Free Malware Removal Forum

[silverdel]

AhnLab-V3 2008.7.29.1 2008.07.30 -
AntiVir 7.8.1.12 2008.07.30 TR/PcHealth.1
Authentium 5.1.0.4 2008.07.30 -
Avast 4.8.1195.0 2008.07.29 Win32:Trojan-gen {Other}
AVG 8.0.0.130 2008.07.29 Generic10.BHTM
BitDefender 7.2 2008.07.30 -
CAT-QuickHeal 9.50 2008.07.29 FraudTool.WinAntiVirus.af (Not a Virus)
ClamAV 0.93.1 2008.07.30 -
DrWeb 4.44.0.09170 2008.07.30 Trojan.Fakealert.1080
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5994 2008.07.30 Win32/Trepolats
Ewido 4.0 2008.07.29 -
F-Prot 4.4.4.56 2008.07.30 -
F-Secure 7.60.13501.0 2008.07.30 FraudTool.Win32.WinAntiVirus.af
Fortinet 3.14.0.0 2008.07.30 W32/FakeAle.A
GData 2.0.7306.1023 2008.07.30 Win32:Trojan-gen
Ikarus T3.1.1.34.0 2008.07.30 Trojan.PcHealth.1
Kaspersky 7.0.0.125 2008.07.30 not-a-virus:FraudTool.Win32.WinAntiVirus.af
McAfee 5349 2008.07.29 Generic FakeAlert.a
Microsoft 1.3704 2008.07.28 -
NOD32v2 3308 2008.07.29 Win32/Adware.SpyShredder
Norman 5.80.02 2008.07.30 -
Panda 9.0.0.4 2008.07.29 Adware/AVMaster
PCTools 4.4.2.0 2008.07.30 -
Prevx1 V2 2008.07.30 Spyware
Rising 20.55.21.00 2008.07.30 -
Sophos 4.31.0 2008.07.30 Mal/FakeAle-A
Sunbelt 3.1.1537.1 2008.07.29 FakeAlert.PCHealthCenter
Symantec 10 2008.07.30 Downloader.MisleadApp
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.30 PAK_Generic.001
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.29.1315 2008.07.29 -
VirusBuster 4.5.11.0 2008.07.29 -
Webwasher-Gateway 6.6.2 2008.07.30 Trojan.PcHealth.1
Additional information
File size: 30208 bytes
MD5...: 9bf15215eccabddc06312c26cef1a413
SHA1..: 5acaf45eb8ea1493a97500e47f5a1f3e6f79c27e
SHA256: 6584459f7520e2a4b0f741e647f12bc7b26405fd914714f8d54a9952a887b828
SHA512: 0e7620e158665e8222c310520d2a22e10ab607d710839fdff3f88470afc05938
e8f813cc4222f48e7bd76a1974fea5975d22a8dd8ea2ca7584e89d2a812a1e10
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401ba5
timedatestamp.....: 0x4885bd33 (Tue Jul 22 10:57:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4772 0x4800 6.61 76372f0e0eb5dd8a125a574890434d1d
.data 0x6000 0x2cdc 0x2600 0.69 223162bfe9faeb3d7117595a278fb754
.rsrc 0x9000 0x3a0 0x400 1.11 9c94c800a4059f9449abb3bd512ce115

( 6 imports )
> KERNEL32.dll: GetLastError, CreateEventA, OpenEventA, CopyFileA, DeleteFileA, GetTempFileNameA, Sleep, FreeLibrary, ExitProcess, LoadLibraryA, CreateThread, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, GetModuleHandleA, GetModuleFileNameA, MoveFileExA, lstrcpyA, lstrcatA, FindFirstFileA, GetProcAddress, FindClose, HeapReAlloc, VirtualAlloc, HeapAlloc, GetStringTypeW, GetOEMCP, GetACP, GetStartupInfoA, GetCommandLineA, GetVersion, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo
> USER32.dll: wsprintfA, GetMessageA, DispatchMessageA, TranslateMessage
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegCloseKey
> COMCTL32.dll: InitCommonControlsEx
> urlmon.dll: CreateURLMoniker
> OLEAUT32.dll: -, -, -

( 0 exports )

ThreatExpert info: http://www.threatexpert.com/report.aspx ... 26cef1a413
Prevx info: http://info.prevx.com/aboutprogramtext. ... 007D9FAA7D

[silverdel]

| עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File SysF3.exe received on 07.30.2008 10:00:37 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 20/35 (57.15%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.7.29.1 2008.07.30 -
AntiVir 7.8.1.12 2008.07.30 PHISH/FraudTool.Agent.AG
Authentium 5.1.0.4 2008.07.30 -
Avast 4.8.1195.0 2008.07.29 Win32:Trojan-gen {Other}
AVG 8.0.0.130 2008.07.29 Generic10.BHUC
BitDefender 7.2 2008.07.30 -
CAT-QuickHeal 9.50 2008.07.29 Trojan.FakeAlert.gen
ClamAV 0.93.1 2008.07.30 -
DrWeb 4.44.0.09170 2008.07.30 Trojan.Fakealert.1080
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5994 2008.07.30 Win32/Trepolats
Ewido 4.0 2008.07.29 -
F-Prot 4.4.4.56 2008.07.30 -
F-Secure 7.60.13501.0 2008.07.30 FraudTool.Win32.Agent.ag
Fortinet 3.14.0.0 2008.07.30 W32/FakeAle.A
GData 2.0.7306.1023 2008.07.30 Win32:Trojan-gen
Ikarus T3.1.1.34.0 2008.07.30 Generic.Win32.Malware.FakeAlert.N
Kaspersky 7.0.0.125 2008.07.30 not-a-virus:FraudTool.Win32.Agent.ag
McAfee 5349 2008.07.29 Generic FakeAlert.a
Microsoft 1.3704 2008.07.28 Program:Win32/FakeAlert.N
NOD32v2 3308 2008.07.29 Win32/Adware.SpyShredder
Norman 5.80.02 2008.07.30 -
Panda 9.0.0.4 2008.07.29 Adware/AVMaster
PCTools 4.4.2.0 2008.07.30 -
Prevx1 V2 2008.07.30 Malicious Software
Rising 20.55.21.00 2008.07.30 AdWare.Win32.Agent.cam
Sophos 4.31.0 2008.07.30 Mal/FakeAle-A
Sunbelt 3.1.1537.1 2008.07.29 -
Symantec 10 2008.07.30 Downloader.MisleadApp
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.30 PAK_Generic.001
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.29.1315 2008.07.29 -
VirusBuster 4.5.11.0 2008.07.29 -
Webwasher-Gateway 6.6.2 2008.07.30 -
Additional information
File size: 32256 bytes
MD5...: f05dd7806771cd82beb0cd13d4a85787
SHA1..: d7c065a86e07c3ed79da637ef035498a3434b187
SHA256: 89b244a415348f5a90c86f01c7a15d0550fb7c22ebbb1670a072369503465d47
SHA512: cf263fdf35ce04f307ecafdd97e8b201d504e0625b2b8cf1a1a19d2176a541b7
556bdaff0dc5fee82daa4f18cb1efadc9eec72cbc1e325362bfa1c1c5d8a33f8
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401e05
timedatestamp.....: 0x4886fc16 (Wed Jul 23 09:38:30 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x49fc 0x4a00 6.63 37fc4afee504f0d49d93fff0fef0773d
.data 0x6000 0x30bc 0x2a00 1.45 15b73fd8fdd835638384260b364f3ba7
.rsrc 0xa000 0x470 0x600 1.22 a79698dfb5d3fe035c5a680c471205f5

