data\Uniblue
2009-02-19 23:11 . 2009-03-12 10:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-19 20:54 . 2009-02-20 01:15 <DIR> d-------- c:\program files\Microsoft Bootvis
2009-02-19 19:49 . 2009-02-19 23:11 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-02-17 16:05 . 2009-02-26 18:28 13,824 --ahs---- C:\Thumbs.db
2009-02-16 17:37 . 2009-02-16 17:37 <DIR> d-------- c:\documents and settings\josh\Application Data\BitDefender
2009-02-16 17:36 . 2009-02-16 17:36 <DIR> d-------- c:\program files\BitDefender
2009-02-16 15:38 . 2009-02-16 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-02-15 23:13 . 2009-03-15 23:45 121 --a------ c:\windows\bdagent.INI
2009-02-15 23:09 . 2009-03-15 17:10 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-15 23:07 . 2009-02-16 17:36 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-02-15 19:47 . 2009-03-15 18:48 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-15 19:47 . 2009-02-15 19:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-15 19:47 . 2009-02-15 19:47 <DIR> d-------- c:\documents and settings\josh\Application Data\SUPERAntiSpyware.com
2009-02-15 19:47 . 2009-02-15 19:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 18:26 --------- d-----w c:\documents and settings\josh\Application Data\WTablet
2009-03-15 15:57 --------- d-----w c:\program files\MagicISO
2009-03-14 20:40 --------- d-----w c:\documents and settings\josh\Application Data\Hamachi
2009-03-13 13:31 --------- d-----w c:\program files\Intel
2009-03-11 15:08 --------- d-----w c:\program files\Garena
2009-03-11 08:29 --------- d-----w c:\program files\Winamp
2009-03-11 08:27 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-11 00:07 --------- d-----w c:\program files\PC Auto Shutdown
2009-02-26 09:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 04:16 --------- d-----w c:\program files\BitLord
2009-02-24 21:05 --------- d-----w c:\program files\Autodesk
2009-02-24 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-02-16 12:44 86,792 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-02-08 10:34 --------- d-----w c:\documents and settings\josh\Application Data\Autodesk
2009-02-08 07:27 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-02-08 07:23 --------- d-----w c:\program files\MSBuild
2009-02-08 07:20 --------- d-----w c:\program files\Reference Assemblies
2009-02-03 09:42 --------- d-----w c:\documents and settings\josh\Application Data\Media Player Classic
2009-02-03 09:41 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-30 18:10 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 18:10 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-30 18:10 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-30 17:06 --------- d-----w c:\program files\AVG
2009-01-30 15:40 --------- d-----w c:\program files\My directory
2009-01-26 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-26 14:59 --------- d-----w c:\program files\Common Files\Download Manager
2009-01-25 20:39 --------- d-----w c:\program files\Tablet
2009-01-25 08:18 --------- d-----w c:\program files\Yahoo!
2009-01-25 08:17 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-23 07:44 --------- d-----w c:\documents and settings\josh\Application Data\Red Kawa
2009-01-19 15:37 --------- d-----w c:\program files\Red Kawa
2009-01-19 15:37 --------- d-----w c:\program files\AviSynth 2.5
2009-01-18 12:16 234,418 ----a-w c:\windows\EasyGifAnimator_Toolbar_Uninstaller_3359.exe
2009-01-18 12:16 --------- d-----w c:\program files\Easy Gif Animator Extension
2009-01-18 12:16 --------- d-----w c:\program files\Easy GIF Animator
2009-01-16 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft(2)
2009-01-16 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\avg7(2)
2009-01-16 19:40 --------- d-----w c:\program files\TVersity Codec Pack
2009-01-16 19:40 --------- d-----w c:\program files\QuickTime
2009-01-16 19:40 --------- d-----w c:\program files\ffdshow
2009-01-16 19:40 --------- d-----w c:\program files\Apple Software Update
2009-01-16 19:40 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-16 19:38 --------- d-----w c:\program files\AnMing
2008-11-13 14:26 144,198 ----a-w c:\documents and settings\All Users\Application Data\firstlsp.reg.dat
.

