I Got Hammered

Status
Not open for further replies.
M

mb100

Solid State Member
Messages
13
Very little is working right now ...rarely can I open in Safe Mode and I'm surprised I got even this much to work (thank you LSPfix ...)

Logfile of HijackThis v1.99.1
Scan saved at 7:09:32 PM, on 2/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll (file missing)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -c
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Kremlin Sentry.LNK = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162430191151
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: opnlmkl - opnlmkl.dll (file missing)
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

Any help is very much appreciated ...
 
Remove

O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll (file missing)

O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll (file missing)

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html


O20 - Winlogon Notify: opnlmkl - opnlmkl.dll (file missing)

O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)



Then run Malwarebytes and Combofix, you can find them in my guide
 
I'm unable to run most windows based programs, Malwarebytes included. I keep getting an "Invalid Floating Point Operation" error ...Here's the Combofix Log:

ComboFix 07-08-09.3 - "Brian Markin" 2009-02-04 20:48:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.464 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\BRIANM~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\VHFHZZM8\Broadcaster.com | Home | Viral Video Clips, Live Community, News, Software, Movies, Music, Games, Mobile Media & More
C:\DOCUME~1\BRIANM~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#Broadcaster.com | Home | Viral Video Clips, Live Community, News, Software, Movies, Music, Games, Mobile Media & More
C:\WINDOWS\services.exe
C:\WINDOWS\system32\~.exe


((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))


2009-02-04 20:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2009-02-04 19:00 <DIR> d-------- C:\Program Files\Exterminate It!
2009-02-03 08:22 43,520 --a------ C:\WINDOWS\system32\frmwrk32.exe
2009-02-03 08:22 142,848 --a------ C:\WINDOWS\system32\ntdll64.exe
2009-02-03 07:29 <DIR> d--hs---- C:\WINDOWS\CSC
2009-02-03 00:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2009-02-02 23:48 137,568 --a------ C:\WINDOWS\system32\drivers\ethhrxcm.sys
2009-02-02 21:06 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-02-02 21:06 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-02-02 21:06 <DIR> d-------- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-02 21:06 <DIR> d-------- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-02-02 21:00 15,000 --a------ C:\WINDOWS\system32\hnsf983ind.dll
2009-02-02 20:49 441 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2009-02-02 20:49 2,205 --a------ C:\WINDOWS\system32\TDSSlxwp.dll
2009-02-02 20:48 103,424 --a------ C:\WINDOWS\system32.exe
2009-02-02 20:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CrucialSoft Ltd
2009-02-01 11:19 237,568 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2009-01-30 07:31 <DIR> d-------- C:\Program Files\iPod
2009-01-30 07:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-30 07:26 <DIR> d-------- C:\Program Files\QuickTime
2009-01-23 12:14 <DIR> d--h----- C:\WINDOWS\PIF
2009-01-14 22:42 1,041,656 --a------ C:\WINDOWS\vuepro32.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-02-03 08:22 142848 --a------ C:\WINDOWS\system32\userinit.exe
2009-02-03 08:22 142848 --a------ C:\WINDOWS\system32\dllcache\userinit.exe
2009-02-02 20:35 72 ---h----- C:\WINDOWS\popcreg.dat
2009-02-02 20:35 24 --a------ C:\WINDOWS\popcinfot.dat
2009-02-02 19:42 --------- d-------- C:\Program Files\FlashGet
2009-01-30 07:31 --------- d-------- C:\Program Files\iTunes
2009-01-30 07:31 --------- d-------- C:\Program Files\Common Files\Apple
2009-01-21 07:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2009-01-21 06:12 --------- d-------- C:\DOCUME~1\BRIANM~1\APPLIC~1\BitTorrent
2009-01-19 13:39 --------- d-------- C:\Program Files\Google
2009-01-18 17:37 --------- d-------- C:\Program Files\America Online 9.0
2009-01-06 22:38 --------- d-------- C:\Program Files\Easy Photo Editor
2008-12-26 23:18 2288 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-12-21 14:09 --------- d-------- C:\Program Files\TVAnts
2008-12-13 01:40 3593216 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2008-12-11 06:57 333184 --a------ C:\WINDOWS\system32\drivers\srv.sys
2008-12-11 06:57 333184 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-12-05 17:52 --------- d-------- C:\DOCUME~1\BRIANM~1\APPLIC~1\Move Networks
2008-12-05 17:46 --------- d-------- C:\Program Files\Common Files\Software Update Utility
2008-12-05 17:46 --------- d-------- C:\Program Files\AIM6
2008-04-04 09:43 138 --a------ C:\DOCUME~1\BRIANM~1\APPLIC~1\wklnhst.dat
2008-10-29 11:41:49 88 --sh--r C:\WINDOWS\system32\0DFB5A30F7.sys
2008-10-29 11:57:16 4,232 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
2009-01-19 13:18 522224 --a------ C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 09:39]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 11:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 08:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-31 12:13]
"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 08:23]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-10-31 12:09]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 12:03 C:\WINDOWS\system32\P0620Pin.dll]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-09-12 17:46]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 12:57]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 16:18]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-01-06 13:06]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 19:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 22:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"EA Core"="C:\Program Files\Electronic Arts\EA Link\Core.exe" [2007-04-17 06:59]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-10-31 14:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-23 04:48]

C:\Documents and Settings\Brian Markin\Start Menu\Programs\Startup\
Kremlin Sentry.LNK - C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe [2006-11-12 22:36:01]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 20:44:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-01-31 14:00 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cafw]
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cafwc]
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfasem]
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfupgrade]
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
"C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"

R0 iastor;Intel RAID Controller;C:\WINDOWS\system32\drivers\iastor.sys
R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys
R1 SbcpHid;SbcpHid;\??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys
R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe
R3 ATIAVPCI;ATI Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavrr.sys
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"
R3 USB_RNDIS;USB Remote NDIS Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 PD0620VID;Creative WebCam Instant;C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
S3 SDDMI2;SDDMI2;\??\C:\WINDOWS\system32\DDMI2.sys
S3 WinUSB;WinUSB;C:\WINDOWS\system32\DRIVERS\WinUSB.sys
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - WS2IFSL

Contents of the 'Scheduled Tasks' folder
2009-01-27 16:19:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2009-01-23 21:20:29 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Brian Markin at 10 30 AM.job - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 20:55:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000002b8
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA31A376-CD79-E447-AF19-90A84B434C11}]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2009-02-04 20:57:47
C:\ComboFix-quarantined-files.txt ... 2009-02-04 20:57
C:\ComboFix2.txt ... 2009-02-03 22:50

--- E O F ---
 
Did you install a patched "uxtheme.dll"?