( 5 imports )
> KERNEL32.dll: ExitProcess, GetLastError, CreateEventA, OpenEventA, CopyFileA, DeleteFileA, GetTempFileNameA, Sleep, WinExec, CreateThread, GetModuleHandleA, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, LoadLibraryA, GetProcAddress, HeapReAlloc, GetModuleFileNameA, MoveFileExA, lstrcpyA, lstrcatA, FindFirstFileA, FindClose, VirtualAlloc, HeapAlloc, GetOEMCP, lstrcpynA, GetStartupInfoA, GetCommandLineA, GetVersion, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetStringTypeW
> USER32.dll: GetMessageA, TranslateMessage, wsprintfA, ShowWindow, LoadIconA, DispatchMessageA, CreateDialogParamA
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegCloseKey
> SHELL32.dll: ShellExecuteA, Shell_NotifyIconA
> COMCTL32.dll: InitCommonControlsEx

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext. ... 00A5C765B6
ThreatExpert info: http://www.threatexpert.com/report.aspx ... 13d4a85787

[silverdel]

AhnLab-V3 2008.7.29.1 2008.07.30 -
AntiVir 7.8.1.12 2008.07.30 TR/Zlob.CQP
Authentium 5.1.0.4 2008.07.30 -
Avast 4.8.1195.0 2008.07.29 -
AVG 8.0.0.130 2008.07.29 -
BitDefender 7.2 2008.07.30 MemScan:Trojan.Zlob.CQP
CAT-QuickHeal 9.50 2008.07.29 -
ClamAV 0.93.1 2008.07.30 -
DrWeb 4.44.0.09170 2008.07.30 -
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.5994 2008.07.30 -
Ewido 4.0 2008.07.29 -
F-Prot 4.4.4.56 2008.07.30 -
F-Secure 7.60.13501.0 2008.07.30 -
Fortinet 3.14.0.0 2008.07.30 -
GData 2.0.7306.1023 2008.07.30 -
Ikarus T3.1.1.34.0 2008.07.30 Trojan.Zlob.CQP
Kaspersky 7.0.0.125 2008.07.30 -
McAfee 5349 2008.07.29 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3308 2008.07.29 -
Norman 5.80.02 2008.07.30 -
Panda 9.0.0.4 2008.07.29 -
PCTools 4.4.2.0 2008.07.30 -
Prevx1 V2 2008.07.30 Cloaked Malware
Rising 20.55.21.00 2008.07.30 -
Sophos 4.31.0 2008.07.30 -
Sunbelt 3.1.1537.1 2008.07.29 Trojan-Downloader.Zlob.Media-Codec
Symantec 10 2008.07.30 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.30 -
VBA32 3.12.8.1 2008.07.29 -
ViRobot 2008.7.29.1315 2008.07.29 -
VirusBuster 4.5.11.0 2008.07.29 -
Webwasher-Gateway 6.6.2 2008.07.30 Trojan.Zlob.CQP
Additional information
File size: 58594 bytes
MD5...: f03a622d9d54ee703bed01d7a97d3241
SHA1..: d6e3f62cf7bf34e87be20f8c0d57e3c9452d9d41
SHA256: cdf1f40da2b0213ae225af39ffae254dd1a01e1c8027b2b52e43d8b2ff764e79
SHA512: 400e6a95f9f45187113c7af91fc6ad6588c1dbd8e539039acc759d123b6318e9
8a5252f60749e224776c41f97efa96dbee6534566f634aa81a32507527fa3994
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4030e3
timedatestamp.....: 0x4878f231 (Sat Jul 12 18:04:33 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5b68 0x5c00 6.49 6bfa289fc453f683cf6ad42723acbb61
.rdata 0x7000 0x129c 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
.data 0x9000 0x25c58 0x400 4.77 78a50275610b8d77577a9aaa1957d1b6
.ndata 0x2f000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x37000 0x6c8 0x800 2.92 0668cc1f74eb6042f5ee65456f1f43da

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext. ... 00CB2AE0A4
ThreatExpert info: http://www.threatexpert.com/report.aspx ... d7a97d3241

[silverdel]

Hi, And once a again thanks for your help, files 6.exe,4.exe, and bdod.bin were clean, the others are as above, it seems that malware is very heavyily into my pc
Derek

[Elrond]

Not to badly infected at all anymore.

I know that you have run Smitfraud Fix before but I would like you to do the following because you do have signs of a Smitfraud infection on your computer. Be sure to download the latest version of the program and do not use the old version. A!r! is updating it quite frequently.:
Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Post the log in your post in this topic.

[silverdel]

SmitFraudFix v2.332

Scan done at 20:10:42.56, 2008-07-30
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\explorer.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.139.132.38
DNS Server Search Order: 212.139.132.39

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AE8A24C4-ABAA-4C16-8F79-EFF6A64CC5BE}: NameServer=212.139.132.38 212.139.132.39
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AE8A24C4-ABAA-4C16-8F79-EFF6A64CC5BE}: NameServer=212.139.132.38 212.139.132.39


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

As requested, and again thanks, Derek

[silverdel]

I also managed toSmitFraudFix v2.332

Scan done at 20:10:42.56, 2008-07-30
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\explorer.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.139.132.38
DNS Server Search Order: 212.139.132.39

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AE8A24C4-ABAA-4C16-8F79-EFF6A64CC5BE}: NameServer=212.139.132.38 212.139.132.39
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AE8A24C4-ABAA-4C16-8F79-EFF6A64CC5BE}: NameServer=212.139.132.38 212.139.132.39


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

locate the COMBOFIX file.

[silverdel]