 

[joshnx]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:20 AM, on 3/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Autodesk\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\PC Auto Shutdown\ShutdownService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\rpcnet.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Facebook | Welcome to Facebook
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1219395449580
O17 - HKLM\System\CCS\Services\Tcpip\..\{E75DCF64-7F09-4EFD-B561-3DF70D3472E3}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: vlqmcw.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - (no file)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PCAutoShutdown_Service - Unknown owner - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\SYSTEM32\rpcnet.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8492 bytes

 

[joshnx]

****** only half of combofix log came...ill post it now after hijack this log

------- Sigcheck -------

2004-08-04 05:37 1049600 ae3af584f769a87ba153940bc90dcf8b c:\windows\explorer.exe
2004-08-04 05:37 1049600 f586cece46277ea2a04670ec7c0f05ec c:\windows\system32\dllcache\explorer.exe

2004-08-04 05:37 32768 ab8810dcc6d7a2882f5e61e23675cc98 c:\windows\system32\ctfmon.exe
2004-08-04 05:37 32768 627fb6ed99fd4a475bb415e43c728feb c:\windows\system32\dllcache\ctfmon.exe

2004-08-04 05:37 75776 e740fe6f4e10182a7ab9663cec0b39f7 c:\windows\system32\spoolsv.exe
2004-08-04 05:37 75264 12eeb2aa03e81118d89d18c3b3953c40 c:\windows\system32\dllcache\spoolsv.exe

2004-08-04 05:37 41984 26c2b8316816647f710da9613e1f809d c:\windows\system32\userinit.exe
2004-08-04 05:37 41984 c30c24067416ae1bf23afbc8e860e8c3 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 32768]
"ares"="c:\program files\Ares\Ares.exe" [2008-08-21 910336]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2004-12-21 1810432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-10-16 1388544]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-10-16 1212416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-30 23:40 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vlqmcw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= P1160Jpg.dll
"VIDC.MJPG"= P1160Jpg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^josh^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\josh\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\areslite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Email Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\On-Line Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Scan

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-08-21 21:15 910336 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-01-30 23:40 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2009-03-15 02:53 389120 c:\program files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2009-03-15 05:53 81920 c:\program files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
--a------ 2007-10-25 17:41 434176 c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:37 32768 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a------ 2003-11-30 23:13 1373696 c:\documents and settings\josh\My Documents\progs\FreeRAM XP Pro 1.40.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-25 11:55 166424 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-10-03 15:44 178712 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-25 11:56 141848 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-04-17 12:41 217088 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-04-13 06:07 90112 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-01-25 11:56 137752 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-17 02:43 434176 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-23 14:17 21755688 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2004-12-21 13:34 1810432 c:\program files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-15 16:17 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-20 16:23 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 06:20 51200 c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Autodesk\\3dsmax.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-30 12552]
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-09-28 5504]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-30 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-30 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-30 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-30 298264]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 86016]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [2008-11-25 464896]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2007-09-25 86792]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2009-02-25 732160]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-06-19 48600]
RUnknown rpcnetp;rpcnetp; [x]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2009-02-27 21376]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-14 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-14 8320]
S3 P1160COM;Creative PC-CAM 880 (Camera);c:\windows\system32\drivers\P1160Buk.sys [2008-10-06 42784]
S3 P1160VID;Creative PC-CAM 880 (Video);c:\windows\system32\drivers\P1160Vid.sys [2008-10-06 46048]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 UBFWNet;Unibrain 1394 FireNet Adapter NT Driver;c:\windows\system32\drivers\ubfwnet.sys [2008-11-03 37072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81bbefc2-d34f-11dd-9144-001e68393f52}]
\Shell\Auto\command - a.net
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL a.net

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec4a572-88da-11dd-9065-001e68393f52}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-03-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

2009-03-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-FlashGuard - c:\program files\FlashGuard\FlashGuard.exe
MSConfigStartUp-IntelWireless - c:\program files\Intel\Wireless\Bin\ifrmewrk.exe
MSConfigStartUp-IntelZeroConfig - c:\program files\Intel\Wireless\bin\ZCfgSvc.exe
MSConfigStartUp-PC Auto Shutdown - c:\program files\PC Auto Shutdown\AutoShutdown.exe


