Trojans: motofoto- Zundo and more! T-T

[JJL12]

ok I'm back (b/c of all the extra study time I got A's on both engrish and math!!!) Here is the order of the logs: combofix: one from the 20th and 2 from the 21st (1 from safe mode and 1 from normal) and then a hijack this log.
ComboFix 08-05-19.4 - Jake 2008-05-20 19:37:18.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.701 [GMT -5:00]
Running from: C:\Documents and Settings\Jake\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jake\Desktop\CFScript.txt

FILE ::
C:\WINDOWS\_000000_.tmp.dll
C:\WINDOWS\bdagent.INI
C:\WINDOWS\system32\bdod.bin
C:\WINDOWS\system32\drivers\{2E62C907-1738-4796-8D76-86BBD6650B61}.sys
C:\WINDOWS\system32\drivers\clr_optimization_v2.0. 50727_32.sys
C:\WINDOWS\Tasks\ISP signup reminder 1.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Jake\Application Data\Viewpoint
C:\Documents and Settings\Jake\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\Jake\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\Jake\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\Jake\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\1007280907.mtx
C:\Documents and Settings\Jake\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\Jake\WINDOWS
C:\WINDOWS\.jagex_cache_32
C:\WINDOWS\.jagex_cache_32\loginapplet\cache-1965029828.dat
C:\WINDOWS\.jagex_cache_32\loginapplet\main_file_cache.dat2
C:\WINDOWS\.jagex_cache_32\loginapplet\main_file_cache.idx255
C:\WINDOWS\.jagex_cache_32\random.dat
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.dat0
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.dat2
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx0
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx1
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx10
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx11
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx12
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx13
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx14
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx15
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx16
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx17
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx18
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx19
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx2
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx20
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx21
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx22
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx23
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx24
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx25
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx255
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx3
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx4
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx5
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx6
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx7
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx8
C:\WINDOWS\.jagex_cache_32\runescape\main_file_cache.idx9
C:\WINDOWS\_000000_.tmp.dll
C:\WINDOWS\bdagent.INI
C:\WINDOWS\system32\bdod.bin
C:\WINDOWS\system32\drivers\{2E62C907-1738-4796-8D76-86BBD6650B61}.sys
C:\WINDOWS\Tasks\ISP signup reminder 1.job

 

[JJL12]

.
((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.