Can you run ccleaner and cleanup?

Can you get into safemode yet?
 
Did you install a patched "uxtheme.dll"? No, am I supposed to?

Can you run ccleaner and cleanup? Both have now been run

Can you get into safemode yet? Yes, but now my internet connection is failing and LSPfix is not solving the problem :(
Click to expand...

I've run Malwarebytes ...below is that log. In addition, I'm currently running a scan from a squared and the results are not pretty ...

Thanks for your patience with this ...the whole ordeal is getting really frustrating on my end ...!

Malwarebytes' Anti-Malware 1.33
Database version: 1730
Windows 5.1.2600 Service Pack 2

2/5/2009 7:33:25 AM
mbam-log-2009-02-05 (07-33-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 174542
Time elapsed: 1 hour(s), 51 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 7
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/conflict.1/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\passthru (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\passthru (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.MsAntispyware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\Hijackthis\backups\backup-20090203-081859-903.dll (Trojan.Fraudtool) -> Quarantined and deleted successfully.
C:\Program Files\Hijackthis\backups\backup-20090203-082455-902.dll (Trojan.Fraudtool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10.tmp (Rootkit.Rlsloup) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hnsf983ind.dll (Trojan.Fraudtool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090202204848937.log (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ndisio.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdu.log (Trojan.TDSS) -> Quarantined and deleted successfully.


One other thing that seemed odd ...I ran the disabled all of my Startup items other than my anti-virus, but one process (ctfmon.exe) came back upon reboot.
 
This looks better..

Run Combofix again, then Malwarebytes again and then post a new log.

CFTMON is part of Microsoft, it's legit.
 
Not looking good ...I'm losing hope ...my Anti-Virus kicked on while running the Malwarebytes log and found close to 5,000 files infected with Virut.8442 ...


ComboFix 07-08-09.3 - "Brian Markin" 2009-02-06 8:05:38.3 - NTFSx86


((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))


2009-02-06 08:04 86,528 --a------ C:\WINDOWS\system32\notepad.exe
2009-02-06 08:02 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2009-02-06 08:02 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2009-02-06 08:02 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2009-02-06 08:02 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2009-02-06 08:02 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2009-02-06 08:02 <DIR> d-------- C:\DOCUME~1\BRIANM~1\APPLIC~1\Simply Super Software
2009-02-06 08:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2009-02-06 07:40 68,608 --a------ C:\WINDOWS\nircmd.exe
2009-02-05 22:17 50,688 --a------ C:\WINDOWS\system32\rundll32.exe
2009-02-05 22:07 406,016 --a------ C:\WINDOWS\system32\cmd.exe
2009-02-05 22:06 1,050,624 --a------ C:\WINDOWS\Explorer.EXE
2009-02-05 07:50 <DIR> d-------- C:\Program Files\a-squared Free
2009-02-04 22:56 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-04 22:56 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-02-04 22:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-04 22:56 <DIR> d-------- C:\DOCUME~1\BRIANM~1\APPLIC~1\Malwarebytes
2009-02-04 22:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-02-04 22:48 <DIR> d-------- C:\Program Files\Trend Micro
2009-02-04 22:45 32,768 --ah----- C:\DOCUME~1\BRIANM~1\vmds.exe
2009-02-04 22:37 32,768 --ah----- C:\DOCUME~1\BRIANM~1\ory.exe
2009-02-04 22:33 32,768 --ah----- C:\DOCUME~1\BRIANM~1\whvi.exe
2009-02-04 22:33 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2009-02-04 22:31 66,560 ---h----- C:\WINDOWS\system32\secupdat.dat
2009-02-04 22:31 32,768 --ah----- C:\DOCUME~1\BRIANM~1\bqrpclp.exe
2009-02-04 22:08 <DIR> d-------- C:\Program Files\CCleaner
2009-02-04 19:00 <DIR> d-------- C:\Program Files\Exterminate It!
2009-02-03 07:29 <DIR> d--hs---- C:\WINDOWS\CSC
2009-02-03 00:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2009-02-02 23:48 137,568 --a------ C:\WINDOWS\system32\drivers\ethhrxcm.sys
2009-02-02 21:06 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-02-02 21:06 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-02-02 21:06 <DIR> d-------- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-02 21:06 <DIR> d-------- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-02-02 20:49 441 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2009-02-01 11:19 237,568 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2009-01-30 07:31 <DIR> d-------- C:\Program Files\iPod
2009-01-30 07:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-30 07:26 <DIR> d-------- C:\Program Files\QuickTime
2009-01-23 12:14 <DIR> d--h----- C:\WINDOWS\PIF
2009-01-14 22:42 1,041,656 --a------ C:\WINDOWS\vuepro32.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-02-06 00:26 --------- d-------- C:\Program Files\GemMaster
2009-02-06 00:26 --------- d-------- C:\Program Files\EnglishOtto
2009-02-06 00:18 --------- d-------- C:\Program Files\Microsoft Works
2009-02-06 00:18 --------- d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2009-02-06 00:11 --------- d-------- C:\Program Files\ItsDeductible2006
2009-02-06 00:01 --------- d-------- C:\Program Files\America Online 9.0
2009-02-04 22:33 --------- d-------- C:\Program Files\BAE
2009-02-03 08:22 142848 --a------ C:\WINDOWS\system32\userinit.exe
2009-02-03 08:22 142848 --a------ C:\WINDOWS\system32\dllcache\userinit.exe
2009-02-02 20:35 72 ---h----- C:\WINDOWS\popcreg.dat
2009-02-02 20:35 24 --a------ C:\WINDOWS\popcinfot.dat
2009-02-02 19:42 --------- d-------- C:\Program Files\FlashGet
2009-01-30 07:31 --------- d-------- C:\Program Files\iTunes
2009-01-30 07:31 --------- d-------- C:\Program Files\Common Files\Apple
2009-01-21 07:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2009-01-21 06:12 --------- d-------- C:\DOCUME~1\BRIANM~1\APPLIC~1\BitTorrent
2009-01-19 13:39 --------- d-------- C:\Program Files\Google
2009-01-06 22:38 --------- d-------- C:\Program Files\Easy Photo Editor
2008-12-26 23:18 2288 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-12-21 14:09 --------- d-------- C:\Program Files\TVAnts
2008-12-13 01:40 3593216 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2008-12-11 06:57 333184 --a------ C:\WINDOWS\system32\drivers\srv.sys
2008-12-11 06:57 333184 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-04-04 09:43 138 --a------ C:\DOCUME~1\BRIANM~1\APPLIC~1\wklnhst.dat
2008-10-29 11:41:49 88 --sh--r C:\WINDOWS\system32\0DFB5A30F7.sys
2008-10-29 11:57:16 4,232 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-09 09:11]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 09:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-01-31 14:00 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - MBAMSWISSARMY

