Stuck at work - NT Authority/System Shutdown 1073741819

[djrazr]

I"m stuck here at work searching for a solution. I've checked the internet, and it's some sasser virus

Pc reboots before windows loads with NT/Authority system shutdown 1073741819, in 60 seconds.
I got to run and type shutdown -a, and then the computer freezes and i cant do anything but restart the pc
Pc does have zone alarm as firewall. I'm trying to get by to download updates which has not been done in months

I booted in safe mode, ran bitdefender, malwarebytes,spybot,avg rootkit, trendmicro online scanner,mcafee stinger, fixblast and fxsasser. Found nothing, and problem still exist. I tried to run superantispyware but cant in safe mode with network.

So i downloaded hijack this and here is my log. I'm hoping someone can help me out so i can go home and enjoy the holidays. As of right now, i'm stuck here at dang work. Please be detailed as i'm no pc guy..thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:48 PM, on 12/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22D3612D-8EE6-48C7-9481-96A723424EDF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {8912DBA0-A96F-48F1-9A42-EE6CD54B7A9D} - (no file)
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmyuzyu.dll
O20 - Winlogon Notify: qoMfcCtT - qoMfcCtT.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: IBService - Unknown owner - C:\Program Files\Invisible Browsing\servers\IBService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4322 bytes


any help would be greatly appreciated. I'll be by this pc until i solve the problem and if that means all night, so be it

Thanks

 

[Osiris]

Boot into safemode and remove these entries

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {22D3612D-8EE6-48C7-9481-96A723424EDF} - (no file)

O2 - BHO: (no name) - {8912DBA0-A96F-48F1-9A42-EE6CD54B7A9D} - (no file)

O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmyuzyu.dll

O20 - Winlogon Notify: qoMfcCtT - qoMfcCtT.dll (file missing)


Run Malwarebytes and combofix and post their logs and also a new hijackthis log after the entries have been removed

 

[djrazr]

will try it now. What is combo fix?

also, where do i go to remove the entries?

 

[Osiris]

in Hijackthis.

Scan your system

You'll see empty check boxes. The entries I said to remove, select the box next to the entry

A guide and tutorial on using ComboFix

 

[djrazr]

gonna do it right now

 

[djrazr]

here is hijack and malware, but i dont have the xp disc to do a xp recovery console for combo fix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:32 PM, on 12/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: IBService - Unknown owner - C:\Program Files\Invisible Browsing\servers\IBService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3950 bytes


Malwarebytes' Anti-Malware 1.30
Database version: 1416
Windows 5.1.2600 Service Pack 2

12/24/2008 9:08:29 PM
mbam-log-2008-12-24 (21-08-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 96446
Time elapsed: 14 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[djrazr]

oopps, i need to read the rest of the combo fix tutorial. Hold on, i'll post that shortly

 

[djrazr]

am i going to lose anything on my hd when i run combofix?

 

[Osiris]

Anything is possible but no, you wont lose anything. You dont need to install the recovery console if you dont want too.

 

[djrazr]

After numerous attempts, the Windows XP Home Edition with Service Pack 2 Utility: Setup Disks for Floppy Boot Install is just not working. The file keeps saying corrupted. I ended up accidently running combo fix and got this