2008-05-18 16:36 . 2008-05-18 17:16 <DIR> d-------- C:\SDFix
2008-05-16 17:16 . 2008-05-16 17:16 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Bitdefender
2008-05-16 16:36 . 2008-05-16 16:36 <DIR> d-------- C:\Program Files\Softwin
2008-05-16 16:36 . 2008-05-16 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-16 16:31 . 2007-10-11 06:20 24,960 -ra------ C:\WINDOWS\system32\drivers\ATWPKT2.SYS
2008-05-16 06:41 . 2008-05-16 16:37 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-05-16 06:01 . 2008-05-16 06:26 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-15 20:58 . 2008-05-15 20:58 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\AOL
2008-05-15 20:54 . 2008-05-15 20:54 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\SUPERAntiSpyware.com
2008-05-14 16:33 . 2008-05-14 16:33 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Talkback
2008-05-14 16:27 . 2008-05-14 16:27 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\IObit
2008-05-14 16:27 . 2008-05-14 16:27 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Comodo
2008-05-14 16:26 . 2006-09-23 14:37 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\You've Got Pictures Screensaver
2008-05-14 16:26 . 2006-09-23 14:44 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\SampleView
2008-05-14 16:26 . 2008-05-20 19:37 <DIR> d-------- C:\Documents and Settings\Jake
2008-05-14 16:26 . 2008-05-20 19:42 1,024 --ah----- C:\Documents and Settings\Jake\ntuser.dat.LOG
2008-05-14 05:47 . 2008-05-14 05:47 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-05-12 18:07 . 2008-05-12 18:07 0 --a------ C:\WINDOWS\system32\drivers\WmdmPmSN.sys
2008-05-12 18:07 . 2008-05-12 18:07 0 --a------ C:\WINDOWS\system32\drivers\Winsock.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\TrkWks.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\SwPrv.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\seclogon.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\RemoteAccess.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\Dnscache.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\CryptSvc.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\clr_optimization_v2.0.50727_32.sys
2008-05-12 06:32 . 2008-05-12 06:32 <DIR> d-------- C:\Program Files\Cheatbook Database 2008
2008-05-11 11:09 . 2008-05-11 11:09 0 --a------ C:\WINDOWS\system32\drivers\wuauserv.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\Nla.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\MHN.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\IDriverT.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\Atdisk.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\WZCSVC.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\ProtectedStorage.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\PerfDisk.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\Messenger.sys
2008-05-05 06:04 . 2008-05-05 06:04 0 --a------ C:\WINDOWS\system32\drivers\Wmi.sys
2008-05-05 06:04 . 2008-05-05 06:04 0 --a------ C:\WINDOWS\system32\drivers\WinTrust.sys
2008-05-05 06:04 . 2008-05-05 06:04 0 --a------ C:\WINDOWS\system32\drivers\VgaSave.sys
2008-05-05 06:03 . 2008-05-05 06:03 0 --a------ C:\WINDOWS\system32\drivers\FastUserSwitchingCompatibility.sys
2008-05-04 00:12 . 2008-05-04 00:12 68 --a------ C:\WINDOWS\system32\drivers\Netlogon.sys
2008-05-02 17:44 . 2008-05-02 17:44 <DIR> d-------- C:\Program Files\Audacity
2008-05-02 05:30 . 2008-05-02 05:30 119 --a------ C:\WINDOWS\system32\drivers\UPS.sys
2008-05-02 05:30 . 2008-05-02 05:30 115 --a------ C:\WINDOWS\system32\drivers\Netman.sys
2008-05-02 05:30 . 2008-05-02 05:30 0 --a------ C:\WINDOWS\system32\drivers\vsdatant.sys
2008-04-26 16:37 . 2008-04-26 16:37 106 --a------ C:\WINDOWS\system32\drivers\dmadmin.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\USB.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\TermService.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\nv.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\LmHosts.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\IpFilterDriver.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\CSIScanner.sys
2008-04-26 16:33 . 2008-05-20 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 00:42 15,377,184 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-21 00:32 206,924 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-20 13:13 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-15 23:38 --------- d-----w C:\Program Files\SpywareGuard
2008-05-14 23:08 --------- d-----w C:\Program Files\DOSBox-0.72
2008-05-12 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOC425
2008-05-04 04:59 --------- d-----w C:\Program Files\HTC
2008-04-30 02:39 87,312 ----a-w C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-04-30 02:39 23,824 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-04-26 21:36 --------- d-----w C:\Program Files\PrevxCSI
2008-04-20 14:08 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 10:39 119 ----a-w C:\WINDOWS\system32\drivers\SENS.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\srservice.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\ShellHWDetection.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\SABProcEnum.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\RDSessMgr.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\PerfNet.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\NVSvc.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\ldap.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\iPod.exe
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\HTTPFilter.sys
2008-04-15 10:47 98 ----a-w C:\WINDOWS\system32\drivers\NtmsSvc.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\WmiApRpl.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\WinSock2.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\SCardSvr.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\LicenseService.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\EventSystem.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\DcomLaunch.sys
2008-04-14 10:41 75 ----a-w C:\WINDOWS\system32\drivers\RasMan.sys
2008-04-14 10:41 142 ----a-w C:\WINDOWS\system32\drivers\Spooler.sys
2008-04-14 10:41 119 ----a-w C:\WINDOWS\system32\drivers\PDRELI.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\WMPNetworkSvc.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\TSDDD.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\PrismXL.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\PptpMiniport.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\PDRFRAME.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\NtLmSsp.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\FileZilla.exe
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\CiSvc.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\ASP.NET_1.1.4322.sys
2008-04-11 02:12 --------- d-----w C:\Program Files\iTunes
2008-04-11 02:11 --------- d-----w C:\Program Files\iPod
2008-04-10 11:44 --------- d-----w C:\Program Files\QuickTime
2008-03-31 10:32 133 ----a-w C:\WINDOWS\system32\drivers\RpcLocator.sys
2008-03-30 20:21 --------- d-----w C:\Program Files\Hamachi
2008-03-30 20:20 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-26 23:31 --------- d-----w C:\Program Files\Kuma Games
2008-03-26 12:02 225 ----a-w C:\WINDOWS\system32\drivers\Dhcp.sys
2008-03-26 12:02 175 ----a-w C:\WINDOWS\system32\drivers\Browser.sys
2008-03-26 12:02 136 ----a-w C:\WINDOWS\system32\drivers\PerfProc.sys
2008-03-26 12:02 131 ----a-w C:\WINDOWS\system32\drivers\PerfOS.sys
2008-03-26 12:02 0 ----a-w C:\WINDOWS\system32\drivers\upnphost.sys
2008-03-26 12:02 0 ----a-w C:\WINDOWS\system32\drivers\inetaccs.sys
2008-03-24 02:12 --------- d-----w C:\Program Files\FlashFXP
2008-03-24 02:05 --------- d-----w C:\Program Files\Axialis
2007-03-10 19:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