ComboFix 08-07-23.5 - User 2008-07-30 10:14:48.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\User\Desktop\Shortcuts\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\EeegPqss.ini
C:\WINDOWS\system32\EeegPqss.ini2
C:\WINDOWS\system32\geBuRLBq.dll
C:\WINDOWS\system32\mlJDVpOh.dll
C:\WINDOWS\system32\ssqPgeeE.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-30 09:22 . 2008-07-30 09:22 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-07-29 20:19 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-29 20:19 . 2008-07-29 20:17 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-07-29 20:17 . 2008-07-29 20:19 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-29 20:06 . 2008-07-30 08:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-29 20:06 . 2008-07-29 20:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-07-29 20:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-29 20:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-29 20:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-29 20:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-29 19:14 . 2008-07-24 19:57 32,768 --a------ C:\Program Files\bcd_installed.exe
2008-07-29 19:03 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 18:54 . 2008-07-29 18:54 <DIR> d-------- C:\Documents and Settings\Admin
2008-07-29 18:51 . 2008-07-29 18:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-29 18:49 . 2008-07-29 19:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 18:49 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 18:25 . 2008-07-29 18:25 <DIR> d-------- C:\Program Files\uTorrent
2008-07-29 18:25 . 2008-07-30 10:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2008-07-29 15:14 . 2008-07-29 15:14 <DIR> d-------- C:\temp_dvd
2008-07-29 15:13 . 2008-07-29 15:14 <DIR> d-------- C:\Program Files\Dvd-cloner
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\WINDOWS\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Program Files\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-07-29 08:23 . 2008-07-29 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-07-28 19:22 . 2008-07-28 19:49 207 --a------ C:\WINDOWS\maketorrent.ini
2008-07-28 10:24 . 2008-07-28 10:24 <DIR> d-------- C:\Program Files\DVDFab 5
2008-07-28 09:03 . 2008-07-29 08:17 <DIR> d-------- C:\Program Files\Oberon Media
2008-07-28 09:03 . 2008-07-28 09:03 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-07-28 08:38 . 2008-07-28 08:38 <DIR> d-------- C:\Program Files\Sun
2008-07-28 08:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 08:36 . 2008-07-28 08:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-26 20:59 . 2008-07-26 21:02 <DIR> d-------- C:\Program Files\Mystery PI The Vegas Heist
2008-07-26 17:42 . 2008-05-28 14:53 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-26 16:58 . 2008-07-26 16:58 <DIR> d-------- C:\Program Files\Google
2008-07-26 14:15 . 2008-07-29 16:02 <DIR> d-------- C:\GAMES
2008-07-26 14:07 . 2008-07-29 10:23 <DIR> d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-07-26 13:36 . 2008-07-26 16:35 <DIR> d-------- C:\Program Files\Tradewinds Legends
2008-07-26 13:27 . 2008-07-26 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-07-26 13:04 . 2008-07-25 14:50 106,496 --a------ C:\WINDOWS\SysF7.exe
2008-07-26 13:04 . 2008-07-25 14:50 32,256 --a------ C:\WINDOWS\SysF3.exe
2008-07-26 13:04 . 2008-07-25 14:50 30,208 --a------ C:\WINDOWS\SysF5.exe
2008-07-26 13:02 . 2008-07-27 09:44 <DIR> d-------- C:\Program Files\Gold Rush Treasure Hunt
2008-07-25 18:50 . 2008-07-25 18:50 <DIR> d-------- C:\WINDOWS\Tradewinds Caravans
2008-07-25 18:50 . 2008-07-25 18:50 <DIR> d-------- C:\Program Files\Tradewinds Caravans
2008-07-24 19:52 . 2008-07-24 19:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\WINDOWS\Discovery A Seek And Find Adventure
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-24 18:51 . 2008-07-24 18:56 <DIR> d-------- C:\Program Files\PopCap Games
2008-07-24 18:49 . 2008-07-24 18:49 <DIR> d-------- C:\Program Files\Bricks of Camelot
2008-07-24 18:46 . 2008-07-24 18:46 <DIR> d-------- C:\Program Files\Bricks of Atlantis
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 16:31 . 2008-07-24 16:31 <DIR> d-------- C:\Documents and Settings\User\Saved Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\Flood Light Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-07-24 16:30 . 2008-07-24 16:30 <DIR> d-------- C:\WINDOWS\Women's Murder Club - Death in Scarlet
2008-07-23 23:11 . 2008-07-24 08:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\TweakNow PowerPack
2008-07-23 19:58 . 2008-07-23 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-07-23 19:57 . 2008-07-23 19:57 <DIR> d-------- C:\WINDOWS\Little Farm
2008-07-23 19:57 . 2008-07-24 11:35 <DIR> d-------- C:\Program Files\Little Farm
2008-07-23 11:00 . 2008-07-26 09:03 <DIR> d-------- C:\Documents and Settings\User\Application Data\Registry Booster
2008-07-23 09:38 . 2008-07-23 09:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktop Mechanic
2008-07-22 16:24 . 2008-07-22 16:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nero
2008-07-22 16:19 . 2008-07-22 16:21 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-22 15:10 . 2008-07-22 15:10 <DIR> d-------- C:\WINDOWS\Build in Time
2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\Canneverbe_Limited
2008-07-21 16:31 . 2008-07-21 16:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\AudioMoves
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\BitDefender
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\Bitdefender
2008-07-21 13:21 . 2008-07-21 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-21 13:19 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-07-21 12:41 . 2008-07-28 10:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Vso
2008-07-21 12:41 . 2008-07-23 11:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-07-21 12:41 . 2008-07-24 18:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\DMCache
2008-07-21 12:39 . 2008-07-30 10:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 12:39 . 2008-07-21 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 08:47 . 2008-07-21 12:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\MagicDVDCreator
2008-07-19 13:59 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-19 13:59 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-19 13:59 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-19 13:59 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-19 13:59 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-07-19 13:59 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-19 12:31 . 2008-07-19 12:31 81,920 --a------ C:\Documents and Settings\User\Application Data\ezpinst.exe
2008-07-19 10:42 . 2008-07-26 09:13 <DIR> d-------- C:\Program Files\Unlocker
2008-07-19 10:42 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktopicon
2008-07-18 09:52 . 2008-07-18 09:52 <DIR> d--h----- C:\WINDOWS\Icons
2008-07-17 19:59 . 2008-07-17 19:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\CyberLink
2008-07-17 19:41 . 2008-07-30 10:23 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-17 18:24 . 2008-07-17 18:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Thunderbird
2008-07-17 18:24 . 2008-07-17 18:24 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\Documents and Settings\User\Application Data\pcouffin.sys
2008-07-17 15:46 . 2008-07-30 10:10 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-17 14:59 . 2008-07-17 22:03 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-17 14:59 . 2008-07-17 14:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\URSoft
2008-07-17 13:44 . 2008-07-17 14:21 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-17 13:28 . 2008-07-17 13:28 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-07-16 17:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-16 17:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 17:35 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-16 17:35 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-16 17:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 17:35 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-16 17:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-16 17:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-16 17:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-16 16:35 . 2002-03-04 13:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2008-07-16 16:35 . 2001-07-28 13:50 265,753 --a------ C:\WINDOWS\system32\AS-Exp2.ocx
2008-07-16 16:35 . 2001-04-20 02:28 28,672 --a------ C:\WINDOWS\system32\systray.ocx
2008-07-16 16:35 . 2006-05-31 15:38 10,752 --a------ C:\WINDOWS\system32\md5.dll
2008-07-16 13:14 . 2008-07-21 12:12 <DIR> d-------- C:\Webshots Data
2008-07-15 23:03 . 2008-07-15 23:03 0 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-07-15 23:02 . 2008-07-16 13:12 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-07-15 15:07 . 2008-07-15 22:45 <DIR> d-------- C:\Documents and Settings\User\Application Data\TmpRecentIcons
2008-07-15 13:18 . 2008-07-28 10:42 67 --a------ C:\WINDOWS\Easy DVD Creator.INI
2008-07-14 20:03 . 2008-07-14 20:03 58,594 --a------ C:\WINDOWS\system32\mpt.exe
2008-07-14 12:23 . 2008-07-14 12:23 <DIR> d-------- C:\WINDOWS\Sun
2008-07-14 12:19 . 2008-07-14 12:19 <DIR> d-------- C:\Garmin
2008-07-12 13:09 . 2008-07-16 16:49 <DIR> d-------- C:\Program Files\Virtual Villagers - The Secret City
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Program Files\bfgclient
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-12 12:06 . 2008-07-12 12:06 <DIR> d-------- C:\Program Files\PrintParade Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 13:18 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-07-20 09:45 0 ----a-w C:\Program Files\temp01
2008-06-24 11:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-24 10:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 04:42 69,120 ----a-w C:\WINDOWS\NOTEPAD.EXE
2008-04-14 04:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 04:42 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 04:42 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 04:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 04:42 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 04:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 04:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 04:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 04:41 451,072 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
2008-04-14 04:41 39,424 ----a-w C:\WINDOWS\AppPatch\AcAdProc.dll
2008-04-14 04:41 245,248 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
2008-04-14 04:41 141,312 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
2008-04-14 04:41 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
2008-04-14 04:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
.