ComboFix 08-12-24.01 - Administrator 2008-12-24 21:26:26.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3070.2720 [GMT -8:00]
Running from: G:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Home\Application Data\inst.exe
c:\windows\aazalirt.exe
c:\windows\iddqdops.exe
c:\windows\jikglond.exe
c:\windows\jiklagka.exe
c:\windows\jungertab.exe
c:\windows\klopnidret.exe
c:\windows\ronitfst.exe
c:\windows\salrtybek.exe
c:\windows\seeukluba.exe
c:\windows\skaaanret.exe
c:\windows\system32\wincreate.exe
c:\windows\tobmygers.exe
c:\windows\tobykke.exe
c:\windows\zibaglertz.exe
G:\resycled
g:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-24 17:10 . 2008-12-24 17:10 <DIR> d-------- c:\program files\Trend Micro
2008-12-24 17:06 . 2008-12-24 17:06 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AdobeUM
2008-12-24 15:00 . 2008-12-24 15:41 <DIR> d-------- c:\documents and settings\Administrator\.housecall6.6
2008-12-24 13:37 . 2008-12-24 13:37 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-12-24 13:31 . 2008-12-24 19:03 43,040 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-24 13:31 . 2008-12-24 13:31 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-24 13:23 . 2008-12-24 13:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-12-24 13:22 . 2008-12-24 13:22 <DIR> d-------- c:\program files\Zone Labs
2008-12-24 13:21 . 2008-12-24 20:05 <DIR> d-------- c:\windows\Internet Logs
2008-12-24 12:12 . 2007-01-18 04:00 3,968 --a------ c:\windows\system32\drivers\AvgArCln.sys
2008-12-22 11:09 . 2008-12-22 11:09 46,080 --a------ c:\windows\system32\mmmyuzyu.dll
2008-12-22 11:07 . 2008-12-22 11:07 46,080 --a------ c:\windows\system32\mmmvolvo.dll
2008-12-22 10:37 . 2008-11-18 17:22 4,932,819 --a------ c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
2008-12-22 10:04 . 2008-12-22 10:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-22 10:03 . 2008-12-22 10:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue
2008-12-22 09:53 . 2008-12-22 09:53 46,080 --a------ c:\windows\system32\mmmjvljv.dll
2008-12-22 07:04 . 2008-12-22 07:04 9,215 ---h----- c:\documents and settings\Home\Home.exe
2008-12-21 20:38 . 2008-12-21 20:44 <DIR> d-------- c:\documents and settings\Home\Application Data\.ABC
2008-12-21 20:33 . 2008-12-24 20:05 <DIR> d-------- c:\program files\DNA
2008-12-21 20:33 . 2008-12-24 20:05 <DIR> d-------- c:\documents and settings\Home\Application Data\DNA
2008-12-21 19:28 . 2008-12-21 19:28 68 --a------ c:\windows\MyProg.ini
2008-12-21 19:05 . 2008-12-21 19:10 <DIR> d-------- c:\documents and settings\Home\Application Data\Hide IP NG
2008-12-21 18:57 . 2008-12-21 18:57 32 --a------ c:\windows\go
2008-12-06 17:33 . 2008-12-06 17:44 <DIR> d-------- c:\program files\0.7 beta
2008-12-06 17:31 . 2008-12-06 17:31 <DIR> d-------- c:\documents and settings\Home\Application Data\InstallShield
2008-12-06 17:26 . 2008-12-06 17:26 <DIR> d-------- c:\program files\TonyVegas
2008-11-25 22:43 . 2008-11-25 22:43 <DIR> d-------- c:\documents and settings\Home\Application Data\WinWay
2008-11-25 22:40 . 2008-11-25 22:40 <DIR> d-------- c:\program files\WinWay Resume
2008-11-25 22:38 . 2008-11-25 22:38 974,848 --a------ c:\windows\system32\mfc70.dll
2008-11-25 22:38 . 2008-11-25 22:38 964,608 --a------ c:\windows\system32\mfc70u.dll
2008-11-25 22:35 . 2008-11-25 22:35 487,424 --a------ c:\windows\system32\msvcp70.dll
2008-11-25 22:35 . 2008-11-25 22:35 54,784 --a------ c:\windows\system32\msvci70.dll
2008-11-25 22:19 . 2008-11-25 22:19 103,744 --a------ c:\windows\system32\mscomm32.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 22:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 21:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-24 18:02 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-12-24 16:56 --------- d-----w c:\documents and settings\Home\Application Data\uTorrent
2008-12-23 20:14 --------- d-----w c:\program files\eMule
2008-12-23 16:12 --------- d-----w c:\program files\PeerGuardian2
2008-12-22 04:27 --------- d-----w c:\documents and settings\Home\Application Data\Azureus
2008-12-21 06:33 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-12-19 02:02 --------- d-----w c:\program files\Azureus
2008-12-07 01:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-22 23:21 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-11-22 23:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-22 23:19 --------- d-----w c:\program files\SUPERAntiSpyware
2008-11-22 23:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-22 23:19 --------- d-----w c:\documents and settings\Home\Application Data\SUPERAntiSpyware.com
2008-11-22 22:47 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-22 22:47 --------- d-----w c:\documents and settings\Home\Application Data\Malwarebytes
2008-11-22 22:47 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 05:43 --------- d-----w c:\program files\Common Files\Download Manager
2008-11-21 07:30 --------- d-----w c:\program files\Windows Defender