 

[JJL12]

((((((((((((((((((((((((((((( snapshot@2008-05-20_ 8.31.36.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 13:24:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-21 00:40:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-03-29 18:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 18:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-03-29 18:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 18:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 18:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 18:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 18:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 18:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-21 00:40:40 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7cc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A06DD01F-46E5-4C6C-B80B-B2C2F9011A8B}]
2007-10-15 08:59 2265088 --a------ C:\Program Files\Netdisaster\netdisaster_v1.2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}]
2007-04-25 14:43 458752 --a------ C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}"= "C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll" [2007-04-25 14:43 458752]

[HKEY_CLASSES_ROOT\clsid\{b0df5714-5a99-4a21-9c98-4f93fb5c398c}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE.1]
[HKEY_CLASSES_ROOT\TypeLib\{80EEF183-5101-409D-9F26-A4F95370E1D1}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.exe" [2007-10-27 12:44 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44 139264]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 14:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 14:00 33280 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 13:38 14820864 C:\WINDOWS\RTHDCPL.EXE]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 20:30 1191936]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 18:19 79224]
"HostManager"="C:\Program Files\Common Files\AOL\1188268907\ee\AOLSoftware.exe" [2007-05-25 12:16 42032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 18:52 849280]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-11-26 11:38 342272]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-06-10 17:37 45108]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-06-10 18:06 36864]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-04-29 21:39 1572608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" [2008-03-01 12:16 2664728]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Authentic-ID Toolbar"="C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll" [2007-04-25 14:43 458752]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-06-24 18:26:14 1568768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.ZMBV"= zmbv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-12-08 17:50 67160 C:\PROGRA~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-04-18 01:49 50736 C:\Program Files\AOL 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 C:\Program Files\Common Files\AOL\1188268907\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 10:32 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2006-09-14 00:00 950337 C:\Program Files\Trend Micro\Antivirus\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCClient.exe]
--a------ 2006-09-14 00:00 634949 C:\Program Files\Trend Micro\Antivirus\PCClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TM Outbreak Agent]
--a------ 2006-09-14 00:00 290816 C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"tmproxy"=2 (0x2)
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"FileZilla Server"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1188268907\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\AOL\\1188268907\\EE\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HTC\\Aces High II\\aceshigh.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Comodo\\CBOClean\\BOC425.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"2504:TCP"= 2504:TCP:limewire

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-05-14 05:47]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 18:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-29 21:39]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-29 21:39]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 18:16]
R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service []
S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-02 17:53]
S3 SaiH0461;SaiH0461;C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [2006-08-08 19:25]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 23:53]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 01:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 19:41:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCore.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-20 19:47:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 00:47:19
ComboFix2.txt 2008-05-20 13:31:49

Pre-Run: 208,324,407,296 bytes free
Post-Run: 207,357,702,144 bytes free

391 --- E O F --- 2008-05-18 13:06:26

 

[techpro5238]

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

 

[JJL12]

ComboFix 08-05-19.4 - Jake 2008-05-21 23:24:47.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.682 [GMT -5:00]
Running from: C:\Documents and Settings\Jake\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jake\Desktop\CFScript.txt

FILE ::
C:\WINDOWS\_000000_.tmp.dll
C:\WINDOWS\bdagent.INI
C:\WINDOWS\system32\bdod.bin
C:\WINDOWS\system32\drivers\{2E62C907-1738-4796-8D76-86BBD6650B61}.sys
C:\WINDOWS\system32\drivers\clr_optimization_v2.0. 50727_32.sys
C:\WINDOWS\Tasks\ISP signup reminder 1.job
.