Contents of the 'Scheduled Tasks' folder
2009-01-27 16:19:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2009-01-23 21:20:29 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Brian Markin at 10 30 AM.job - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 08:09:33
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA31A376-CD79-E447-AF19-90A84B434C11}]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2009-02-06 8:12:40
C:\ComboFix-quarantined-files.txt ... 2009-02-06 08:12
C:\ComboFix2.txt ... 2009-02-06 07:51
C:\ComboFix3.txt ... 2009-02-04 20:57

--- E O F ---


Malwarebytes' Anti-Malware 1.33
Database version: 1730
Windows 5.1.2600 Service Pack 2

2/6/2009 8:15:10 AM
mbam-log-2009-02-06 (08-15-07).txt

Scan type: Full Scan (C:\|K:\|)
Objects scanned: 157472
Time elapsed: 2 hour(s), 42 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Turn off System Restore

Reboot

Disable your AV if possible for now

Then run Malwarebytes again and then Combofix and post the logs

Then reboot once again and do the scans again and post the logs once more along with a hijackthis log
 
Okay, here's the first round of logs ...I'll reboot and run again and post those logs tomorrow.

Malwarebytes' Anti-Malware 1.33
Database version: 1730
Windows 5.1.2600 Service Pack 2

2/7/2009 5:19:33 PM
mbam-log-2009-02-07 (17-19-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 154152
Time elapsed: 2 hour(s), 27 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 07-08-09.3 - "Brian Markin" 2009-02-07 17:20:36.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.552 [GMT -5:00]


((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))