------- Sigcheck -------

2008-06-24 12:23 507904 c2d1429e210a032d36bb24493214e584 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-25 14:02 185896]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-06-25 14:42:29 63064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\program files\\bcd_installed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13549:TCP"= 13549:TCP:ut1
"13549:UDP"= 13549:UDP:ut1

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-09 13:41]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-29 20:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-09 13:41]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-21 14:18]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-03 08:47]
S4 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe []
S4 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-07-30 09:22:47 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-07-24 16:09:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-30 09:22:30 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-27 07:54:09 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SNM - C:\Program Files\SpyNoMore\SNM.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 10:22:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\PROGRA~1\Webshots\Webshots.scr
.
**************************************************************************
.
Completion time: 2008-07-30 10:28:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 09:28:16

Pre-Run: 49,592,037,376 bytes free
Post-Run: 49,585,950,720 bytes free

276 --- E O F --- 2008-07-28 07:47:30

[silverdel]

ComboFix 08-07-23.5 - User 2008-07-30 10:14:48.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\User\Desktop\Shortcuts\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\EeegPqss.ini
C:\WINDOWS\system32\EeegPqss.ini2
C:\WINDOWS\system32\geBuRLBq.dll
C:\WINDOWS\system32\mlJDVpOh.dll
C:\WINDOWS\system32\ssqPgeeE.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-30 09:22 . 2008-07-30 09:22 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-07-29 20:19 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-29 20:19 . 2008-07-29 20:17 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-07-29 20:17 . 2008-07-29 20:19 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-29 20:06 . 2008-07-30 08:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-29 20:06 . 2008-07-29 20:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-07-29 20:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-29 20:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-29 20:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-29 20:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-29 19:14 . 2008-07-24 19:57 32,768 --a------ C:\Program Files\bcd_installed.exe
2008-07-29 19:03 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 18:54 . 2008-07-29 18:54 <DIR> d-------- C:\Documents and Settings\Admin
2008-07-29 18:51 . 2008-07-29 18:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-29 18:49 . 2008-07-29 19:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 18:49 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 18:25 . 2008-07-29 18:25 <DIR> d-------- C:\Program Files\uTorrent
2008-07-29 18:25 . 2008-07-30 10:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2008-07-29 15:14 . 2008-07-29 15:14 <DIR> d-------- C:\temp_dvd
2008-07-29 15:13 . 2008-07-29 15:14 <DIR> d-------- C:\Program Files\Dvd-cloner
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\WINDOWS\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Program Files\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-07-29 08:23 . 2008-07-29 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-07-28 19:22 . 2008-07-28 19:49 207 --a------ C:\WINDOWS\maketorrent.ini
2008-07-28 10:24 . 2008-07-28 10:24 <DIR> d-------- C:\Program Files\DVDFab 5
2008-07-28 09:03 . 2008-07-29 08:17 <DIR> d-------- C:\Program Files\Oberon Media
2008-07-28 09:03 . 2008-07-28 09:03 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-07-28 08:38 . 2008-07-28 08:38 <DIR> d-------- C:\Program Files\Sun
2008-07-28 08:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 08:36 . 2008-07-28 08:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-26 20:59 . 2008-07-26 21:02 <DIR> d-------- C:\Program Files\Mystery PI The Vegas Heist
2008-07-26 17:42 . 2008-05-28 14:53 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-26 16:58 . 2008-07-26 16:58 <DIR> d-------- C:\Program Files\Google
2008-07-26 14:15 . 2008-07-29 16:02 <DIR> d-------- C:\GAMES
2008-07-26 14:07 . 2008-07-29 10:23 <DIR> d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-07-26 13:36 . 2008-07-26 16:35 <DIR> d-------- C:\Program Files\Tradewinds Legends
2008-07-26 13:27 . 2008-07-26 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-07-26 13:04 . 2008-07-25 14:50 106,496 --a------ C:\WINDOWS\SysF7.exe
2008-07-26 13:04 . 2008-07-25 14:50 32,256 --a------ C:\WINDOWS\SysF3.exe
2008-07-26 13:04 . 2008-07-25 14:50 30,208 --a------ C:\WINDOWS\SysF5.exe
2008-07-26 13:02 . 2008-07-27 09:44 <DIR> d-------- C:\Program Files\Gold Rush Treasure Hunt
2008-07-25 18:50 . 2008-07-25 18:50 <DIR> d-------- C:\WINDOWS\Tradewinds Caravans
2008-07-25 18:50 . 2008-07-25 18:50 <DIR> d-------- C:\Program Files\Tradewinds Caravans
2008-07-24 19:52 . 2008-07-24 19:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\WINDOWS\Discovery A Seek And Find Adventure
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-24 18:51 . 2008-07-24 18:56 <DIR> d-------- C:\Program Files\PopCap Games
2008-07-24 18:49 . 2008-07-24 18:49 <DIR> d-------- C:\Program Files\Bricks of Camelot
2008-07-24 18:46 . 2008-07-24 18:46 <DIR> d-------- C:\Program Files\Bricks of Atlantis
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 16:31 . 2008-07-24 16:31 <DIR> d-------- C:\Documents and Settings\User\Saved Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\Flood Light Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-07-24 16:30 . 2008-07-24 16:30 <DIR> d-------- C:\WINDOWS\Women's Murder Club - Death in Scarlet
2008-07-23 23:11 . 2008-07-24 08:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\TweakNow PowerPack
2008-07-23 19:58 . 2008-07-23 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-07-23 19:57 . 2008-07-23 19:57 <DIR> d-------- C:\WINDOWS\Little Farm
2008-07-23 19:57 . 2008-07-24 11:35 <DIR> d-------- C:\Program Files\Little Farm
2008-07-23 11:00 . 2008-07-26 09:03 <DIR> d-------- C:\Documents and Settings\User\Application Data\Registry Booster
2008-07-23 09:38 . 2008-07-23 09:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktop Mechanic
2008-07-22 16:24 . 2008-07-22 16:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nero
2008-07-22 16:19 . 2008-07-22 16:21 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-22 15:10 . 2008-07-22 15:10 <DIR> d-------- C:\WINDOWS\Build in Time
2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\Canneverbe_Limited
2008-07-21 16:31 . 2008-07-21 16:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\AudioMoves
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\BitDefender
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\Bitdefender
2008-07-21 13:21 . 2008-07-21 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-21 13:19 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-07-21 12:41 . 2008-07-28 10:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Vso
2008-07-21 12:41 . 2008-07-23 11:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-07-21 12:41 . 2008-07-24 18:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\DMCache
2008-07-21 12:39 . 2008-07-30 10:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 12:39 . 2008-07-21 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 08:47 . 2008-07-21 12:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\MagicDVDCreator
2008-07-19 13:59 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-19 13:59 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-19 13:59 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-19 13:59 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-19 13:59 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-07-19 13:59 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-19 12:31 . 2008-07-19 12:31 81,920 --a------ C:\Documents and Settings\User\Application Data\ezpinst.exe
2008-07-19 10:42 . 2008-07-26 09:13 <DIR> d-------- C:\Program Files\Unlocker
2008-07-19 10:42 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktopicon
2008-07-18 09:52 . 2008-07-18 09:52 <DIR> d--h----- C:\WINDOWS\Icons
2008-07-17 19:59 . 2008-07-17 19:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\CyberLink
2008-07-17 19:41 . 2008-07-30 10:23 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-17 18:24 . 2008-07-17 18:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Thunderbird
2008-07-17 18:24 . 2008-07-17 18:24 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\Documents and Settings\User\Application Data\pcouffin.sys
2008-07-17 15:46 . 2008-07-30 10:10 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-17 14:59 . 2008-07-17 22:03 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-17 14:59 . 2008-07-17 14:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\URSoft
2008-07-17 13:44 . 2008-07-17 14:21 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-17 13:28 . 2008-07-17 13:28 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-07-16 17:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-16 17:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 17:35 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-16 17:35 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-16 17:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 17:35 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-16 17:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-16 17:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-16 17:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-16 16:35 . 2002-03-04 13:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2008-07-16 16:35 . 2001-07-28 13:50 265,753 --a------ C:\WINDOWS\system32\AS-Exp2.ocx
2008-07-16 16:35 . 2001-04-20 02:28 28,672 --a------ C:\WINDOWS\system32\systray.ocx
2008-07-16 16:35 . 2006-05-31 15:38 10,752 --a------ C:\WINDOWS\system32\md5.dll
2008-07-16 13:14 . 2008-07-21 12:12 <DIR> d-------- C:\Webshots Data
2008-07-15 23:03 . 2008-07-15 23:03 0 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-07-15 23:02 . 2008-07-16 13:12 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-07-15 15:07 . 2008-07-15 22:45 <DIR> d-------- C:\Documents and Settings\User\Application Data\TmpRecentIcons
2008-07-15 13:18 . 2008-07-28 10:42 67 --a------ C:\WINDOWS\Easy DVD Creator.INI
2008-07-14 20:03 . 2008-07-14 20:03 58,594 --a------ C:\WINDOWS\system32\mpt.exe
2008-07-14 12:23 . 2008-07-14 12:23 <DIR> d-------- C:\WINDOWS\Sun
2008-07-14 12:19 . 2008-07-14 12:19 <DIR> d-------- C:\Garmin
2008-07-12 13:09 . 2008-07-16 16:49 <DIR> d-------- C:\Program Files\Virtual Villagers - The Secret City
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Program Files\bfgclient
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-12 12:06 . 2008-07-12 12:06 <DIR> d-------- C:\Program Files\PrintParade Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 13:18 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-07-20 09:45 0 ----a-w C:\Program Files\temp01
2008-06-24 11:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-24 10:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 04:42 69,120 ----a-w C:\WINDOWS\NOTEPAD.EXE
2008-04-14 04:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 04:42 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 04:42 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 04:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 04:42 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 04:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 04:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 04:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 04:41 451,072 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
2008-04-14 04:41 39,424 ----a-w C:\WINDOWS\AppPatch\AcAdProc.dll
2008-04-14 04:41 245,248 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
2008-04-14 04:41 141,312 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
2008-04-14 04:41 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
2008-04-14 04:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
.

