Downloaded and ran combofix. No problems, and in addition, symptoms of virtumonde gone. But, i may be a bit hasty. Here are the log reports for hjt and combofix. Thanx again.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:06 PM, on 23/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mali\Downloads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yayyxxUM.dll,#1
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Mali\AppData\Local\Temp\rqRJDvvU.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Mali\AppData\Local\Temp\urqNFvsR.dll,#1
O4 - HKCU\..\Run: [78c881ab] rundll32.exe "C:\Users\Mali\AppData\Local\Temp\kfxeroyd.dll",b
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BM7bfbb237] Rundll32.exe "C:\Users\Mali\AppData\Local\Temp\srvbuidl.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 10638 bytes
ComboFix 08-04-22.1 - Mali 2008-04-23 15:25:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1081 [GMT 10:00]
Running from: C:\Users\Mali\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\KBL.LOG
C:\Windows\system32\yayyxxUM.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-22 20:15 . 2008-04-22 20:15 <DIR> d-------- C:\PerfLogs
2008-04-22 19:50 . 2008-01-19 17:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-04-22 19:50 . 2008-01-19 17:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-04-22 19:48 . 2008-01-19 17:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-04-22 19:47 . 2008-01-19 17:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-22 19:46 . 2008-01-19 17:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-04-22 19:45 . 2008-01-19 16:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-22 19:44 . 2008-01-19 17:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-22 19:44 . 2008-01-19 17:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-22 19:44 . 2008-01-19 17:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-22 19:44 . 2006-11-02 19:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-04-22 19:44 . 2008-01-19 17:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-21 23:43 . 2008-04-22 16:12 <DIR> d-------- C:\VundoFix Backups
2008-04-21 20:32 . 2008-04-21 20:49 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-21 20:32 . 2008-04-21 20:49 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-21 20:32 . 2008-04-21 20:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-21 19:40 . 2008-04-21 19:40 <DIR> d-------- C:\Users\All Users\LightScribe
2008-04-21 19:40 . 2008-04-21 19:40 <DIR> d-------- C:\ProgramData\LightScribe
2008-04-19 20:51 . 2008-04-19 20:51 <DIR> d-------- C:\Users\Mali\Limewire
2008-04-19 20:50 . 2008-04-22 16:43 <DIR> d-------- C:\Users\Mali\AppData\Roaming\LimeWire
2008-04-19 20:50 . 2008-04-19 20:50 <DIR> d-------- C:\Program Files\LimeWire
2008-04-19 17:36 . 2008-03-30 04:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-04-19 17:31 . 2008-04-19 17:31 27,240 --a------ C:\Users\Mali\AppData\Roaming\nvModes.dat
2008-04-18 22:57 . 2008-04-18 22:57 <DIR> d-------- C:\Users\Mali\Torrentz
2008-04-18 22:50 . 2008-04-18 22:50 <DIR> d-------- C:\Users\Mali\AppData\Roaming\HP
2008-04-18 22:38 . 2008-04-18 23:04 <DIR> d-------- C:\Users\Mali\AppData\Roaming\uTorrent
2008-04-18 22:38 . 2008-04-18 22:38 <DIR> d-------- C:\Program Files\uTorrent
2008-04-18 21:23 . 2008-04-18 21:23 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-18 21:23 . 2008-04-18 21:23 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-18 21:23 . 2008-04-18 21:23 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-18 21:23 . 2008-04-18 21:23 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-18 21:23 . 2008-04-18 21:23 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-18 21:23 . 2008-04-18 21:23 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-18 21:23 . 2008-04-18 21:23 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-18 21:23 . 2008-04-18 21:23 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-18 21:23 . 2008-04-18 21:23 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-18 21:23 . 2008-04-18 21:23 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-18 21:22 . 2008-04-18 21:22 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-18 21:22 . 2008-04-18 21:22 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-18 21:14 . 2008-04-18 21:14 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-18 21:14 . 2008-04-18 21:14 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-18 21:13 . 2008-04-18 21:13 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-18 21:02 . 2008-04-18 21:02 <DIR> d-------- C:\Users\Mali\AppData\Roaming\Lavasoft
2008-04-18 20:57 . 2008-04-18 20:57 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-18 20:56 . 2008-04-18 20:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-18 20:55 . 2008-04-18 20:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 20:46 . 2008-04-18 20:46 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-18 20:41 . 2008-04-18 20:41 <DIR> dr-h----- C:\MSOCache