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-21 20:10 . 2008-05-21 20:10 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Apple Computer
2008-05-18 16:36 . 2008-05-18 17:16 <DIR> d-------- C:\SDFix
2008-05-16 17:16 . 2008-05-16 17:16 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Bitdefender
2008-05-16 16:36 . 2008-05-16 16:36 <DIR> d-------- C:\Program Files\Softwin
2008-05-16 16:36 . 2008-05-16 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-16 16:31 . 2007-10-11 06:20 24,960 -ra------ C:\WINDOWS\system32\drivers\ATWPKT2.SYS
2008-05-16 06:41 . 2008-05-16 16:37 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-05-16 06:01 . 2008-05-16 06:26 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-15 20:58 . 2008-05-15 20:58 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\AOL
2008-05-15 20:54 . 2008-05-15 20:54 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\SUPERAntiSpyware.com
2008-05-14 16:33 . 2008-05-14 16:33 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Talkback
2008-05-14 16:27 . 2008-05-14 16:27 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\IObit
2008-05-14 16:27 . 2008-05-14 16:27 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Comodo
2008-05-14 16:26 . 2006-09-23 14:37 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\You've Got Pictures Screensaver
2008-05-14 16:26 . 2006-09-23 14:44 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\SampleView
2008-05-14 16:26 . 2008-05-21 23:14 <DIR> d-------- C:\Documents and Settings\Jake
2008-05-14 16:26 . 2008-05-21 23:30 24,576 --ah----- C:\Documents and Settings\Jake\ntuser.dat.LOG
2008-05-14 05:47 . 2008-05-14 05:47 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-05-12 18:07 . 2008-05-12 18:07 0 --a------ C:\WINDOWS\system32\drivers\WmdmPmSN.sys
2008-05-12 18:07 . 2008-05-12 18:07 0 --a------ C:\WINDOWS\system32\drivers\Winsock.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\TrkWks.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\SwPrv.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\seclogon.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\RemoteAccess.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\Dnscache.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\CryptSvc.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\clr_optimization_v2.0.50727_32.sys
2008-05-12 06:32 . 2008-05-12 06:32 <DIR> d-------- C:\Program Files\Cheatbook Database 2008
2008-05-11 11:09 . 2008-05-11 11:09 0 --a------ C:\WINDOWS\system32\drivers\wuauserv.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\Nla.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\MHN.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\IDriverT.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\Atdisk.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\WZCSVC.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\ProtectedStorage.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\PerfDisk.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\Messenger.sys
2008-05-05 06:04 . 2008-05-05 06:04 0 --a------ C:\WINDOWS\system32\drivers\Wmi.sys
2008-05-05 06:04 . 2008-05-05 06:04 0 --a------ C:\WINDOWS\system32\drivers\WinTrust.sys
2008-05-05 06:04 . 2008-05-05 06:04 0 --a------ C:\WINDOWS\system32\drivers\VgaSave.sys
2008-05-05 06:03 . 2008-05-05 06:03 0 --a------ C:\WINDOWS\system32\drivers\FastUserSwitchingCompatibility.sys
2008-05-04 00:12 . 2008-05-04 00:12 68 --a------ C:\WINDOWS\system32\drivers\Netlogon.sys
2008-05-02 17:44 . 2008-05-02 17:44 <DIR> d-------- C:\Program Files\Audacity
2008-05-02 05:30 . 2008-05-02 05:30 119 --a------ C:\WINDOWS\system32\drivers\UPS.sys
2008-05-02 05:30 . 2008-05-02 05:30 115 --a------ C:\WINDOWS\system32\drivers\Netman.sys
2008-05-02 05:30 . 2008-05-02 05:30 0 --a------ C:\WINDOWS\system32\drivers\vsdatant.sys
2008-04-26 16:37 . 2008-04-26 16:37 106 --a------ C:\WINDOWS\system32\drivers\dmadmin.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\USB.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\TermService.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\nv.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\LmHosts.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\IpFilterDriver.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\CSIScanner.sys
2008-04-26 16:33 . 2008-05-21 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 04:28 15,488,288 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-22 04:14 208,436 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-21 15:55 --------- d-----w C:\Program Files\SpywareGuard
2008-05-21 15:55 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-14 23:08 --------- d-----w C:\Program Files\DOSBox-0.72
2008-05-12 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOC425
2008-05-04 04:59 --------- d-----w C:\Program Files\HTC
2008-04-30 02:39 87,312 ----a-w C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-04-30 02:39 23,824 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-04-26 21:36 --------- d-----w C:\Program Files\PrevxCSI
2008-04-20 14:08 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 10:39 119 ----a-w C:\WINDOWS\system32\drivers\SENS.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\srservice.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\ShellHWDetection.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\SABProcEnum.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\RDSessMgr.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\PerfNet.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\NVSvc.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\ldap.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\iPod.exe
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\HTTPFilter.sys
2008-04-15 10:47 98 ----a-w C:\WINDOWS\system32\drivers\NtmsSvc.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\WmiApRpl.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\WinSock2.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\SCardSvr.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\LicenseService.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\EventSystem.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\DcomLaunch.sys
2008-04-14 10:41 75 ----a-w C:\WINDOWS\system32\drivers\RasMan.sys
2008-04-14 10:41 142 ----a-w C:\WINDOWS\system32\drivers\Spooler.sys
2008-04-14 10:41 119 ----a-w C:\WINDOWS\system32\drivers\PDRELI.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\WMPNetworkSvc.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\TSDDD.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\PrismXL.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\PptpMiniport.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\PDRFRAME.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\NtLmSsp.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\FileZilla.exe
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\CiSvc.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\ASP.NET_1.1.4322.sys
2008-04-11 02:12 --------- d-----w C:\Program Files\iTunes
2008-04-11 02:11 --------- d-----w C:\Program Files\iPod
2008-04-10 11:44 --------- d-----w C:\Program Files\QuickTime
2008-03-31 10:32 133 ----a-w C:\WINDOWS\system32\drivers\RpcLocator.sys
2008-03-30 20:21 --------- d-----w C:\Program Files\Hamachi
2008-03-30 20:20 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-26 23:31 --------- d-----w C:\Program Files\Kuma Games
2008-03-26 12:02 225 ----a-w C:\WINDOWS\system32\drivers\Dhcp.sys
2008-03-26 12:02 175 ----a-w C:\WINDOWS\system32\drivers\Browser.sys
2008-03-26 12:02 136 ----a-w C:\WINDOWS\system32\drivers\PerfProc.sys
2008-03-26 12:02 131 ----a-w C:\WINDOWS\system32\drivers\PerfOS.sys
2008-03-26 12:02 0 ----a-w C:\WINDOWS\system32\drivers\upnphost.sys
2008-03-26 12:02 0 ----a-w C:\WINDOWS\system32\drivers\inetaccs.sys
2008-03-24 02:12 --------- d-----w C:\Program Files\FlashFXP
2008-03-24 02:05 --------- d-----w C:\Program Files\Axialis
2007-03-10 19:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-20_ 8.31.36.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 13:24:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 04:27:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-11 02:12:33 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2008-05-22 01:10:29 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
- 2008-01-28 01:41:03 1,961 ----a-w C:\WINDOWS\mozver.dat
+ 2008-05-22 03:17:29 2,173 ----a-w C:\WINDOWS\mozver.dat
- 2008-03-29 18:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 18:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-03-29 18:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 18:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 18:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 18:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 18:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 18:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 01:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 01:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-05-22 04:27:06 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_558.dat
+ 2008-05-22 04:29:29 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_fc4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A06DD01F-46E5-4C6C-B80B-B2C2F9011A8B}]
2007-10-15 08:59 2265088 --a------ C:\Program Files\Netdisaster\netdisaster_v1.2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}]
2007-04-25 14:43 458752 --a------ C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}"= "C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll" [2007-04-25 14:43 458752]