------- Sigcheck -------

2008-06-24 12:23 507904 c2d1429e210a032d36bb24493214e584 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-25 14:02 185896]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-06-25 14:42:29 63064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\program files\\bcd_installed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13549:TCP"= 13549:TCP:ut1
"13549:UDP"= 13549:UDP:ut1

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-09 13:41]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-29 20:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-09 13:41]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-21 14:18]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-03 08:47]
S4 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe []
S4 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-07-30 09:22:47 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-07-24 16:09:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-30 09:22:30 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-27 07:54:09 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SNM - C:\Program Files\SpyNoMore\SNM.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 10:22:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\PROGRA~1\Webshots\Webshots.scr
.
**************************************************************************
.
Completion time: 2008-07-30 10:28:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 09:28:16

Pre-Run: 49,592,037,376 bytes free
Post-Run: 49,585,950,720 bytes free

276 --- E O F --- 2008-07-28 07:47:30

[Elrond]

Download and Run OTMoveIt2

• Double-click OTMoveIt2.exe to run it.
• Copy the lines in the codebox below.

Code: Select all

C:\WINDOWS\SysF7.exe
C:\WINDOWS\SysF6.exe
C:\WINDOWS\SysF5.exe
C:\WINDOWS\SysF4.exe
C:\WINDOWS\SysF3.exe
C:\WINDOWS\system32\mpt.exe

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  
  
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  
  
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
• The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

What I need from you this time posted in thei topic are the logs from:

OTMoveIt2
MalwreBytes AntiMalware
Kaspersky

[silverdel]