.
------- Supplementary Scan -------
.
uStart Page = www.facebook.com
uInternet Settings,ProxyOverride = *.local
TCP: {E75DCF64-7F09-4EFD-B561-3DF70D3472E3} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 23:56:39
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\NTAgent.exe 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1440)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1812)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WudfHost.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\Tablet.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\UTSCSI.EXE
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rpcnet.exe
.
**************************************************************************
.
Completion time: 2009-03-16 0:00:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-15 18:30:46

Pre-Run: 13,861,490,688 bytes free
Post-Run: 24,017,891,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut /usepmtimer

378

 

[Osiris]

Now I need you run these programs in this order.
If you can now login to safemode, run these in safemode, if you still cant then run them normally.

Cleanup!
CCleaner - The file cleaner and Registry Cleaner
SFDIX
Combofix
Malwarebytes

These can all be found in my guide. Post the logs of Combofix, Malwarebytes and SDFIX

 

[joshnx]

is it sdfix or sfdix?

 

[joshnx]

smithfraudfix rite?

 

[Osiris]

My bad, SDFIX

 

[joshnx]

ok ive downloaded the files and ran everything except malware bytes ..sdfix took 4 hours to finish the malware search ..the startup problem is still happening after sdfix tho ..but combofix seems to have fixed it ..not too sure about this yet..the only difference is that when i start up normally this time explorer will not openat all..says its encountered an error...but when i used combofix in safe mode n it booted it opened normally..will post logs after im done with malware bytes...gotta head to class now wish i had time ..

 

[joshnx]

the startup still isn workin ..dep blocks explorer so i put it in the list and then it says explorer has encountered an error..well anyways here are the logs...
malware bytes
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 2

3/16/2009 2:49:05 PM
mbam-log-2009-03-16 (14-49-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 123069
Time elapsed: 1 hour(s), 43 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e524163-8d00-46f3-b239-1f42d48c8ed0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\protect.sys.vir (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D384B3C-EB60-4C37-B473-4F01EDB2138D}\RP2\A0000479.sys (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\makehm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

 

[joshnx]

ComboFix 09-03-14.02 - josh 2009-03-16 9:05:53.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1771 [GMT 5.5:30]
Running from: c:\documents and settings\josh\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\josh\reader_s.exe
c:\windows\system32\7.tmp
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\drivers\protect.sys
c:\windows\system32\reader_s.exe

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PROTECT
-------\Legacy_RESTORE
-------\Service_protect
-------\Service_restore


((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.

