Here are my logs, using zonealarm as firewall/AV, just got comp access agian
TY
Logfile of HijackThis v1.99.1
Scan saved at 3:54:19 PM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.medion.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.costco.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
SmitFraudFix v2.225
Scan done at 15:37:19.62, Sun 09/16/2007
Run from C:\Documents and Settings\Matt\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a4029063-4fe3-422c-ac72-12905c09642a}"="clinker"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\Matt\FAVORI~1\Online Security Test.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: 2Wire Gateway USB
DNS Server Search Order: 10.33.33.150
Description: 2Wire Gateway USB
DNS Server Search Order: 172.16.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D90064F3-B403-4C7A-99BB-F6EB26A1D71F}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EAEBAD98-0228-4346-A229-FE154B5040FC}: DhcpNameServer=10.33.33.150
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D90064F3-B403-4C7A-99BB-F6EB26A1D71F}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EAEBAD98-0228-4346-A229-FE154B5040FC}: DhcpNameServer=10.33.33.150
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D90064F3-B403-4C7A-99BB-F6EB26A1D71F}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EAEBAD98-0228-4346-A229-FE154B5040FC}: DhcpNameServer=10.33.33.150
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
ComboFix 07-09-14.2 - "Matt" 2007-09-16 15:39:22.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.324 [GMT -5:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\DOCUME~1\Mark\APPLIC~1\macromedia\Flash Player\#SharedObjects\MVA64TFL\www.broadcaster.com
C:\DOCUME~1\Mark\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Mommy\Desktop\internet.lnk
D:\Autorun.inf
J:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-08-16 to 2007-09-16 )))))))))))))))))))))))))))))))
.
2007-09-16 15:37 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-16 12:33 512 --a------ C:\ScanSectorLog.dat
2007-09-15 20:52 <DIR> d-------- C:\DOCUME~1\Mommy\APPLIC~1\WTablet
2007-09-14 13:52 <DIR> d-------- C:\DOCUME~1\Miky\APPLIC~1\WTablet
2007-09-14 08:37 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\WTablet
2007-09-14 01:09 <DIR> d-------- C:\DOCUME~1\Mark\APPLIC~1\WTablet
2007-09-14 00:25 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\WTablet
2007-09-14 00:24 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2007-09-14 00:23 128,296 --a------ C:\WINDOWS\system32\Pen_Tablet.dll
2007-09-14 00:23 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2007-09-14 00:23 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2007-09-14 00:23 1,373,480 --a------ C:\WINDOWS\system32\Pen_Tablet.exe
2007-09-12 14:58 <DIR> d-------- C:\DOCUME~1\Miky\APPLIC~1\Orbit
2007-09-11 19:58 <DIR> d-------- C:\Program Files\Western Digital Technologies
2007-09-11 11:36 <DIR> d-------- C:\Program Files\QuickTime
2007-09-11 11:35 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-11 11:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-09 22:24 <DIR> d-------- C:\DOCUME~1\Mark\APPLIC~1\Orbit
2007-09-09 20:15 <DIR> d-------- C:\DOCUME~1\Mommy\APPLIC~1\Orbit
2007-09-09 16:21 <DIR> d-------- C:\Program Files\Orbitdownloader
2007-09-09 16:21 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Orbit
2007-09-09 12:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-09 12:35 <DIR> d-------- C:\Program Files\Real
2007-09-08 14:29 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\IDM
2007-09-08 14:29 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\DMCache
2007-09-08 14:28 <DIR> d-------- C:\Program Files\Internet Download Manager
2007-09-08 14:09 <DIR> d-------- C:\Downloads
2007-08-30 00:00 <DIR> d-------- C:\DOCUME~1\Mark\APPLIC~1\DivX
2007-08-26 17:36 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Pegasys Inc
2007-08-26 12:54 <DIR> d-------- C:\Program Files\Total Video Converter
2007-08-26 08:18 <DIR> d-------- C:\DOCUME~1\Mark\APPLIC~1\MailFrontier
2007-08-26 00:00 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\MailFrontier
2007-08-25 23:57 964,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-25 23:57 12,682,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-25 22:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-16 15:35 91484 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-16 15:35 170924 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-16 08:43 --------- d-------- C:\Program Files\LogMeIn
2007-09-15 00:09 --------- d-------- C:\DOCUME~1\Miky\APPLIC~1\LimeWire
2007-09-14 00:24 --------- d-------- C:\Program Files\Tablet
2007-09-12 15:15 --------- d-------- C:\DOCUME~1\Mark\APPLIC~1\LimeWire
2007-09-12 14:58 --------- d-------- C:\DOCUME~1\Miky\APPLIC~1\Real
2007-09-11 11:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-09 12:36 --------- d-------- C:\Program Files\Common Files\Real
2007-09-07 10:55 181544 --a------ C:\WINDOWS\system32\Wintab32.dll
2007-09-05 12:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-05 12:03 --------- d-------- C:\Program Files\Medion Home Cinema XL II
2007-09-05 12:03 --------- d-------- C:\Program Files\CyberLink
2007-09-05 12:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-02 20:23 --------- dr-h----- C:\DOCUME~1\Mommy\APPLIC~1\yahoo!