ComboFix 08-07-23.5 - User 2008-07-30 10:14:48.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\User\Desktop\Shortcuts\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\EeegPqss.ini
C:\WINDOWS\system32\EeegPqss.ini2
C:\WINDOWS\system32\geBuRLBq.dll
C:\WINDOWS\system32\mlJDVpOh.dll
C:\WINDOWS\system32\ssqPgeeE.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-30 09:22 . 2008-07-30 09:22 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-07-29 20:19 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-29 20:19 . 2008-07-29 20:17 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-07-29 20:17 . 2008-07-29 20:19 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-29 20:06 . 2008-07-30 08:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-29 20:06 . 2008-07-29 20:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-07-29 20:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-29 20:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-29 20:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-29 20:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-29 19:14 . 2008-07-24 19:57 32,768 --a------ C:\Program Files\bcd_installed.exe
2008-07-29 19:03 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 18:54 . 2008-07-29 18:54 <DIR> d-------- C:\Documents and Settings\Admin
2008-07-29 18:51 . 2008-07-29 18:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-29 18:49 . 2008-07-29 19:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 18:49 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 18:25 . 2008-07-29 18:25 <DIR> d-------- C:\Program Files\uTorrent
2008-07-29 18:25 . 2008-07-30 10:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2008-07-29 15:14 . 2008-07-29 15:14 <DIR> d-------- C:\temp_dvd
2008-07-29 15:13 . 2008-07-29 15:14 <DIR> d-------- C:\Program Files\Dvd-cloner
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\WINDOWS\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Program Files\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-07-29 08:23 . 2008-07-29 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-07-28 19:22 . 2008-07-28 19:49 207 --a------ C:\WINDOWS\maketorrent.ini
2008-07-28 10:24 . 2008-07-28 10:24 <DIR> d-------- C:\Program Files\DVDFab 5
2008-07-28 09:03 . 2008-07-29 08:17 <DIR> d-------- C:\Program Files\Oberon Media
2008-07-28 09:03 . 2008-07-28 09:03 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-07-28 08:38 . 2008-07-28 08:38 <DIR> d-------- C:\Program Files\Sun
2008-07-28 08:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 08:36 . 2008-07-28 08:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-26 20:59 . 2008-07-26 21:02 <DIR> d-------- C:\Program Files\Mystery PI The Vegas Heist
2008-07-26 17:42 . 2008-05-28 14:53 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-26 16:58 . 2008-07-26 16:58 <DIR> d-------- C:\Program Files\Google
2008-07-26 14:15 . 2008-07-29 16:02 <DIR> d-------- C:\GAMES
2008-07-26 14:07 . 2008-07-29 10:23 <DIR> d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-07-26 13:36 . 2008-07-26 16:35 <DIR> d-------- C:\Program Files\Tradewinds Legends
2008-07-26 13:27 . 2008-07-26 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-07-26 13:04 . 2008-07-25 14:50 106,496 --a------ C:\WINDOWS\SysF7.exe
2008-07-26 13:04 . 2008-07-25 14:50 32,256 --a------ C:\WINDOWS\SysF3.exe
2008-07-26 13:04 . 2008-07-25 14:50 30,208 --a------ C:\WINDOWS\SysF5.exe
2008-07-26 13:02 . 2008-07-27 09:44 <DIR> d-------- C:\Program Files\Gold Rush Treasure Hunt
2008-07-25 18:50 . 2008-07-25 18:50 <DIR> d-------- C:\WINDOWS\Tradewinds Caravans
2008-07-25 18:50 . 2008-07-25 18:50 <DIR> d-------- C:\Program Files\Tradewinds Caravans
2008-07-24 19:52 . 2008-07-24 19:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\WINDOWS\Discovery A Seek And Find Adventure
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-24 18:51 . 2008-07-24 18:56 <DIR> d-------- C:\Program Files\PopCap Games
2008-07-24 18:49 . 2008-07-24 18:49 <DIR> d-------- C:\Program Files\Bricks of Camelot
2008-07-24 18:46 . 2008-07-24 18:46 <DIR> d-------- C:\Program Files\Bricks of Atlantis
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 16:31 . 2008-07-24 16:31 <DIR> d-------- C:\Documents and Settings\User\Saved Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\Flood Light Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-07-24 16:30 . 2008-07-24 16:30 <DIR> d-------- C:\WINDOWS\Women's Murder Club - Death in Scarlet
2008-07-23 23:11 . 2008-07-24 08:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\TweakNow PowerPack
2008-07-23 19:58 . 2008-07-23 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-07-23 19:57 . 2008-07-23 19:57 <DIR> d-------- C:\WINDOWS\Little Farm
2008-07-23 19:57 . 2008-07-24 11:35 <DIR> d-------- C:\Program Files\Little Farm
2008-07-23 11:00 . 2008-07-26 09:03 <DIR> d-------- C:\Documents and Settings\User\Application Data\Registry Booster
2008-07-23 09:38 . 2008-07-23 09:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktop Mechanic
2008-07-22 16:24 . 2008-07-22 16:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nero
2008-07-22 16:19 . 2008-07-22 16:21 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-22 15:10 . 2008-07-22 15:10 <DIR> d-------- C:\WINDOWS\Build in Time
2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\Canneverbe_Limited
2008-07-21 16:31 . 2008-07-21 16:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\AudioMoves
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\BitDefender
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\Bitdefender
2008-07-21 13:21 . 2008-07-21 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-21 13:19 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-07-21 12:41 . 2008-07-28 10:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Vso
2008-07-21 12:41 . 2008-07-23 11:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-07-21 12:41 . 2008-07-24 18:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\DMCache
2008-07-21 12:39 . 2008-07-30 10:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 12:39 . 2008-07-21 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 08:47 . 2008-07-21 12:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\MagicDVDCreator
2008-07-19 13:59 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-19 13:59 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-19 13:59 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-19 13:59 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-19 13:59 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-07-19 13:59 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-19 12:31 . 2008-07-19 12:31 81,920 --a------ C:\Documents and Settings\User\Application Data\ezpinst.exe
2008-07-19 10:42 . 2008-07-26 09:13 <DIR> d-------- C:\Program Files\Unlocker
2008-07-19 10:42 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktopicon
2008-07-18 09:52 . 2008-07-18 09:52 <DIR> d--h----- C:\WINDOWS\Icons
2008-07-17 19:59 . 2008-07-17 19:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\CyberLink
2008-07-17 19:41 . 2008-07-30 10:23 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-17 18:24 . 2008-07-17 18:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Thunderbird
2008-07-17 18:24 . 2008-07-17 18:24 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\Documents and Settings\User\Application Data\pcouffin.sys
2008-07-17 15:46 . 2008-07-30 10:10 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-17 14:59 . 2008-07-17 22:03 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-17 14:59 . 2008-07-17 14:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\URSoft
2008-07-17 13:44 . 2008-07-17 14:21 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-17 13:28 . 2008-07-17 13:28 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-07-16 17:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-16 17:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 17:35 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-16 17:35 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-16 17:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 17:35 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-16 17:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-16 17:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-16 17:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-16 16:35 . 2002-03-04 13:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2008-07-16 16:35 . 2001-07-28 13:50 265,753 --a------ C:\WINDOWS\system32\AS-Exp2.ocx
2008-07-16 16:35 . 2001-04-20 02:28 28,672 --a------ C:\WINDOWS\system32\systray.ocx
2008-07-16 16:35 . 2006-05-31 15:38 10,752 --a------ C:\WINDOWS\system32\md5.dll
2008-07-16 13:14 . 2008-07-21 12:12 <DIR> d-------- C:\Webshots Data
2008-07-15 23:03 . 2008-07-15 23:03 0 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-07-15 23:02 . 2008-07-16 13:12 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-07-15 15:07 . 2008-07-15 22:45 <DIR> d-------- C:\Documents and Settings\User\Application Data\TmpRecentIcons
2008-07-15 13:18 . 2008-07-28 10:42 67 --a------ C:\WINDOWS\Easy DVD Creator.INI
2008-07-14 20:03 . 2008-07-14 20:03 58,594 --a------ C:\WINDOWS\system32\mpt.exe
2008-07-14 12:23 . 2008-07-14 12:23 <DIR> d-------- C:\WINDOWS\Sun
2008-07-14 12:19 . 2008-07-14 12:19 <DIR> d-------- C:\Garmin
2008-07-12 13:09 . 2008-07-16 16:49 <DIR> d-------- C:\Program Files\Virtual Villagers - The Secret City
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Program Files\bfgclient
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-12 12:06 . 2008-07-12 12:06 <DIR> d-------- C:\Program Files\PrintParade Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 13:18 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-07-20 09:45 0 ----a-w C:\Program Files\temp01
2008-06-24 11:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-24 10:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 04:42 69,120 ----a-w C:\WINDOWS\NOTEPAD.EXE
2008-04-14 04:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 04:42 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 04:42 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 04:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 04:42 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 04:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 04:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 04:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 04:41 451,072 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
2008-04-14 04:41 39,424 ----a-w C:\WINDOWS\AppPatch\AcAdProc.dll
2008-04-14 04:41 245,248 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
2008-04-14 04:41 141,312 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
2008-04-14 04:41 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
2008-04-14 04:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
.

------- Sigcheck -------

2008-06-24 12:23 507904 c2d1429e210a032d36bb24493214e584 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-25 14:02 185896]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-06-25 14:42:29 63064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\program files\\bcd_installed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13549:TCP"= 13549:TCP:ut1
"13549:UDP"= 13549:UDP:ut1

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-09 13:41]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-29 20:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-09 13:41]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-21 14:18]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-03 08:47]
S4 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe []
S4 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-07-30 09:22:47 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-07-24 16:09:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-30 09:22:30 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-27 07:54:09 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SNM - C:\Program Files\SpyNoMore\SNM.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 10:22:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\PROGRA~1\Webshots\Webshots.scr
.
**************************************************************************
.
Completion time: 2008-07-30 10:28:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 09:28:16

Pre-Run: 49,592,037,376 bytes free
Post-Run: 49,585,950,720 bytes free

276 --- E O F --- 2008-07-28 07:47:30

[silverdel]

Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 3

22:10:04 2008-07-30
mbam-log-7-30-2008 (22-10-04).txt

Scan type: Quick Scan
Objects scanned: 43728
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Unfortunately I can not get yhe other program to load

[Elrond]

I did not expect you to run Combofix at this point but it gave me some extra information and therefore I would like to run it again but inthe updated form. Please follow the instructions exactly. It is important.