2009-03-16 01:52 . 2009-03-16 01:52 64,512 --a------ c:\windows\system32\makehm.exe
2009-03-16 01:51 . 2009-03-16 01:51 124 --a------ c:\windows\system32\5.tmp
2009-03-16 01:33 . 2009-03-16 01:33 0 --a------ c:\windows\system32\33.tmp
2009-03-16 01:32 . 2009-03-16 01:32 <DIR> d-------- c:\windows\ERUNT
2009-03-16 01:32 . 2009-03-16 01:51 130 --a------ c:\windows\adobe.bat
2009-03-16 01:32 . 2009-03-16 01:32 0 --a------ c:\windows\_id.dat
2009-03-16 01:28 . 2009-03-16 01:54 <DIR> d-------- C:\SDFix
2009-03-16 01:14 . 2009-03-16 01:14 <DIR> d-------- c:\program files\CCleaner
2009-03-16 01:10 . 2009-03-16 01:10 <DIR> d-------- c:\program files\CleanUp!
2009-03-16 00:00 . 2009-03-15 23:59 64,512 --a------ c:\windows\system32\rpcnet.exe
2009-03-15 23:29 . 2009-03-15 23:29 <DIR> d-------- c:\program files\Trend Micro
2009-03-15 19:07 . 2009-03-16 09:14 17,408 --a------ c:\windows\system32\rpcnetp.exe
2009-03-14 17:41 . 2009-03-14 19:31 0 --a------ C:\tmp.xml
2009-03-14 17:20 . 2009-03-14 17:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2009-03-14 17:19 . 2008-02-01 15:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys
2009-03-14 17:19 . 2008-02-01 15:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys
2009-03-14 14:31 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys
2009-03-14 14:31 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-03-14 14:31 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-03-14 14:31 . 2009-03-14 14:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-14 14:31 . 2009-03-14 14:31 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-14 00:53 . 2009-03-14 00:53 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-14 00:40 . 2009-03-14 15:56 <DIR> d-------- c:\documents and settings\josh\Application Data\PC Suite
2009-03-14 00:40 . 2009-03-14 05:24 <DIR> d-------- c:\documents and settings\josh\Application Data\Nokia
2009-03-14 00:40 . 2009-03-14 01:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2009-03-14 00:09 . 2009-03-14 00:09 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-03-14 00:09 . 2009-03-14 17:19 <DIR> d-------- c:\program files\Common Files\Nokia
2009-03-14 00:09 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-03-14 00:08 . 2009-03-14 00:08 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-03-14 00:08 . 2009-03-14 17:19 <DIR> d-------- c:\program files\Nokia
2009-03-14 00:08 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-03-14 00:08 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-03-14 00:08 . 2008-02-01 15:17 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2009-03-14 00:08 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-03-14 00:08 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-03-14 00:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-03-14 00:08 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-03-14 00:07 . 2009-03-14 00:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2009-03-13 23:40 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-13 23:40 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-13 23:40 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-13 23:40 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-13 23:40 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-13 23:40 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-13 23:40 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-13 19:02 . 2009-03-13 19:02 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Intel
2009-03-13 19:02 . 2009-03-13 19:02 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Intel
2009-03-13 19:01 . 2009-03-13 19:01 <DIR> d-------- c:\program files\Common Files\Intel
2009-03-13 19:00 . 2009-03-13 19:00 <DIR> d-------- c:\documents and settings\josh\Application Data\Intel
2009-03-13 19:00 . 2009-03-13 19:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Intel
2009-03-13 03:47 . 2009-03-13 03:47 <DIR> d-------- c:\program files\Oxygen Software
2009-03-12 10:04 . 2009-03-12 10:04 <DIR> d-------- c:\program files\Unibrain
2009-03-11 01:13 . 2008-03-26 11:15 53,248 --a------ c:\windows\system32\CSVer.dll
2009-02-28 08:53 . 2009-02-28 08:53 <DIR> d-------- c:\documents and settings\LocalService\Application Data\WTablet
2009-02-27 22:11 . 2002-03-20 17:14 21,376 -ra------ c:\windows\system32\drivers\dm9usb.sys
2009-02-26 18:27 . 2009-02-26 18:27 6,855,014 --a------ C:\apoca copy.jpg
2009-02-26 16:18 . 2009-02-21 03:28 358,965,094 --a------ C:\apoca.psd
2009-02-26 14:40 . 2009-03-16 01:28 7,680 --ahs---- c:\windows\Thumbs.db
2009-02-25 17:29 . 2009-02-25 17:30 <DIR> d-------- c:\program files\CONEXANT
2009-02-25 17:29 . 2008-02-01 13:18 732,160 --a------ c:\windows\system32\drivers\CHDAud.sys
2009-02-25 17:17 . 2009-03-16 01:11 <DIR> d-------- C:\temp
2009-02-20 02:23 . 2009-02-20 02:23 <DIR> d-------- c:\program files\Common Files\snp2uvc
2009-02-20 02:23 . 2006-12-28 16:20 9,599,744 --a------ c:\windows\system32\drivers\snp2uvc.sys