[HKEY_CLASSES_ROOT\clsid\{b0df5714-5a99-4a21-9c98-4f93fb5c398c}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE.1]
[HKEY_CLASSES_ROOT\TypeLib\{80EEF183-5101-409D-9F26-A4F95370E1D1}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44 139264]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 14:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 14:00 33280 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 13:38 14820864 C:\WINDOWS\RTHDCPL.EXE]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 20:30 1191936]
"HostManager"="C:\Program Files\Common Files\AOL\1188268907\ee\AOLSoftware.exe" [2007-05-25 12:16 42032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 18:52 849280]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-11-26 11:38 342272]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-06-10 17:37 45108]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-06-10 18:06 36864]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-04-29 21:39 1572608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" [2008-03-01 12:16 2664728]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Authentic-ID Toolbar"="C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll" [2007-04-25 14:43 458752]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

 

[JJL12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.ZMBV"= zmbv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-12-08 17:50 67160 C:\PROGRA~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-04-18 01:49 50736 C:\Program Files\AOL 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 C:\Program Files\Common Files\AOL\1188268907\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 10:32 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2006-09-14 00:00 950337 C:\Program Files\Trend Micro\Antivirus\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCClient.exe]
--a------ 2006-09-14 00:00 634949 C:\Program Files\Trend Micro\Antivirus\PCClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TM Outbreak Agent]
--a------ 2006-09-14 00:00 290816 C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"tmproxy"=2 (0x2)
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"FileZilla Server"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1188268907\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\AOL\\1188268907\\EE\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HTC\\Aces High II\\aceshigh.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Comodo\\CBOClean\\BOC425.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"2504:TCP"= 2504:TCP:limewire