Please delete the old Combofix that you have on your desktop.

Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Click No to close Combofix.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Next

1. Click Start>Run type in appwiz.cpl and hit Enter.
2. Select ScanSpyware v3.8.0.4 if you find it.
3. Click on the "Add/Remove" button.
4. If it asks if you really want to remove the program please click Yes
5. If it gives you more than one option about what to do please chose Remove
6. Once the program/s are uninstalled, click on the "OK" button.
7. Reboot the computer.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

I'd like you to check (a file/some files) for Viruses.

• Go to VirusTotal or Jotti's

c:\program files\bcd_installed.exe

• Copy/Paste the first file on the list into the white Upload a file box.
• Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
• After a while, a window will open, with details of what the scans found.
• Copy the report with the details of any viruses found.
• Post the details in your next post please

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  Code: Select all

  Collect::
  C:\WINDOWS\SysF7.exe
  C:\WINDOWS\SysF6.exe
  C:\WINDOWS\SysF5.exe
  C:\WINDOWS\SysF4.exe
  C:\WINDOWS\SysF3.exe
  C:\WINDOWS\system32\mpt.exe
  C:\WINDOWS\system32\windrv.sys
  C:\WINDOWS\system32\IGUltraGrid20.ocx
  C:\WINDOWS\system32\AS-Exp2.ocx
  C:\WINDOWS\system32\systray.ocx
  C:\WINDOWS\system32\md5.dll
  C:\WINDOWS\system32\FreezeScreenSaver.exe
  
  Folder::
  C:\Program Files\uTorrent
  C:\Documents and Settings\User\Application Data\uTorrent
  
  Suspect::
  C:\Program Files\bcd_installed.exe
  
  Registry::
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "C:\\Program Files\\uTorrent\\uTorrent.exe"=-
  
  Driver::
  FreezeScreenSaver
  
  

  
  
• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

What I need from you in your next post is the following:
The information from VirusTotal/Jotti
The Log from ComboFix

[silverdel]

Hello, Firstly I do thank you for your help, yje two file scan programs failed to open the following file. c:\program files\bcd_installed.exe.

Here below is the Combofix file;

[silverdel]

ComboFix 08-07-23.5 - User 2008-07-31 19:23:34.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.585 [GMT 1:00]
Running from: C:\Documents and Settings\User\Desktop\Shortcuts\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-30 20:06 . 2008-07-30 20:06 244 --ah----- C:\sqmnoopt00.sqm
2008-07-30 20:06 . 2008-07-30 20:06 232 --ah----- C:\sqmdata00.sqm
2008-07-30 12:41 . 2008-07-31 09:26 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-30 09:22 . 2008-07-30 09:22 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-07-29 20:19 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-29 20:19 . 2008-07-29 20:17 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-07-29 20:17 . 2008-07-29 20:19 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-29 20:06 . 2008-07-31 09:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-29 20:06 . 2008-07-29 20:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-07-29 20:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-29 20:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-29 20:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-29 20:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-29 19:03 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 18:54 . 2008-07-29 18:54 <DIR> d-------- C:\Documents and Settings\Admin
2008-07-29 18:51 . 2008-07-29 18:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-29 18:49 . 2008-07-29 19:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 18:49 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 18:25 . 2008-07-29 18:25 <DIR> d-------- C:\Program Files\uTorrent
2008-07-29 18:25 . 2008-07-31 19:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2008-07-29 15:14 . 2008-07-29 15:14 <DIR> d-------- C:\temp_dvd
2008-07-29 15:13 . 2008-07-29 15:14 <DIR> d-------- C:\Program Files\Dvd-cloner
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\WINDOWS\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Program Files\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-07-29 08:23 . 2008-07-29 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-07-28 19:22 . 2008-07-28 19:49 207 --a------ C:\WINDOWS\maketorrent.ini
2008-07-28 10:24 . 2008-07-28 10:24 <DIR> d-------- C:\Program Files\DVDFab 5
2008-07-28 09:03 . 2008-07-28 09:03 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-07-28 08:38 . 2008-07-28 08:38 <DIR> d-------- C:\Program Files\Sun
2008-07-28 08:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 08:36 . 2008-07-28 08:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-26 20:59 . 2008-07-26 21:02 <DIR> d-------- C:\Program Files\Mystery PI The Vegas Heist
2008-07-26 17:42 . 2008-05-28 14:53 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-26 16:58 . 2008-07-26 16:58 <DIR> d-------- C:\Program Files\Google
2008-07-26 14:15 . 2008-07-29 16:02 <DIR> d-------- C:\GAMES
2008-07-26 14:07 . 2008-07-29 10:23 <DIR> d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-07-26 13:36 . 2008-07-26 16:35 <DIR> d-------- C:\Program Files\Tradewinds Legends
2008-07-26 13:27 . 2008-07-26 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-07-26 13:02 . 2008-07-27 09:44 <DIR> d-------- C:\Program Files\Gold Rush Treasure Hunt
2008-07-25 18:50 . 2008-07-25 18:50 <DIR> d-------- C:\WINDOWS\Tradewinds Caravans
2008-07-25 18:50 . 2008-07-25 18:50 <DIR> d-------- C:\Program Files\Tradewinds Caravans
2008-07-24 19:52 . 2008-07-24 19:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\WINDOWS\Discovery A Seek And Find Adventure
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-24 18:51 . 2008-07-24 18:56 <DIR> d-------- C:\Program Files\PopCap Games
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 16:31 . 2008-07-24 16:31 <DIR> d-------- C:\Documents and Settings\User\Saved Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\Flood Light Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-07-24 16:30 . 2008-07-24 16:30 <DIR> d-------- C:\WINDOWS\Women's Murder Club - Death in Scarlet
2008-07-23 23:11 . 2008-07-24 08:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\TweakNow PowerPack
2008-07-23 19:58 . 2008-07-23 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-07-23 19:57 . 2008-07-23 19:57 <DIR> d-------- C:\WINDOWS\Little Farm
2008-07-23 19:57 . 2008-07-24 11:35 <DIR> d-------- C:\Program Files\Little Farm
2008-07-23 11:00 . 2008-07-26 09:03 <DIR> d-------- C:\Documents and Settings\User\Application Data\Registry Booster
2008-07-23 09:38 . 2008-07-23 09:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktop Mechanic
2008-07-22 16:24 . 2008-07-22 16:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nero
2008-07-22 16:19 . 2008-07-22 16:21 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-22 15:10 . 2008-07-22 15:10 <DIR> d-------- C:\WINDOWS\Build in Time
2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\Canneverbe_Limited
2008-07-21 16:31 . 2008-07-21 16:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\AudioMoves
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\BitDefender
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\Bitdefender
2008-07-21 13:21 . 2008-07-21 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-21 13:19 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-07-21 12:41 . 2008-07-28 10:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Vso
2008-07-21 12:41 . 2008-07-23 11:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-07-21 12:41 . 2008-07-24 18:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\DMCache
2008-07-21 12:39 . 2008-07-31 19:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 12:39 . 2008-07-21 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 08:47 . 2008-07-21 12:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\MagicDVDCreator
2008-07-19 13:59 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-19 13:59 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-19 13:59 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-19 13:59 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-19 13:59 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-07-19 13:59 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-19 12:31 . 2008-07-19 12:31 81,920 --a------ C:\Documents and Settings\User\Application Data\ezpinst.exe
2008-07-19 10:42 . 2008-07-26 09:13 <DIR> d-------- C:\Program Files\Unlocker
2008-07-19 10:42 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktopicon
2008-07-18 09:52 . 2008-07-18 09:52 <DIR> d--h----- C:\WINDOWS\Icons
2008-07-17 19:59 . 2008-07-17 19:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\CyberLink
2008-07-17 19:41 . 2008-07-31 19:27 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-17 18:24 . 2008-07-17 18:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Thunderbird
2008-07-17 18:24 . 2008-07-17 18:24 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\Documents and Settings\User\Application Data\pcouffin.sys
2008-07-17 15:46 . 2008-07-31 19:23 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-17 14:59 . 2008-07-17 22:03 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-17 14:59 . 2008-07-17 14:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\URSoft
2008-07-17 13:44 . 2008-07-17 14:21 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-17 13:28 . 2008-07-17 13:28 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-07-16 17:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 17:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 17:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-16 16:35 . 2002-03-04 13:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2008-07-16 16:35 . 2001-07-28 13:50 265,753 --a------ C:\WINDOWS\system32\AS-Exp2.ocx
2008-07-16 16:35 . 2001-04-20 02:28 28,672 --a------ C:\WINDOWS\system32\systray.ocx
2008-07-16 16:35 . 2006-05-31 15:38 10,752 --a------ C:\WINDOWS\system32\md5.dll
2008-07-16 13:14 . 2008-07-21 12:12 <DIR> d-------- C:\Webshots Data
2008-07-15 23:03 . 2008-07-15 23:03 0 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-07-15 23:02 . 2008-07-16 13:12 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-07-15 15:07 . 2008-07-15 22:45 <DIR> d-------- C:\Documents and Settings\User\Application Data\TmpRecentIcons
2008-07-15 13:18 . 2008-07-28 10:42 67 --a------ C:\WINDOWS\Easy DVD Creator.INI
2008-07-14 12:23 . 2008-07-14 12:23 <DIR> d-------- C:\WINDOWS\Sun
2008-07-14 12:19 . 2008-07-14 12:19 <DIR> d-------- C:\Garmin
2008-07-12 13:09 . 2008-07-16 16:49 <DIR> d-------- C:\Program Files\Virtual Villagers - The Secret City
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Program Files\bfgclient
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-12 12:06 . 2008-07-12 12:06 <DIR> d-------- C:\Program Files\PrintParade Studio
2008-07-12 12:06 . 2008-07-12 12:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\Printparade
2008-07-12 12:06 . 2003-06-25 11:17 374,272 --a------ C:\WINDOWS\system32\Dav3_32.dll
2008-07-12 12:06 . 2003-06-24 13:35 143,360 --a------ C:\WINDOWS\system32\leon3_32.dll
2008-07-11 11:20 . 2008-07-11 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-10 17:40 . 2008-07-15 11:48 <DIR> d-------- C:\Downloads
2008-07-10 13:13 . 2008-07-16 16:49 <DIR> d-------- C:\Program Files\Mario Worlds
2008-07-06 13:15 . 2008-07-06 13:15 <DIR> d-------- C:\Documents and Settings\User\Application Data\PlanetPlayMore
2008-07-06 13:14 . 2008-07-07 18:35 <DIR> d-------- C:\Program Files\Tropicabana
2008-07-04 12:11 . 2008-07-04 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-04 12:07 . 2008-07-22 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-04 08:48 . 2008-07-04 12:28 <DIR> d-------- C:\Program Files\Flash Slideshow Maker Professional