2009-02-07 12:53 94,720 --a------ C:\WINDOWS\system32\sdbinst.exe
2009-02-07 12:53 94,720 --a------ C:\WINDOWS\system32\dllcache\sdbinst.exe
2009-02-07 12:53 92,672 --a------ C:\WINDOWS\system32\locator.exe
2009-02-07 12:53 89,088 --a------ C:\WINDOWS\system32\blastcln.exe
2009-02-07 12:53 87,552 --a------ C:\WINDOWS\system32\dllcache\sigverif.exe
2009-02-07 12:53 85,504 --a------ C:\WINDOWS\system32\systeminfo.exe
2009-02-07 12:53 84,992 --a------ C:\WINDOWS\system32\openfiles.exe
2009-02-07 12:53 84,992 --a------ C:\WINDOWS\system32\dllcache\opnfiles.exe
2009-02-07 12:53 84,480 --a------ C:\WINDOWS\system32\rdshost.exe
2009-02-07 12:53 832,512 --a------ C:\WINDOWS\system32\dllcache\mmc.exe
2009-02-07 12:53 82,944 --a------ C:\WINDOWS\system32\wextract.exe
2009-02-07 12:53 82,944 --a------ C:\WINDOWS\system32\dllcache\wextract.exe
2009-02-07 12:53 81,408 --a------ C:\WINDOWS\system32\dllcache\cleanmgr.exe
2009-02-07 12:53 81,408 --a------ C:\WINDOWS\system32\cleanmgr.exe
2009-02-07 12:53 78,848 --a------ C:\WINDOWS\system32\dllcache\tlntadmn.exe
2009-02-07 12:53 77,824 --a------ C:\WINDOWS\system32\dllcache\msimn.exe
2009-02-07 12:53 761,344 --a------ C:\WINDOWS\system32\dllcache\helpsvc.exe
2009-02-07 12:53 75,264 --a------ C:\WINDOWS\system32\dllcache\spoolsv.exe
2009-02-07 12:53 74,752 --a------ C:\WINDOWS\system32\gpupdate.exe
2009-02-07 12:53 74,752 --a------ C:\WINDOWS\system32\dllcache\gpupdate.exe
2009-02-07 12:53 74,240 --a------ C:\WINDOWS\system32\dllcache\sol.exe
2009-02-07 12:53 73,216 --a------ C:\WINDOWS\system32\dllcache\ipconfig.exe
2009-02-07 12:53 69,120 --a------ C:\WINDOWS\system32\migpwd.exe
2009-02-07 12:53 67,584 --a------ C:\WINDOWS\system32\dllcache\reg.exe
2009-02-07 12:53 67,584 --a------ C:\WINDOWS\system32\dllcache\evcreate.exe
2009-02-07 12:53 66,560 --a------ C:\WINDOWS\system32\dllcache\rsm.exe
2009-02-07 12:53 66,560 --a------ C:\WINDOWS\system32\dllcache\powercfg.exe
2009-02-07 12:53 64,512 --a------ C:\WINDOWS\system32\dllcache\srdiag.exe
2009-02-07 12:53 63,488 --a------ C:\WINDOWS\system32\dllcache\wab.exe
2009-02-07 12:53 62,976 --a------ C:\WINDOWS\system32\drwtsn32.exe
2009-02-07 12:53 59,982 --a------ C:\WINDOWS\system32\dllcache\rvsezm.exe
2009-02-07 12:53 59,904 --a------ C:\WINDOWS\system32\dllcache\net.exe
2009-02-07 12:53 59,904 --a------ C:\WINDOWS\system32\dllcache\ftp.exe
2009-02-07 12:53 57,344 --a------ C:\WINDOWS\system32\dllcache\cmmon32.exe
2009-02-07 12:53 57,344 --a------ C:\WINDOWS\system32\cmmon32.exe
2009-02-07 12:53 556,032 --a------ C:\WINDOWS\system32\spider.exe
2009-02-07 12:53 556,032 --a------ C:\WINDOWS\system32\dllcache\spider.exe
2009-02-07 12:53 531,968 --a------ C:\WINDOWS\system32\logonui.exe
2009-02-07 12:53 531,968 --a------ C:\WINDOWS\system32\dllcache\logonui.exe
2009-02-07 12:53 53,248 --a------ C:\WINDOWS\system32\rcimlby.exe
2009-02-07 12:53 52,736 --a------ C:\WINDOWS\system32\dllcache\notiflag.exe
2009-02-07 12:53 51,200 --a------ C:\WINDOWS\system32\vssadmin.exe
2009-02-07 12:53 50,688 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe
2009-02-07 12:53 50,688 --a------ C:\WINDOWS\system32\dllcache\clipsrv.exe
2009-02-07 12:53 49,664 --a------ C:\WINDOWS\system32\wpabaln.exe
2009-02-07 12:53 47,616 --a------ C:\WINDOWS\system32\dllcache\asr_fmt.exe
2009-02-07 12:53 451,072 --a------ C:\WINDOWS\system32\dllcache\wiaacmgr.exe
2009-02-07 12:53 43,520 --a------ C:\WINDOWS\system32\skeys.exe
2009-02-07 12:53 42,496 --a------ C:\WINDOWS\system32\lnkstub.exe
2009-02-07 12:53 41,984 --a------ C:\WINDOWS\system32\init32.exe
2009-02-07 12:53 406,016 --a------ C:\WINDOWS\system32\dllcache\cmd.exe
2009-02-07 12:53 40,448 --a------ C:\WINDOWS\system32\dllcache\setup.exe
2009-02-07 12:53 39,424 --a------ C:\WINDOWS\system32\dllcache\mpnotify.exe
2009-02-07 12:53 38,400 --a------ C:\WINDOWS\system32\dllcache\ssmarque.scr
2009-02-07 12:53 38,400 --a------ C:\WINDOWS\system32\dllcache\fontview.exe
2009-02-07 12:53 37,376 --a------ C:\WINDOWS\system32\ssbezier.scr
2009-02-07 12:53 37,376 --a------ C:\WINDOWS\system32\dllcache\ssbezier.scr
2009-02-07 12:53 364,544 --a------ C:\WINDOWS\system32\tourstart.exe
2009-02-07 12:53 364,544 --a------ C:\WINDOWS\system32\dllcache\tourstrt.exe
2009-02-07 12:53 36,917 --a------ C:\WINDOWS\system32\dllcache\shtml.exe
2009-02-07 12:53 36,864 --a------ C:\WINDOWS\system32\dllcache\isignup.exe
2009-02-07 12:53 36,352 --a------ C:\WINDOWS\system32\dllcache\ssmyst.scr
2009-02-07 12:53 35,840 --a------ C:\WINDOWS\system32\ups.exe
2009-02-07 12:53 35,328 --a------ C:\WINDOWS\system32\dllcache\diskperf.exe
2009-02-07 12:53 33,792 --a------ C:\WINDOWS\system32\dllcache\mofcomp.exe
2009-02-07 12:53 33,280 --a------ C:\WINDOWS\system32\perfmon.exe
2009-02-07 12:53 327,737 --a------ C:\WINDOWS\system32\dllcache\imjpdct.exe
2009-02-07 12:53 32,768 --a------ C:\WINDOWS\system32\dllcache\nppagent.exe
2009-02-07 12:53 32,256 --a------ C:\WINDOWS\system32\dllcache\rsh.exe
2009-02-07 12:53 31,232 --a------ C:\WINDOWS\system32\dllcache\wscntfy.exe
2009-02-07 12:53 31,232 --a------ C:\WINDOWS\system32\dllcache\convert.exe
2009-02-07 12:53 307,200 --a------ C:\WINDOWS\system32\vssvc.exe
2009-02-07 12:53 298,496 --a------ C:\WINDOWS\system32\dllcache\pinball.exe
2009-02-07 12:53 29,696 --a------ C:\WINDOWS\system32\tcmsetup.exe
2009-02-07 12:53 29,696 --a------ C:\WINDOWS\system32\dllcache\tracert.exe
2009-02-07 12:53 29,184 --a------ C:\WINDOWS\system32\spnpinst.exe
2009-02-07 12:53 29,184 --a------ C:\WINDOWS\system32\regsvr32.exe
2009-02-07 12:53 29,184 --a------ C:\WINDOWS\system32\dllcache\regsvr32.exe