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-05-14 05:47]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 18:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-29 21:39]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-29 21:39]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 18:16]
R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service []
S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-02 17:53]
S3 SaiH0461;SaiH0461;C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [2006-08-08 19:25]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 23:53]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 01:38:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 23:29:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCore.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-21 23:33:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 04:33:12
ComboFix2.txt 2008-05-22 04:19:55
ComboFix3.txt 2008-05-22 04:07:54
ComboFix4.txt 2008-05-21 00:47:27
ComboFix5.txt 2008-05-20 13:31:49

Pre-Run: 208,270,811,136 bytes free
Post-Run: 207,305,076,736 bytes free

353 --- E O F --- 2008-05-18 13:06:26

 

[JJL12]

ComboFix 08-05-19.4 - Jake 2008-05-21 23:12:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.537 [GMT -5:00]
Running from: C:\Documents and Settings\Jake\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jake\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\_000000_.tmp.dll
C:\WINDOWS\bdagent.INI
C:\WINDOWS\system32\bdod.bin
C:\WINDOWS\system32\drivers\{2E62C907-1738-4796-8D76-86BBD6650B61}.sys
C:\WINDOWS\system32\drivers\clr_optimization_v2.0. 50727_32.sys
C:\WINDOWS\Tasks\ISP signup reminder 1.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Jake\Application Data\Viewpoint
C:\Documents and Settings\Jake\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\Jake\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\Jake\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\Jake\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\WINDOWS\system32\bdod.bin