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 12:53 0 ----a-w C:\Program Files\temp01
2008-07-21 13:18 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-06-24 11:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-24 11:23 507,904 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-06-24 10:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-16 10:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 05:42 74,752 ----a-w C:\WINDOWS\system32\storprop.dll
2008-04-14 05:42 74,240 ----a-w C:\WINDOWS\system32\usbui.dll
2008-04-14 05:42 4,274,816 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2008-04-14 04:55 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin
2008-04-14 04:51 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2008-04-14 04:51 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll
2008-04-14 04:51 483,840 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2008-04-14 04:51 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2008-04-14 04:51 47,104 ----a-w C:\WINDOWS\system32\cnbjmon.dll
2008-04-14 04:51 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2008-04-14 04:51 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
2008-04-14 04:51 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
2008-04-14 04:51 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2008-04-14 04:51 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 04:51 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll
2008-04-14 04:51 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll
2008-04-14 04:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 04:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 04:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 04:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 04:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 04:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 04:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 04:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 04:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 01:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 00:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 23:57 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 23:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 23:05 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 23:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 23:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 22:45 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 22:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 22:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 22:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 22:08 306,176 ----a-w C:\WINDOWS\system32\slbcsp.dll
2008-04-13 22:08 169,984 ----a-w C:\WINDOWS\system32\sccbase.dll
2008-04-13 22:08 101,888 ----a-w C:\WINDOWS\system32\gpkcsp.dll
2008-04-13 22:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 22:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 21:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 21:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 21:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 21:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dLL
2008-04-13 21:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 21:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 21:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 21:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 21:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 21:24 68,768 ----a-w C:\WINDOWS\system32\mmsystem.dll
2008-04-13 21:24 53,840 ----a-w C:\WINDOWS\system32\dosx.exe
2008-04-13 21:24 5,120 ----a-w C:\WINDOWS\system32\winnls.dll
2008-04-13 21:23 92,224 ----a-w C:\WINDOWS\system32\krnl386.exe
2008-04-13 21:22 3,338 ----a-w C:\WINDOWS\system32\redir.exe
2008-04-13 21:20 42,537 ----a-w C:\WINDOWS\system32\keyboard.sys
2008-04-13 21:19 35,648 ----a-w C:\WINDOWS\system32\ntio411.sys
2008-04-13 21:19 35,424 ----a-w C:\WINDOWS\system32\ntio412.sys
2008-04-13 21:19 34,560 ----a-w C:\WINDOWS\system32\ntio804.sys
2008-04-13 21:19 34,560 ----a-w C:\WINDOWS\system32\ntio404.sys
2008-04-13 21:19 33,840 ----a-w C:\WINDOWS\system32\ntio.sys
2008-04-13 21:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 21:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 20:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 20:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 20:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

------- Sigcheck -------

2008-06-24 12:23 507904 c2d1429e210a032d36bb24493214e584 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-25 14:02 185896]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-06-25 14:42:29 63064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13549:TCP"= 13549:TCP:ut1
"13549:UDP"= 13549:UDP:ut1

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-09 13:41]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-29 20:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-09 13:41]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-21 14:18]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-03 08:47]
S4 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe []
S4 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-31 18:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-07-31 16:09:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-31 16:00:01 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-27 07:54:09 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 19:26:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-31 19:29:19
ComboFix-quarantined-files.txt 2008-07-31 18:28:15

Pre-Run: 49,776,209,920 bytes free
Post-Run: 49,852,096,512 bytes free

313 --- E O F --- 2008-07-28 07:47:30
This is the Combofix File