2009-02-07 12:53 28,672 --a------ C:\WINDOWS\system32\dllcache\atmadm.exe
2009-02-07 12:53 273,920 --a------ C:\WINDOWS\system32\dllcache\agentsvr.exe
2009-02-07 12:53 26,112 --a------ C:\WINDOWS\system32\eventvwr.exe
2009-02-07 12:53 26,112 --a------ C:\WINDOWS\system32\dllcache\eventvwr.exe
2009-02-07 12:53 257,536 --a------ C:\WINDOWS\system32\dllcache\migwiz.exe
2009-02-07 12:53 253,440 --a------ C:\WINDOWS\system32\dllcache\migwiz_a.exe
2009-02-07 12:53 25,600 --a------ C:\WINDOWS\system32\dllcache\control.exe
2009-02-07 12:53 25,600 --a------ C:\WINDOWS\system32\dllcache\cidaemon.exe
2009-02-07 12:53 242,176 --a------ C:\WINDOWS\system32\dmadmin.exe
2009-02-07 12:53 242,176 --a------ C:\WINDOWS\system32\dllcache\dmadmin.exe
2009-02-07 12:53 238,080 --a------ C:\WINDOWS\system32\logon.scr
2009-02-07 12:53 235,520 --a------ C:\WINDOWS\system32\dllcache\wmiprvse.exe
2009-02-07 12:53 231,936 --a------ C:\WINDOWS\system32\dllcache\wordpad.exe
2009-02-07 12:53 23,552 --a------ C:\WINDOWS\system32\dllcache\lpq.exe
2009-02-07 12:53 22,528 --a------ C:\WINDOWS\system32\dllcache\comrereg.exe
2009-02-07 12:53 22,047 --a------ C:\WINDOWS\system32\dllcache\mplayer2.exe
2009-02-07 12:53 214,016 --a------ C:\WINDOWS\system32\dllcache\wmiadap.exe
2009-02-07 12:53 210,432 --a------ C:\WINDOWS\system32\eudcedit.exe
2009-02-07 12:53 210,432 --a------ C:\WINDOWS\system32\dllcache\fsquirt.exe
2009-02-07 12:53 208,960 --a------ C:\WINDOWS\system32\dllcache\cfgwiz.exe
2009-02-07 12:53 167,424 --a------ C:\WINDOWS\system32\imapi.exe
2009-02-07 12:53 158,208 --a------ C:\WINDOWS\system32\sessmgr.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-02-07 12:52 --------- d-------- C:\Program Files\Windows NT
2009-02-07 12:52 --------- d-------- C:\Program Files\Movie Maker
2009-02-07 12:52 --------- d-------- C:\Program Files\Messenger
2009-02-06 00:26 --------- d-------- C:\Program Files\GemMaster
2009-02-06 00:26 --------- d-------- C:\Program Files\EnglishOtto
2009-02-06 00:18 --------- d-------- C:\Program Files\Microsoft Works
2009-02-06 00:18 --------- d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2009-02-06 00:11 --------- d-------- C:\Program Files\ItsDeductible2006
2009-02-06 00:01 --------- d-------- C:\Program Files\America Online 9.0
2009-02-04 22:33 --------- d-------- C:\Program Files\BAE
2009-02-03 08:22 142848 --a------ C:\WINDOWS\system32\userinit.exe
2009-02-03 08:22 142848 --a------ C:\WINDOWS\system32\dllcache\userinit.exe
2009-02-02 20:35 72 ---h----- C:\WINDOWS\popcreg.dat
2009-02-02 20:35 24 --a------ C:\WINDOWS\popcinfot.dat
2009-02-02 19:42 --------- d-------- C:\Program Files\FlashGet
2009-01-30 07:31 --------- d-------- C:\Program Files\iTunes
2009-01-30 07:31 --------- d-------- C:\Program Files\Common Files\Apple
2009-01-21 07:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2009-01-21 06:12 --------- d-------- C:\DOCUME~1\BRIANM~1\APPLIC~1\BitTorrent
2009-01-19 13:39 --------- d-------- C:\Program Files\Google
2009-01-06 22:38 --------- d-------- C:\Program Files\Easy Photo Editor
2008-12-26 23:18 2288 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-12-21 14:09 --------- d-------- C:\Program Files\TVAnts
2008-12-13 01:40 3593216 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2008-12-11 06:57 333184 --a------ C:\WINDOWS\system32\drivers\srv.sys
2008-12-11 06:57 333184 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-04-04 09:43 138 --a------ C:\DOCUME~1\BRIANM~1\APPLIC~1\wklnhst.dat
2008-10-29 11:41:49 88 --sh--r C:\WINDOWS\system32\0DFB5A30F7.sys
2008-10-29 11:57:16 4,232 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-09 09:11]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 09:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-10-31 14:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-01-31 14:00 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R0 iastor;Intel RAID Controller;C:\WINDOWS\system32\drivers\iastor.sys
R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys
R1 SbcpHid;SbcpHid;\??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys
R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe
R3 ATIAVPCI;ATI Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavrr.sys
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 USB_RNDIS;USB Remote NDIS Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
S3 aceoiwhv;aceoiwhv;\??\C:\WINDOWS\System32\Drivers\aceoiwhv.sys
S3 bhjeowrc;bhjeowrc;\??\C:\WINDOWS\System32\Drivers\bhjeowrc.sys
S3 eeuqbpfu;eeuqbpfu;\??\C:\WINDOWS\System32\Drivers\eeuqbpfu.sys
S3 jioydwyn;jioydwyn;\??\C:\WINDOWS\System32\Drivers\jioydwyn.sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 nebfixpi;nebfixpi;\??\C:\WINDOWS\System32\Drivers\nebfixpi.sys
S3 nebopxhl;nebopxhl;\??\C:\WINDOWS\System32\Drivers\nebopxhl.sys
S3 nrgzlkir;nrgzlkir;\??\C:\WINDOWS\System32\Drivers\nrgzlkir.sys
S3 nusdizmr;nusdizmr;\??\C:\WINDOWS\System32\Drivers\nusdizmr.sys
S3 orfsqyph;orfsqyph;\??\C:\WINDOWS\System32\Drivers\orfsqyph.sys
S3 PD0620VID;Creative WebCam Instant;C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"
S3 ptiaicxf;ptiaicxf;\??\C:\WINDOWS\System32\Drivers\ptiaicxf.sys
S3 qletodsk;qletodsk;\??\C:\WINDOWS\System32\Drivers\qletodsk.sys
S3 SDDMI2;SDDMI2;\??\C:\WINDOWS\system32\DDMI2.sys
S3 vmsjhwkx;vmsjhwkx;\??\C:\WINDOWS\System32\Drivers\vmsjhwkx.sys
S3 WinUSB;WinUSB;C:\WINDOWS\system32\DRIVERS\WinUSB.sys
S3 xkapehzn;xkapehzn;\??\C:\WINDOWS\System32\Drivers\xkapehzn.sys
S3 ykvvukhj;ykvvukhj;\??\C:\WINDOWS\System32\Drivers\ykvvukhj.sys
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