.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-21 20:10 . 2008-05-21 20:10 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Apple Computer
2008-05-18 16:36 . 2008-05-18 17:16 <DIR> d-------- C:\SDFix
2008-05-16 17:16 . 2008-05-16 17:16 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Bitdefender
2008-05-16 16:36 . 2008-05-16 16:36 <DIR> d-------- C:\Program Files\Softwin
2008-05-16 16:36 . 2008-05-16 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-16 16:31 . 2007-10-11 06:20 24,960 -ra------ C:\WINDOWS\system32\drivers\ATWPKT2.SYS
2008-05-16 06:41 . 2008-05-16 16:37 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-05-16 06:01 . 2008-05-16 06:26 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-15 20:58 . 2008-05-15 20:58 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\AOL
2008-05-15 20:54 . 2008-05-15 20:54 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\SUPERAntiSpyware.com
2008-05-14 16:33 . 2008-05-14 16:33 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Talkback
2008-05-14 16:27 . 2008-05-14 16:27 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\IObit
2008-05-14 16:27 . 2008-05-14 16:27 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Comodo
2008-05-14 16:26 . 2006-09-23 14:37 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\You've Got Pictures Screensaver
2008-05-14 16:26 . 2006-09-23 14:44 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\SampleView
2008-05-14 16:26 . 2008-05-21 23:14 <DIR> d-------- C:\Documents and Settings\Jake
2008-05-14 16:26 . 2008-05-21 23:16 98,304 --ah----- C:\Documents and Settings\Jake\ntuser.dat.LOG
2008-05-14 05:47 . 2008-05-14 05:47 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-05-12 18:07 . 2008-05-12 18:07 0 --a------ C:\WINDOWS\system32\drivers\WmdmPmSN.sys
2008-05-12 18:07 . 2008-05-12 18:07 0 --a------ C:\WINDOWS\system32\drivers\Winsock.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\TrkWks.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\SwPrv.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\seclogon.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\RemoteAccess.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\Dnscache.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\CryptSvc.sys
2008-05-12 18:06 . 2008-05-12 18:06 0 --a------ C:\WINDOWS\system32\drivers\clr_optimization_v2.0.50727_32.sys
2008-05-12 06:32 . 2008-05-12 06:32 <DIR> d-------- C:\Program Files\Cheatbook Database 2008
2008-05-11 11:09 . 2008-05-11 11:09 0 --a------ C:\WINDOWS\system32\drivers\wuauserv.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\Nla.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\MHN.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\IDriverT.sys
2008-05-11 11:08 . 2008-05-11 11:08 0 --a------ C:\WINDOWS\system32\drivers\Atdisk.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\WZCSVC.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\ProtectedStorage.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\PerfDisk.sys
2008-05-07 05:32 . 2008-05-07 05:32 0 --a------ C:\WINDOWS\system32\drivers\Messenger.sys
2008-05-05 06:04 . 2008-05-05 06:04 0 --a------ C:\WINDOWS\system32\drivers\Wmi.sys
2008-05-05 06:04 . 2008-05-05 06:04 0 --a------ C:\WINDOWS\system32\drivers\WinTrust.sys
2008-05-05 06:04 . 2008-05-05 06:04 0 --a------ C:\WINDOWS\system32\drivers\VgaSave.sys
2008-05-05 06:03 . 2008-05-05 06:03 0 --a------ C:\WINDOWS\system32\drivers\FastUserSwitchingCompatibility.sys
2008-05-04 00:12 . 2008-05-04 00:12 68 --a------ C:\WINDOWS\system32\drivers\Netlogon.sys
2008-05-02 17:44 . 2008-05-02 17:44 <DIR> d-------- C:\Program Files\Audacity
2008-05-02 05:30 . 2008-05-02 05:30 119 --a------ C:\WINDOWS\system32\drivers\UPS.sys
2008-05-02 05:30 . 2008-05-02 05:30 115 --a------ C:\WINDOWS\system32\drivers\Netman.sys
2008-05-02 05:30 . 2008-05-02 05:30 0 --a------ C:\WINDOWS\system32\drivers\vsdatant.sys
2008-04-26 16:37 . 2008-04-26 16:37 106 --a------ C:\WINDOWS\system32\drivers\dmadmin.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\USB.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\TermService.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\nv.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\LmHosts.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\IpFilterDriver.sys
2008-04-26 16:37 . 2008-04-26 16:37 0 --a------ C:\WINDOWS\system32\drivers\CSIScanner.sys
2008-04-26 16:33 . 2008-05-21 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 04:14 208,436 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-22 04:14 15,482,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-21 15:55 --------- d-----w C:\Program Files\SpywareGuard
2008-05-21 15:55 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-14 23:08 --------- d-----w C:\Program Files\DOSBox-0.72
2008-05-12 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOC425
2008-05-04 04:59 --------- d-----w C:\Program Files\HTC
2008-04-30 02:39 87,312 ----a-w C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-04-30 02:39 23,824 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-04-26 21:36 --------- d-----w C:\Program Files\PrevxCSI
2008-04-20 14:08 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 10:39 119 ----a-w C:\WINDOWS\system32\drivers\SENS.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\srservice.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\ShellHWDetection.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\SABProcEnum.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\RDSessMgr.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\PerfNet.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\NVSvc.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\ldap.sys
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\iPod.exe
2008-04-18 10:39 0 ----a-w C:\WINDOWS\system32\drivers\HTTPFilter.sys
2008-04-15 10:47 98 ----a-w C:\WINDOWS\system32\drivers\NtmsSvc.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\WmiApRpl.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\WinSock2.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\SCardSvr.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\LicenseService.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\EventSystem.sys
2008-04-15 10:47 0 ----a-w C:\WINDOWS\system32\drivers\DcomLaunch.sys
2008-04-14 10:41 75 ----a-w C:\WINDOWS\system32\drivers\RasMan.sys
2008-04-14 10:41 142 ----a-w C:\WINDOWS\system32\drivers\Spooler.sys
2008-04-14 10:41 119 ----a-w C:\WINDOWS\system32\drivers\PDRELI.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\WMPNetworkSvc.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\TSDDD.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\PrismXL.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\PptpMiniport.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\PDRFRAME.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\NtLmSsp.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\FileZilla.exe
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\CiSvc.sys
2008-04-14 10:41 0 ----a-w C:\WINDOWS\system32\drivers\ASP.NET_1.1.4322.sys
2008-04-11 02:12 --------- d-----w C:\Program Files\iTunes
2008-04-11 02:11 --------- d-----w C:\Program Files\iPod
2008-04-10 11:44 --------- d-----w C:\Program Files\QuickTime
2008-03-31 10:32 133 ----a-w C:\WINDOWS\system32\drivers\RpcLocator.sys
2008-03-30 20:21 --------- d-----w C:\Program Files\Hamachi
2008-03-30 20:20 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-26 23:31 --------- d-----w C:\Program Files\Kuma Games
2008-03-26 12:02 225 ----a-w C:\WINDOWS\system32\drivers\Dhcp.sys
2008-03-26 12:02 175 ----a-w C:\WINDOWS\system32\drivers\Browser.sys
2008-03-26 12:02 136 ----a-w C:\WINDOWS\system32\drivers\PerfProc.sys
2008-03-26 12:02 131 ----a-w C:\WINDOWS\system32\drivers\PerfOS.sys
2008-03-26 12:02 0 ----a-w C:\WINDOWS\system32\drivers\upnphost.sys
2008-03-26 12:02 0 ----a-w C:\WINDOWS\system32\drivers\inetaccs.sys
2008-03-24 02:12 --------- d-----w C:\Program Files\FlashFXP
2008-03-24 02:05 --------- d-----w C:\Program Files\Axialis
2007-03-10 19:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-20_ 8.31.36.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 13:24:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 04:15:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-11 02:12:33 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2008-05-22 01:10:29 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
- 2008-01-28 01:41:03 1,961 ----a-w C:\WINDOWS\mozver.dat
+ 2008-05-22 03:17:29 2,173 ----a-w C:\WINDOWS\mozver.dat
- 2008-03-29 18:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 18:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-03-29 18:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 18:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 18:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 18:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 18:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 18:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 01:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 01:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A06DD01F-46E5-4C6C-B80B-B2C2F9011A8B}]
2007-10-15 08:59 2265088 --a------ C:\Program Files\Netdisaster\netdisaster_v1.2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}]
2007-04-25 14:43 458752 --a------ C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}"= "C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll" [2007-04-25 14:43 458752]