2009-02-20 02:23 . 2006-12-28 19:48 589,824 --a------ c:\windows\vsnp2uvc.exe
2009-02-20 02:23 . 2007-01-11 18:01 299,008 --a------ c:\windows\system32\vsnp2uvc.dll
2009-02-20 02:23 . 2006-12-22 16:25 98,304 --a------ c:\windows\system32\rsnp2uvc.dll
2009-02-20 02:23 . 2005-11-23 13:55 53,248 --a------ c:\windows\system32\csnp2uvc.dll
2009-02-20 02:23 . 2006-12-28 11:21 27,904 --a------ c:\windows\system32\drivers\sncduvc.sys
2009-02-20 02:23 . 2006-05-19 11:39 15,497 --a------ c:\windows\snp2uvc.ini
2009-02-20 02:23 . 2006-05-19 11:53 13,022 --a------ c:\windows\snp2uvc.src
2009-02-19 23:11 . 2009-02-19 23:11 <DIR> d-------- c:\program files\Uniblue
2009-02-19 23:11 . 2009-02-19 23:11 <DIR> d-------- c:\documents and settings\josh\Application Data\Uniblue
2009-02-19 23:11 . 2009-03-12 10:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-19 20:54 . 2009-02-20 01:15 <DIR> d-------- c:\program files\Microsoft Bootvis
2009-02-19 19:49 . 2009-02-19 23:11 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-02-17 16:05 . 2009-02-26 18:28 13,824 --ahs---- C:\Thumbs.db
2009-02-16 17:37 . 2009-02-16 17:37 <DIR> d-------- c:\documents and settings\josh\Application Data\BitDefender
2009-02-16 17:36 . 2009-02-16 17:36 <DIR> d-------- c:\program files\BitDefender
2009-02-16 15:38 . 2009-02-16 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 03:45 --------- d-----w c:\documents and settings\josh\Application Data\WTablet
2009-03-15 20:23 182,912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-15 19:45 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-15 18:42 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-15 15:57 --------- d-----w c:\program files\MagicISO
2009-03-14 20:40 --------- d-----w c:\documents and settings\josh\Application Data\Hamachi
2009-03-13 13:31 --------- d-----w c:\program files\Intel
2009-03-11 15:08 --------- d-----w c:\program files\Garena
2009-03-11 08:29 --------- d-----w c:\program files\Winamp
2009-03-11 08:27 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-11 00:07 --------- d-----w c:\program files\PC Auto Shutdown
2009-02-26 09:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 04:16 --------- d-----w c:\program files\BitLord
2009-02-24 21:05 --------- d-----w c:\program files\Autodesk
2009-02-24 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-02-16 12:44 86,792 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-02-16 12:06 --------- d-----w c:\program files\Common Files\BitDefender
2009-02-15 14:17 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-15 14:17 --------- d-----w c:\documents and settings\josh\Application Data\SUPERAntiSpyware.com
2009-02-15 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-08 10:34 --------- d-----w c:\documents and settings\josh\Application Data\Autodesk
2009-02-08 07:27 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-02-08 07:23 --------- d-----w c:\program files\MSBuild
2009-02-08 07:20 --------- d-----w c:\program files\Reference Assemblies
2009-02-03 09:42 --------- d-----w c:\documents and settings\josh\Application Data\Media Player Classic
2009-02-03 09:41 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-30 18:10 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 18:10 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-30 18:10 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-30 17:06 --------- d-----w c:\program files\AVG
2009-01-30 15:40 --------- d-----w c:\program files\My directory
2009-01-26 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-26 14:59 --------- d-----w c:\program files\Common Files\Download Manager
2009-01-25 20:39 --------- d-----w c:\program files\Tablet
2009-01-25 08:18 --------- d-----w c:\program files\Yahoo!
2009-01-25 08:17 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-23 07:44 --------- d-----w c:\documents and settings\josh\Application Data\Red Kawa
2009-01-19 15:37 --------- d-----w c:\program files\Red Kawa
2009-01-19 15:37 --------- d-----w c:\program files\AviSynth 2.5
2009-01-18 12:16 234,418 ----a-w c:\windows\EasyGifAnimator_Toolbar_Uninstaller_3359.exe
2009-01-18 12:16 --------- d-----w c:\program files\Easy Gif Animator Extension
2009-01-18 12:16 --------- d-----w c:\program files\Easy GIF Animator
2009-01-16 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft(2)
2009-01-16 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\avg7(2)
2009-01-16 19:40 --------- d-----w c:\program files\TVersity Codec Pack
2009-01-16 19:40 --------- d-----w c:\program files\QuickTime
2009-01-16 19:40 --------- d-----w c:\program files\ffdshow
2009-01-16 19:40 --------- d-----w c:\program files\Apple Software Update
2009-01-16 19:40 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-16 19:38 --------- d-----w c:\program files\AnMing
2008-11-13 14:26 144,198 ----a-w c:\documents and settings\All Users\Application Data\firstlsp.reg.dat
.