Contents of the 'Scheduled Tasks' folder
2009-01-27 16:19:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2009-01-23 21:20:29 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Brian Markin at 10 30 AM.job - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 17:25:53
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA31A376-CD79-E447-AF19-90A84B434C11}]

scanning hidden files ...

**************************************************************************

Completion time: 2009-02-07 17:27:31
C:\ComboFix-quarantined-files.txt ... 2009-02-07 17:26
C:\ComboFix2.txt ... 2009-02-06 08:12
C:\ComboFix3.txt ... 2009-02-06 07:51

--- E O F ---
 
Okay, here are the three logs after a reboot:

Malwarebytes' Anti-Malware 1.33
Database version: 1730
Windows 5.1.2600 Service Pack 2

2/8/2009 12:22:33 AM
mbam-log-2009-02-08 (00-22-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 154056
Time elapsed: 2 hour(s), 37 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Combo Log:

ComboFix 07-08-09.3 - "Brian Markin" 2009-02-08 0:22:50.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.616 [GMT -5:00]


((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))


2009-02-07 12:53 94,720 --a------ C:\WINDOWS\system32\sdbinst.exe
2009-02-07 12:53 94,720 --a------ C:\WINDOWS\system32\dllcache\sdbinst.exe
2009-02-07 12:53 92,672 --a------ C:\WINDOWS\system32\locator.exe
2009-02-07 12:53 89,088 --a------ C:\WINDOWS\system32\blastcln.exe
2009-02-07 12:53 87,552 --a------ C:\WINDOWS\system32\dllcache\sigverif.exe
2009-02-07 12:53 85,504 --a------ C:\WINDOWS\system32\systeminfo.exe
2009-02-07 12:53 84,992 --a------ C:\WINDOWS\system32\openfiles.exe
2009-02-07 12:53 84,992 --a------ C:\WINDOWS\system32\dllcache\opnfiles.exe
2009-02-07 12:53 84,480 --a------ C:\WINDOWS\system32\rdshost.exe
2009-02-07 12:53 832,512 --a------ C:\WINDOWS\system32\dllcache\mmc.exe
2009-02-07 12:53 82,944 --a------ C:\WINDOWS\system32\wextract.exe
2009-02-07 12:53 82,944 --a------ C:\WINDOWS\system32\dllcache\wextract.exe
2009-02-07 12:53 81,408 --a------ C:\WINDOWS\system32\dllcache\cleanmgr.exe
2009-02-07 12:53 81,408 --a------ C:\WINDOWS\system32\cleanmgr.exe
2009-02-07 12:53 78,848 --a------ C:\WINDOWS\system32\dllcache\tlntadmn.exe
2009-02-07 12:53 77,824 --a------ C:\WINDOWS\system32\dllcache\msimn.exe
2009-02-07 12:53 761,344 --a------ C:\WINDOWS\system32\dllcache\helpsvc.exe
2009-02-07 12:53 75,264 --a------ C:\WINDOWS\system32\dllcache\spoolsv.exe
2009-02-07 12:53 74,752 --a------ C:\WINDOWS\system32\gpupdate.exe
2009-02-07 12:53 74,752 --a------ C:\WINDOWS\system32\dllcache\gpupdate.exe
2009-02-07 12:53 74,240 --a------ C:\WINDOWS\system32\dllcache\sol.exe
2009-02-07 12:53 73,216 --a------ C:\WINDOWS\system32\dllcache\ipconfig.exe
2009-02-07 12:53 69,120 --a------ C:\WINDOWS\system32\migpwd.exe
2009-02-07 12:53 67,584 --a------ C:\WINDOWS\system32\dllcache\reg.exe
2009-02-07 12:53 67,584 --a------ C:\WINDOWS\system32\dllcache\evcreate.exe
2009-02-07 12:53 66,560 --a------ C:\WINDOWS\system32\dllcache\rsm.exe
2009-02-07 12:53 66,560 --a------ C:\WINDOWS\system32\dllcache\powercfg.exe
2009-02-07 12:53 64,512 --a------ C:\WINDOWS\system32\dllcache\srdiag.exe
2009-02-07 12:53 63,488 --a------ C:\WINDOWS\system32\dllcache\wab.exe
2009-02-07 12:53 62,976 --a------ C:\WINDOWS\system32\drwtsn32.exe
2009-02-07 12:53 59,982 --a------ C:\WINDOWS\system32\dllcache\rvsezm.exe
2009-02-07 12:53 59,904 --a------ C:\WINDOWS\system32\dllcache\net.exe
2009-02-07 12:53 59,904 --a------ C:\WINDOWS\system32\dllcache\ftp.exe
2009-02-07 12:53 57,344 --a------ C:\WINDOWS\system32\dllcache\cmmon32.exe
2009-02-07 12:53 57,344 --a------ C:\WINDOWS\system32\cmmon32.exe
2009-02-07 12:53 556,032 --a------ C:\WINDOWS\system32\spider.exe
2009-02-07 12:53 556,032 --a------ C:\WINDOWS\system32\dllcache\spider.exe
2009-02-07 12:53 531,968 --a------ C:\WINDOWS\system32\logonui.exe
2009-02-07 12:53 531,968 --a------ C:\WINDOWS\system32\dllcache\logonui.exe
2009-02-07 12:53 53,248 --a------ C:\WINDOWS\system32\rcimlby.exe
2009-02-07 12:53 52,736 --a------ C:\WINDOWS\system32\dllcache\notiflag.exe
2009-02-07 12:53 51,200 --a------ C:\WINDOWS\system32\vssadmin.exe
2009-02-07 12:53 50,688 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe
2009-02-07 12:53 50,688 --a------ C:\WINDOWS\system32\dllcache\clipsrv.exe
2009-02-07 12:53 49,664 --a------ C:\WINDOWS\system32\wpabaln.exe
2009-02-07 12:53 47,616 --a------ C:\WINDOWS\system32\dllcache\asr_fmt.exe
2009-02-07 12:53 451,072 --a------ C:\WINDOWS\system32\dllcache\wiaacmgr.exe
2009-02-07 12:53 43,520 --a------ C:\WINDOWS\system32\skeys.exe
2009-02-07 12:53 42,496 --a------ C:\WINDOWS\system32\lnkstub.exe
2009-02-07 12:53 41,984 --a------ C:\WINDOWS\system32\init32.exe
2009-02-07 12:53 406,016 --a------ C:\WINDOWS\system32\dllcache\cmd.exe
2009-02-07 12:53 40,448 --a------ C:\WINDOWS\system32\dllcache\setup.exe
2009-02-07 12:53 39,424 --a------ C:\WINDOWS\system32\dllcache\mpnotify.exe
2009-02-07 12:53 38,400 --a------ C:\WINDOWS\system32\dllcache\ssmarque.scr
2009-02-07 12:53 38,400 --a------ C:\WINDOWS\system32\dllcache\fontview.exe
2009-02-07 12:53 37,376 --a------ C:\WINDOWS\system32\ssbezier.scr
2009-02-07 12:53 37,376 --a------ C:\WINDOWS\system32\dllcache\ssbezier.scr
2009-02-07 12:53 364,544 --a------ C:\WINDOWS\system32\tourstart.exe