2007-08-26 17:23 --------- d-------- C:\Program Files\DivX
2007-08-25 22:58 --------- d-------- C:\Program Files\Symantec
2007-08-25 22:58 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-25 22:58 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-25 22:55 --------- d-------- C:\Program Files\FlashFXP
2007-08-25 22:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-25 22:43 --------- d-------- C:\Program Files\Yahoo!
2007-08-25 07:11 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\BitTorrent
2007-08-22 02:10 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\LimeWire
2007-08-21 19:48 --------- d-------- C:\DOCUME~1\Mommy\APPLIC~1\Real
2007-08-19 13:39 --------- dr-h----- C:\DOCUME~1\Matt\APPLIC~1\yahoo!
2007-08-15 01:06 --------- d-------- C:\Program Files\MSXML 6.0
2007-08-14 22:10 --------- d-------- C:\Program Files\Lavasoft
2007-08-14 22:09 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-14 16:24 --------- d-------- C:\Program Files\Steam
2007-08-14 15:05 --------- d-------- C:\Program Files\MSN Messenger
2007-08-13 01:06 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-12 00:12 --------- d-------- C:\Program Files\Warcraft III
2007-08-09 15:35 --------- d-------- C:\Program Files\StealthBot Clan Hi2u
2007-08-07 21:59 --------- d-------- C:\Program Files\StealthBot
2007-08-01 15:23 --------- d-------- C:\Program Files\Alien Skin
2007-08-01 11:36 --------- d-------- C:\Program Files\AusLogics Disk Defrag
2007-08-01 00:25 --------- d-------- C:\Program Files\Remote Desktop Control
2007-07-31 22:40 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-31 16:28 --------- d-------- C:\Program Files\Common Files\Logitech
2007-07-31 16:26 --------- d-------- C:\Program Files\Logitech
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 18:37 --------- d-------- C:\DOCUME~1\Mommy\APPLIC~1\MSN6
2007-07-28 17:17 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\Apple Computer
2007-07-28 00:27 --------- d-------- C:\DOCUME~1\Mark\APPLIC~1\MEGAUPLOADTOOLBAR
2007-07-27 22:31 --------- d-------- C:\DOCUME~1\Mommy\APPLIC~1\MEGAUPLOADTOOLBAR
2007-07-27 11:27 --------- d-------- C:\DOCUME~1\Miky\APPLIC~1\WinRAR
2007-07-26 20:04 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\Symantec
2007-07-26 16:20 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\LogMeIn Rescue
2007-07-26 14:09 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\Real
2007-07-25 22:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-25 21:53 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-25 21:53 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-25 21:53 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-25 21:53 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-25 21:53 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-25 21:53 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-25 21:53 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-25 21:53 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-25 21:50 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-25 21:50 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-25 21:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-25 21:50 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-25 21:50 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-25 21:50 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-25 21:50 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-25 21:50 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-25 21:50 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-25 21:50 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-25 21:50 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-25 21:50 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-25 21:49 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-24 07:14 --------- d-------- C:\DOCUME~1\Miky\APPLIC~1\MEGAUPLOADTOOLBAR
2007-07-23 11:40 --------- d-------- C:\Program Files\Final Fantasy VII
2007-07-22 22:32 --------- d-------- C:\Program Files\Square Soft, Inc
2007-07-22 11:54 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-07-21 23:38 --------- d-------- C:\Program Files\OO Software
2007-07-21 16:06 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
2007-07-21 00:09 --------- d-------- C:\Program Files\Realtek AC97
2007-07-21 00:07 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-20 22:01 --------- d-------- C:\Program Files\AVIcodec
2007-07-17 01:08 --------- d-------- C:\Program Files\VstPlugIns
2007-07-17 01:07 --------- d-------- C:\Program Files\IK Multimedia
2007-07-17 01:07 --------- d-------- C:\Program Files\Common Files\DigiDesign
2007-07-16 21:50 --------- d-------- C:\Program Files\PCPitstop
2007-07-16 15:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-16 15:24 --------- d-------- C:\Program Files\Bonjour
2007-07-03 23:57 139264 --a------ C:\WINDOWS\War3Unin.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 19:27 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-19 19:26 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-06-19 19:26 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-06-19 19:26 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-09 12:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-09-09 16:21:17]
C:\DOCUME~1\Mark\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-06-29 18:40:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^ctfmon.exe]
path=C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ctfmon.exe
backup=C:\WINDOWS\pss\ctfmon.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Matt\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Rapidown.lnk]
path=C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Rapidown.lnk
backup=C:\WINDOWS\pss\Rapidown.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Disk MD Registration Reminder]
C:\Program Files\PCPitstop\Disk MD\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusProtectPro 3.6]
"C:\Program Files\VirusProtectPro 3.6\VirusProtectPro 3.6.exe" /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)
"aawservice"=2 (0x2)
R3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
S2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe
S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys
S3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys
S3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34460279-1d49-11dc-bc00-000d720f2fda}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- L:\Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4614b526-28e5-11dc-a0f7-000d720f2fda}]
AutoRun\command- L:\wd_windows_tools\setup.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-16 15:40:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-16 15:40:57
C:\ComboFix-quarantined-files.txt ... 2007-09-16 15:40
.
--- E O F ---