2008-11-20 16:06 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-20 06:06 --------- d-----w c:\program files\TVUPlayer
2008-11-20 06:06 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-11-19 11:00 --------- d-----w c:\program files\MSXML 6.0
2008-11-19 01:19 --------- d-----w c:\program files\Creative
2008-11-18 21:53 --------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-18 21:53 --------- d-----w c:\program files\Uniblue
2008-11-18 21:53 --------- d-----w c:\documents and settings\Home\Application Data\Uniblue
2008-11-18 17:00 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-11-17 23:06 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-13 15:05 --------- d-----w c:\program files\Accessdiver
2008-11-13 02:05 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-11 22:45 --------- d-----w c:\program files\Kaspersky Lab
2008-11-11 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-09 02:14 --------- d-----w c:\documents and settings\Home\Application Data\DonationCoder
2008-11-09 02:13 --------- d-----w c:\documents and settings\All Users\Application Data\DonationCoder
2008-11-08 03:46 --------- d-----w c:\program files\WMR11
2008-11-08 02:47 --------- d-----w c:\program files\Xi
2008-11-08 00:09 --------- d-----w c:\program files\C-Force
2008-11-07 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-07 15:19 --------- d-----w c:\program files\Lavasoft
2008-11-04 02:57 --------- d-----w c:\program files\Acunetix
2008-11-03 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-31 03:09 --------- d-----w c:\program files\Sony
2008-10-31 01:10 --------- d-----w c:\documents and settings\Home\Application Data\CyberLink
2008-10-31 01:10 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-10-31 01:06 --------- d-----w c:\program files\CyberLink
2008-10-28 23:19 --------- d-----w c:\program files\QuickTime
2008-10-28 23:19 --------- d-----w c:\program files\iTunes
2008-10-28 23:19 --------- d-----w c:\program files\iPod
2008-10-28 23:19 --------- d-----w c:\program files\Bonjour
2008-10-28 23:19 --------- d-----w c:\documents and settings\Home\Application Data\Apple Computer
2008-10-28 23:19 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-28 23:19 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-28 23:18 --------- d-----w c:\program files\Common Files\Apple
2008-10-28 23:18 --------- d-----w c:\program files\Apple Software Update
2008-10-28 23:18 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-04 20:14 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-04 20:14 249,856 ------w c:\windows\Setup1.exe
2008-09-06 21:14 47,360 ----a-w c:\documents and settings\Home\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"CTHelper"="CTHELPER.EXE" [2004-03-10 c:\windows\system32\CtHelper.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Joost.lnk]
backup=c:\windows\pss\Joost.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2007-11-16 18:20 91432 c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 10:43 57344 c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2004-06-29 10:23 135168 c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-10-11 11:06 62760 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:06 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 13:01 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 13:01 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-10-28 08:35 72736 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 08:48 2019624 c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2004-03-10 17:50 28672 c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 13:01 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"rpcapd"=3 (0x3)
"MCVSRte"=2 (0x2)
"McShield"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Home\\Desktop\\uTorrent.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-02 23:12:32 41456]
S2 IBService;IBService;c:\program files\Invisible Browsing\servers\IBService.exe []
S2 netsik;netsik;\??\c:\windows\system32\drivers\netsik.sys [2004-08-03 22016]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-11 27904]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18DDA479-7C4E-0FF1-0106-050407050400}]
c:\program files\TonyVegas\TonyVegasOCR\ocr1.3\OCR\tonyveasocr.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 21:35]

2008-12-20 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (XPS-Home).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-12-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{8912DBA0-A96F-48F1-9A42-EE6CD54B7A9D} - (no file)
MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\McAfee.com\Agent\McAgent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
MSConfigStartUp-kdgox - (no file)
MSConfigStartUp-kdjom - (no file)


.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\al4uvexe.default\
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 21:28:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-12-24 21:32:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-25 05:32:34

Pre-Run: 7,192,592,384 bytes free
Post-Run: 7,545,466,880 bytes free

246 --- E O F --- 2008-12-22 17:15:12