2009-02-07 12:53 364,544 --a------ C:\WINDOWS\system32\dllcache\tourstrt.exe
2009-02-07 12:53 36,917 --a------ C:\WINDOWS\system32\dllcache\shtml.exe
2009-02-07 12:53 36,864 --a------ C:\WINDOWS\system32\dllcache\isignup.exe
2009-02-07 12:53 36,352 --a------ C:\WINDOWS\system32\dllcache\ssmyst.scr
2009-02-07 12:53 35,840 --a------ C:\WINDOWS\system32\ups.exe
2009-02-07 12:53 35,328 --a------ C:\WINDOWS\system32\dllcache\diskperf.exe
2009-02-07 12:53 33,792 --a------ C:\WINDOWS\system32\dllcache\mofcomp.exe
2009-02-07 12:53 33,280 --a------ C:\WINDOWS\system32\perfmon.exe
2009-02-07 12:53 327,737 --a------ C:\WINDOWS\system32\dllcache\imjpdct.exe
2009-02-07 12:53 32,768 --a------ C:\WINDOWS\system32\dllcache\nppagent.exe
2009-02-07 12:53 32,256 --a------ C:\WINDOWS\system32\dllcache\rsh.exe
2009-02-07 12:53 31,232 --a------ C:\WINDOWS\system32\dllcache\wscntfy.exe
2009-02-07 12:53 31,232 --a------ C:\WINDOWS\system32\dllcache\convert.exe
2009-02-07 12:53 307,200 --a------ C:\WINDOWS\system32\vssvc.exe
2009-02-07 12:53 298,496 --a------ C:\WINDOWS\system32\dllcache\pinball.exe
2009-02-07 12:53 29,696 --a------ C:\WINDOWS\system32\tcmsetup.exe
2009-02-07 12:53 29,696 --a------ C:\WINDOWS\system32\dllcache\tracert.exe
2009-02-07 12:53 29,184 --a------ C:\WINDOWS\system32\spnpinst.exe
2009-02-07 12:53 29,184 --a------ C:\WINDOWS\system32\regsvr32.exe
2009-02-07 12:53 29,184 --a------ C:\WINDOWS\system32\dllcache\regsvr32.exe
2009-02-07 12:53 28,672 --a------ C:\WINDOWS\system32\dllcache\atmadm.exe
2009-02-07 12:53 273,920 --a------ C:\WINDOWS\system32\dllcache\agentsvr.exe
2009-02-07 12:53 26,112 --a------ C:\WINDOWS\system32\eventvwr.exe
2009-02-07 12:53 26,112 --a------ C:\WINDOWS\system32\dllcache\eventvwr.exe
2009-02-07 12:53 257,536 --a------ C:\WINDOWS\system32\dllcache\migwiz.exe
2009-02-07 12:53 253,440 --a------ C:\WINDOWS\system32\dllcache\migwiz_a.exe
2009-02-07 12:53 25,600 --a------ C:\WINDOWS\system32\dllcache\control.exe
2009-02-07 12:53 25,600 --a------ C:\WINDOWS\system32\dllcache\cidaemon.exe
2009-02-07 12:53 242,176 --a------ C:\WINDOWS\system32\dmadmin.exe
2009-02-07 12:53 242,176 --a------ C:\WINDOWS\system32\dllcache\dmadmin.exe
2009-02-07 12:53 238,080 --a------ C:\WINDOWS\system32\logon.scr
2009-02-07 12:53 235,520 --a------ C:\WINDOWS\system32\dllcache\wmiprvse.exe
2009-02-07 12:53 231,936 --a------ C:\WINDOWS\system32\dllcache\wordpad.exe
2009-02-07 12:53 23,552 --a------ C:\WINDOWS\system32\dllcache\lpq.exe
2009-02-07 12:53 22,528 --a------ C:\WINDOWS\system32\dllcache\comrereg.exe
2009-02-07 12:53 22,047 --a------ C:\WINDOWS\system32\dllcache\mplayer2.exe
2009-02-07 12:53 214,016 --a------ C:\WINDOWS\system32\dllcache\wmiadap.exe
2009-02-07 12:53 210,432 --a------ C:\WINDOWS\system32\eudcedit.exe
2009-02-07 12:53 210,432 --a------ C:\WINDOWS\system32\dllcache\fsquirt.exe
2009-02-07 12:53 208,960 --a------ C:\WINDOWS\system32\dllcache\cfgwiz.exe
2009-02-07 12:53 167,424 --a------ C:\WINDOWS\system32\imapi.exe
2009-02-07 12:53 158,208 --a------ C:\WINDOWS\system32\sessmgr.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-02-07 12:52 --------- d-------- C:\Program Files\Windows NT
2009-02-07 12:52 --------- d-------- C:\Program Files\Movie Maker
2009-02-07 12:52 --------- d-------- C:\Program Files\Messenger
2009-02-06 00:26 --------- d-------- C:\Program Files\GemMaster
2009-02-06 00:26 --------- d-------- C:\Program Files\EnglishOtto
2009-02-06 00:18 --------- d-------- C:\Program Files\Microsoft Works
2009-02-06 00:18 --------- d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2009-02-06 00:11 --------- d-------- C:\Program Files\ItsDeductible2006
2009-02-06 00:01 --------- d-------- C:\Program Files\America Online 9.0
2009-02-04 22:33 --------- d-------- C:\Program Files\BAE
2009-02-03 08:22 142848 --a------ C:\WINDOWS\system32\userinit.exe
2009-02-03 08:22 142848 --a------ C:\WINDOWS\system32\dllcache\userinit.exe
2009-02-02 20:35 72 ---h----- C:\WINDOWS\popcreg.dat
2009-02-02 20:35 24 --a------ C:\WINDOWS\popcinfot.dat
2009-02-02 19:42 --------- d-------- C:\Program Files\FlashGet
2009-01-30 07:31 --------- d-------- C:\Program Files\iTunes
2009-01-30 07:31 --------- d-------- C:\Program Files\Common Files\Apple
2009-01-21 07:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2009-01-21 06:12 --------- d-------- C:\DOCUME~1\BRIANM~1\APPLIC~1\BitTorrent
2009-01-19 13:39 --------- d-------- C:\Program Files\Google
2009-01-06 22:38 --------- d-------- C:\Program Files\Easy Photo Editor
2008-12-26 23:18 2288 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-12-21 14:09 --------- d-------- C:\Program Files\TVAnts
2008-12-13 01:40 3593216 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2008-12-11 06:57 333184 --a------ C:\WINDOWS\system32\drivers\srv.sys
2008-12-11 06:57 333184 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-04-04 09:43 138 --a------ C:\DOCUME~1\BRIANM~1\APPLIC~1\wklnhst.dat
2008-10-29 11:41:49 88 --sh--r C:\WINDOWS\system32\0DFB5A30F7.sys
2008-10-29 11:57:16 4,232 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-09 09:11]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 19:34]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 09:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-01-31 14:00 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