2008-04-18 20:20 . 2008-04-18 20:20 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-18 20:17 . 2008-04-18 20:17 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-04-18 20:16 . 2008-04-18 20:16 <DIR> d-------- C:\Users\Mali\AppData\Roaming\DAEMON Tools
2008-04-18 20:03 . 2008-04-18 20:03 <DIR> d-------- C:\Users\Public\CyberLink
2008-04-18 20:03 . 2008-04-18 22:51 <DIR> d-------- C:\Users\Mali\AppData\Roaming\CyberLink
2008-04-18 19:39 . 2008-04-18 19:39 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-04-18 19:39 . 2008-04-18 19:39 <DIR> d-------- C:\ProgramData\WLInstaller
2008-04-18 19:39 . 2008-04-18 19:47 <DIR> d-------- C:\Program Files\Windows Live
2008-04-18 19:39 . 2008-04-18 19:46 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-18 18:07 . 2008-04-22 21:50 <DIR> dr------- C:\Users\Mali\Skool
2008-04-18 18:04 . 2008-04-18 18:04 <DIR> d-------- C:\Users\Mali\AppData\Roaming\Apple Computer
2008-04-18 18:04 . 2008-04-18 18:04 <DIR> d-------- C:\Program Files\iTunes
2008-04-18 18:04 . 2008-04-18 18:04 <DIR> d-------- C:\Program Files\iPod
2008-04-18 18:03 . 2008-04-18 18:03 <DIR> d-------- C:\Program Files\QuickTime
2008-04-18 18:03 . 2008-04-21 22:10 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-18 18:02 . 2008-04-18 18:04 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-04-18 18:02 . 2008-04-18 18:04 <DIR> d-------- C:\ProgramData\Apple Computer
2008-04-18 14:04 . 2008-04-18 14:04 <DIR> d-------- C:\Users\Mali\Bluetooth Software
2008-04-18 14:04 . 2008-04-18 14:04 <DIR> d-------- C:\Users\Mali\AppData\Roaming\Symantec
2008-04-18 14:03 . 2008-04-18 14:03 <DIR> dr------- C:\Users\Mali\Searches
2008-04-18 14:03 . 2008-04-18 19:48 <DIR> dr------- C:\Users\Mali\Contacts
2008-04-18 14:03 . 2008-04-18 14:03 <DIR> d-------- C:\Users\Mali\AppData\Roaming\DigitalPersona
2008-04-18 14:03 . 2008-04-18 14:03 81 --a------ C:\Windows\System32\LOG
2008-04-18 14:03 . 2008-04-18 14:03 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-04-18 13:59 . 2008-04-18 13:59 <DIR> d-------- C:\Users\Mali\AppData\Roaming\Hewlett-Packard
2008-04-18 13:59 . 2008-04-18 13:59 <DIR> d-------- C:\Program Files\MediaRing
2008-04-18 13:59 . 2008-04-18 13:59 956 --a------ C:\Windows\MediaRing Talk.lnk
2008-04-18 13:58 . 2008-04-18 13:58 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-18 13:57 . 2008-04-18 13:57 <DIR> d-------- C:\Users\Mali\AppData\Roaming\Macrovision
2008-04-18 13:57 . 2008-04-18 13:57 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8080BSJ_E459053-373_4A_I30D2_SQuanta_V79.28_F.45_T080116_WV3-0_L409_M2046_J160_7Intel_86FD_92.00_#071126_N10EC8136;80864229_(KK870PA#ABG)_XMOBILE_CN10_Z.MRK
2008-04-18 13:56 . 2008-04-18 14:03 <DIR> dr------- C:\Users\Mali\Videos
2008-04-18 13:56 . 2008-04-18 14:03 <DIR> dr------- C:\Users\Mali\Saved Games
2008-04-18 13:56 . 2008-04-18 14:03 <DIR> dr------- C:\Users\Mali\Pictures
2008-04-18 13:56 . 2008-04-18 18:04 <DIR> dr------- C:\Users\Mali\Music
2008-04-18 13:56 . 2008-04-18 14:03 <DIR> dr------- C:\Users\Mali\Links
2008-04-18 13:56 . 2008-04-23 15:22 <DIR> dr------- C:\Users\Mali\Downloads
2008-04-18 13:56 . 2008-04-22 21:15 <DIR> dr------- C:\Users\Mali\Documents
2008-04-18 13:56 . 2006-11-02 22:37 <DIR> d-------- C:\Users\Mali\AppData\Roaming\Media Center Programs
2008-04-18 13:56 . 2008-04-18 13:56 <DIR> d--h----- C:\Users\Mali\AppData
2008-04-18 13:56 . 2008-04-19 21:36 <DIR> d-------- C:\Users\Mali
2008-04-18 13:56 . 2008-04-18 20:17 524,288 --ahs---- C:\Users\Mali\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-18 13:56 . 2008-04-23 15:30 524,288 --ahs---- C:\Users\Mali\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-18 13:56 . 2008-04-23 15:34 262,144 --ah----- C:\Users\Mali\ntuser.dat.LOG1
2008-04-18 13:56 . 2008-04-23 15:30 65,536 --ahs---- C:\Users\Mali\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-18 13:56 . 2008-04-18 13:56 0 --ah----- C:\Users\Mali\ntuser.dat.LOG2
2008-04-18 13:44 . 2008-04-18 13:44 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 10:28 174 --sha-w C:\Program Files\desktop.ini
2008-04-22 10:16 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-22 10:16 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-22 10:16 --------- d-----w C:\Program Files\Windows Mail
2008-04-22 10:16 --------- d-----w C:\Program Files\Windows Journal
2008-04-22 10:16 --------- d-----w C:\Program Files\Windows Defender
2008-04-22 10:16 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-22 10:16 --------- d-----w C:\Program Files\Windows Calendar
2008-04-22 10:13 --------- d-----w C:\ProgramData\NVIDIA
2008-04-22 10:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-22 10:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-20 11:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-20 11:20 --------- d-----w C:\ProgramData\Symantec
2008-04-18 12:50 --------- d-----w C:\ProgramData\HP
2008-04-18 11:35 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-18 11:28 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-18 10:52 --------- d-----w C:\ProgramData\CyberLink
2008-04-18 03:58 --------- d-----w C:\Program Files\HPQ
2008-02-27 00:09 --------- d-----w C:\ProgramData\Macrovision
2008-02-27 00:09 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-27 00:09 --------- d-----w C:\Program Files\DigitalPersona
2008-02-27 00:08 --------- d-----w C:\ProgramData\WildTangent
2008-02-27 00:08 --------- d-----w C:\Program Files\HP Games
2008-02-27 00:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 00:06 --------- d-----w C:\Program Files\CyberLink
2008-02-27 00:02 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-27 00:00 --------- d-----w C:\Program Files\HP
2008-02-26 23:56 --------- d-----w C:\Program Files\WIDCOMM
2008-02-26 23:55 --------- d-----w C:\Program Files\WinTV
2008-02-26 23:53 --------- d-----w C:\Program Files\Realtek
2008-02-26 23:53 --------- d-----w C:\Program Files\Intel
2008-02-26 23:52 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-26 23:52 315,392 ----a-w C:\Windows\HideWin.exe
2008-02-26 23:51 --------- d-----w C:\Program Files\Motorola
2008-02-26 23:51 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-02-26 23:50 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-02-26 23:50 --------- d-----w C:\Program Files\Synaptics
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 17:33 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 17:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 18:29 102400]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 23:34 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 23:27 4702208 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 16:02 174616]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-01 13:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-20 08:31 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-05 07:54 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 17:13 218408]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-21 05:12 671744]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 17:38 1008184]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 10:31 80896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 21:06 40048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 17:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-14 02:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-09 09:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 22:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-20 06:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-20 06:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-20 06:05 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2C5DD49D-C376-4D47-A6D8-6B2E13A7B512}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E45194C7-E8A2-4083-8AB4-1A2580E63B73}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BB6326D2-1D66-494F-846C-792601C9A091}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{EB0BE193-2B1F-4349-A25F-C5604647768C}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{652873AF-10F7-4891-870B-293793241F1C}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8CBC182C-A11D-4A42-B958-0813FBDC5FE8}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{70F99534-A660-41A9-A1F9-989F2D60E13A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{406AB515-CF57-42AF-A6B4-A1D35592929F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{FC2C94EA-FF40-4AA1-8C91-C29F123F1DB3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8CB4246A-E27A-49A9-B1DD-4D0D5B57C808}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E13EB40D-25DC-476A-A13D-FB07A2F14476}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8FFF462C-24E9-4A86-87BC-1BE038FFBD87}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{B1E918C6-B84A-49D3-BA0A-2776A8C482C2}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B3499742-780F-424A-804F-1734BD753FB3}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-30 04:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-30 04:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-30 04:32]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 17:50]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-10-01 13:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-10-01 13:34]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 23:12]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 23:12]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 23:12]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-12 04:30]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 17:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 09:33]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c697c423-0d30-11dd-914b-001e37b31d74}]
\shell\AutoRun\command - F:\SETUP.EXE
\shell\configure\command - F:\SETUP.EXE
\shell\install\command - F:\SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-23 15:33:06
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
.
**************************************************************************
.
Completion time: 2008-04-23 15:41:42 - machine was rebooted [Mali]
ComboFix-quarantined-files.txt 2008-04-23 05:41:10
Pre-Run: 105,709,088,768 bytes free
Post-Run: 105,551,073,280 bytes free
267 --- E O F --- 2008-04-23 05:14:02