[HKEY_CLASSES_ROOT\clsid\{b0df5714-5a99-4a21-9c98-4f93fb5c398c}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE.1]
[HKEY_CLASSES_ROOT\TypeLib\{80EEF183-5101-409D-9F26-A4F95370E1D1}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44 139264]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 14:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 14:00 33280 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 13:38 14820864 C:\WINDOWS\RTHDCPL.EXE]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 20:30 1191936]
"HostManager"="C:\Program Files\Common Files\AOL\1188268907\ee\AOLSoftware.exe" [2007-05-25 12:16 42032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 18:52 849280]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-11-26 11:38 342272]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-06-10 17:37 45108]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-06-10 18:06 36864]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-04-29 21:39 1572608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" [2008-03-01 12:16 2664728]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Authentic-ID Toolbar"="C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll" [2007-04-25 14:43 458752]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]

 

[JJL12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.ZMBV"= zmbv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-12-08 17:50 67160 C:\PROGRA~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-04-18 01:49 50736 C:\Program Files\AOL 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 C:\Program Files\Common Files\AOL\1188268907\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 10:32 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2006-09-14 00:00 950337 C:\Program Files\Trend Micro\Antivirus\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCClient.exe]
--a------ 2006-09-14 00:00 634949 C:\Program Files\Trend Micro\Antivirus\PCClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TM Outbreak Agent]
--a------ 2006-09-14 00:00 290816 C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"tmproxy"=2 (0x2)
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"FileZilla Server"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1188268907\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\AOL\\1188268907\\EE\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HTC\\Aces High II\\aceshigh.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Comodo\\CBOClean\\BOC425.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"2504:TCP"= 2504:TCP:limewire

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-05-14 05:47]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 18:20]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-29 21:39]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-29 21:39]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 18:16]
S2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service []
S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-02 17:53]
S3 SaiH0461;SaiH0461;C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [2006-08-08 19:25]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 23:53]

*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 01:38:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 23:16:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-21 23:19:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 04:19:49
ComboFix2.txt 2008-05-22 04:07:54
ComboFix3.txt 2008-05-21 00:47:27
ComboFix4.txt 2008-05-20 13:31:49

Pre-Run: 207,330,623,488 bytes free
Post-Run: 208,250,490,880 bytes free

334 --- E O F --- 2008-05-18 13:06:26

 

[JJL12]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:39:01 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\PrevxCSI\PrevxCSI.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\AOL\1188268907\ee\AOLSoftware.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jake\Desktop\Analize.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T6544
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: XBTB05199 - {A06DD01F-46E5-4C6C-B80B-B2C2F9011A8B} - C:\Program Files\Netdisaster\netdisaster_v1.2.dll
O2 - BHO: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1188268907\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Authentic-ID Toolbar] rundll32.exe "C:\Program Files\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll",LoadTrayIcon
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5138/mcfscan.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 10181 bytes

 

[techpro5238]

Your logs are clean BUT I do not trust it fully. Please follow my above instructions, and run the scan from Kasperky. Post that log here, and we can do the final fixes to make sure the computer is clean.

Until I can do the final steps, we are not finished here.