R0 iastor;Intel RAID Controller;C:\WINDOWS\system32\drivers\iastor.sys
R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys
R1 SbcpHid;SbcpHid;\??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys
R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe
R3 ATIAVPCI;ATI Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavrr.sys
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 USB_RNDIS;USB Remote NDIS Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
S3 aceoiwhv;aceoiwhv;\??\C:\WINDOWS\System32\Drivers\aceoiwhv.sys
S3 bhjeowrc;bhjeowrc;\??\C:\WINDOWS\System32\Drivers\bhjeowrc.sys
S3 eeuqbpfu;eeuqbpfu;\??\C:\WINDOWS\System32\Drivers\eeuqbpfu.sys
S3 jioydwyn;jioydwyn;\??\C:\WINDOWS\System32\Drivers\jioydwyn.sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 nebfixpi;nebfixpi;\??\C:\WINDOWS\System32\Drivers\nebfixpi.sys
S3 nebopxhl;nebopxhl;\??\C:\WINDOWS\System32\Drivers\nebopxhl.sys
S3 nrgzlkir;nrgzlkir;\??\C:\WINDOWS\System32\Drivers\nrgzlkir.sys
S3 nusdizmr;nusdizmr;\??\C:\WINDOWS\System32\Drivers\nusdizmr.sys
S3 orfsqyph;orfsqyph;\??\C:\WINDOWS\System32\Drivers\orfsqyph.sys
S3 PD0620VID;Creative WebCam Instant;C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"
S3 ptiaicxf;ptiaicxf;\??\C:\WINDOWS\System32\Drivers\ptiaicxf.sys
S3 qletodsk;qletodsk;\??\C:\WINDOWS\System32\Drivers\qletodsk.sys
S3 SDDMI2;SDDMI2;\??\C:\WINDOWS\system32\DDMI2.sys
S3 vmsjhwkx;vmsjhwkx;\??\C:\WINDOWS\System32\Drivers\vmsjhwkx.sys
S3 WinUSB;WinUSB;C:\WINDOWS\system32\DRIVERS\WinUSB.sys
S3 xkapehzn;xkapehzn;\??\C:\WINDOWS\System32\Drivers\xkapehzn.sys
S3 ykvvukhj;ykvvukhj;\??\C:\WINDOWS\System32\Drivers\ykvvukhj.sys
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


Contents of the 'Scheduled Tasks' folder
2009-01-27 16:19:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2009-01-23 21:20:29 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Brian Markin at 10 30 AM.job - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 00:28:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA31A376-CD79-E447-AF19-90A84B434C11}]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2009-02-08 0:29:52
C:\ComboFix-quarantined-files.txt ... 2009-02-08 00:28
C:\ComboFix2.txt ... 2009-02-07 17:27
C:\ComboFix3.txt ... 2009-02-06 08:12

--- E O F ---
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
H
HP laptop review, HP 17-by3063st
Replies
1
Views
3K
tehnokraat
T
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom