Hi there. I had a busy day today and have the Kaspersky Scan currently running. It's taking quite long so I may not get that result or the new HijackThis log until tomorrow as I'm going to bed...can't keep myself up for the scan results but it has found one new threat. I'll include the Combofix log, though, and I did the updates and took the appropriate files off the system. The problem is that a new dll keeps popping up...like before. The old dll disappeared that you wanted me to delete: O4 - HKLM\..\Run: [Csikib rundll32.exe "C:\WINDOWS\oritexaq.dll",e but now a new dll file has appeared (oyoxeruxile.dll) in my startup when I used msconfig to check what is running. So, that's my concern. Also I scanned that one file you weren't sure about with Jotti and it came up with nothing. Here is that log: I'll get you the rest of the logs tomorrow. It's still scanning and will be for some time! Thanks so much for all your time and effort!Scan taken on 05 Apr 2009 16:49:57 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Here is my Combofix log: ComboFix 09-04-04.01 - Mike 2009-04-05 10:21:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.561 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\documents and settings\Mike\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\windows\imsins.BAK
c:\windows\oritexaq.dll
c:\windows\pss\PowerReg Scheduler V3.exe
c:\windows\system32\4661E.mht
c:\windows\system32\9a91F.sys
c:\windows\system32\f2720.tmp
c:\windows\winstart.bat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\SecTaskMan
c:\documents and settings\All Users\Application Data\SecTaskMan\_ADSSEDA9A00
c:\documents and settings\All Users\Application Data\SecTaskMan\_AppleMobileDeviceService8A6BB001
c:\documents and settings\All Users\Application Data\SecTaskMan\_avgnsx16F1909
c:\documents and settings\All Users\Application Data\SecTaskMan\_avgtray17DD6F30
c:\documents and settings\All Users\Application Data\SecTaskMan\_CTsvcCDA11DFAC00
c:\documents and settings\All Users\Application Data\SecTaskMan\_ebifihut9BE6202
c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\_ExplorerBD8C40F
c:\documents and settings\All Users\Application Data\SecTaskMan\_GEARSec1075D000
c:\documents and settings\All Users\Application Data\SecTaskMan\_LxrJD31s13491601
c:\documents and settings\All Users\Application Data\SecTaskMan\_MsPMSPSv1841D000
c:\documents and settings\All Users\Application Data\SecTaskMan\_mstask128B0
c:\documents and settings\All Users\Application Data\SecTaskMan\_nhksrv38C97000
c:\documents and settings\All Users\Application Data\SecTaskMan\_PQV2iSvc40D16013
c:\documents and settings\All Users\Application Data\SecTaskMan\_SDHelper34C9D767
c:\documents and settings\All Users\Application Data\SecTaskMan\_sprthook2D4DC629
c:\documents and settings\All Users\Application Data\SecTaskMan\_taskman2CA8DD68
c:\documents and settings\All Users\Application Data\SecTaskMan\_UAService714F5F001
c:\documents and settings\All Users\Application Data\SecTaskMan\_wkcalrem5CF96039
c:\documents and settings\All Users\Application Data\SecTaskMan\_WPDShServiceObj1CD5A02
c:\documents and settings\All Users\Application Data\SecTaskMan\_WUDFSvc1358DA00
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00000000F587A874AB2A781F1A6360C8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00000000F587A874AB2A781F1A6360C8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109020090400000000000F01FEC
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109020090400000000000F01FEC.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_02D35814CC04662479D81F82BB79AC69
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_02D35814CC04662479D81F82BB79AC69.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_05285706FC8CBE74C86B0E3C8BD42870
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_05285706FC8CBE74C86B0E3C8BD42870.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0BACD3DB5EF3BF4409ADFE0B2ADC3178
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0BACD3DB5EF3BF4409ADFE0B2ADC3178.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_104C2FB8EC20D424CB62C6F4F94B646B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_104C2FB8EC20D424CB62C6F4F94B646B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_105B967C8EB2de64E99611F800A89071
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_105B967C8EB2de64E99611F800A89071.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12341rg
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12345db
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_193D8C58EAE02944A8A0E28E0B6BAD30
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_193D8C58EAE02944A8A0E28E0B6BAD30.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B902C5BBDD824645A3773B5595141BC
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B902C5BBDD824645A3773B5595141BC.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1C5C0DF1B10BC4B469705E3D3B1D13F8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1C5C0DF1B10BC4B469705E3D3B1D13F8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1C7D4BB52F25DFB4E904D014E9E20312
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1C7D4BB52F25DFB4E904D014E9E20312.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1E9B8ABDFF6C42645989373D4BA19000
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1E9B8ABDFF6C42645989373D4BA19000.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2367501907ACC3146B82D2C3BDBB09B6
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2367501907ACC3146B82D2C3BDBB09B6.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_23D2828F4290BC746B8E00B1C375610A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_23D2828F4290BC746B8E00B1C375610A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2BF8B715EE620B34EAB170048806AA96
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2BF8B715EE620B34EAB170048806AA96.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2E234A8B145D84F49B8E42B3EE3C1D85
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2E234A8B145D84F49B8E42B3EE3C1D85.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2E522EB31425FC2448A45E52F74F222B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2E522EB31425FC2448A45E52F74F222B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34036E1FCF45B924BAC213FAF9ABB47C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34036E1FCF45B924BAC213FAF9ABB47C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_385AE066F4618F24A8801DED18DB67B4
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_385AE066F4618F24A8801DED18DB67B4.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3C282EC6EB87F3643A1CC8F9896EC1EC
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3C282EC6EB87F3643A1CC8F9896EC1EC.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4301AEBD288588A40833184CFEC0AF92
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4301AEBD288588A40833184CFEC0AF92.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_47BE9D51E89940A44B86152C7E3B1228
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_47BE9D51E89940A44B86152C7E3B1228.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_49315D0E54D1A0646BD283B34C8F3B53
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_49315D0E54D1A0646BD283B34C8F3B53.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_503C5DB272B114D46B09A71671D2F2BE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_503C5DB272B114D46B09A71671D2F2BE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_508A456A9D147C04AA64A40FF440D416
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_508A456A9D147C04AA64A40FF440D416.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_525EF9A5F8B810749A73F776544A9E7C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_525EF9A5F8B810749A73F776544A9E7C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_598A4D02C84788D478C1DF1B96B51096
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_598A4D02C84788D478C1DF1B96B51096.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5B7994EDDA558784797A9CAF48EF327C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5B7994EDDA558784797A9CAF48EF327C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_623439D5A561b3140B6562EBE10C28FA
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_623439D5A561b3140B6562EBE10C28FA.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_637957C374381304BBC97DA5FD6E1B10
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_637957C374381304BBC97DA5FD6E1B10.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7447A9000000020
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7447A9000000020.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6BBAE71A6C0D5E4428C027CDF7940546
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6BBAE71A6C0D5E4428C027CDF7940546.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_74E2C7F0E98032d49B7F93EB00017067
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_74E2C7F0E98032d49B7F93EB00017067.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_76B33508704CD584B8D536BBE89D8D87
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_76B33508704CD584B8D536BBE89D8D87.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_78DB1B93E1652674EA9DC725310BC642
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_78DB1B93E1652674EA9DC725310BC642.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7D1F7FAF7E0CAE74A8AA484E9FAEC349
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7D1F7FAF7E0CAE74A8AA484E9FAEC349.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8183D97278274ba49A7245E2EB9A3E56
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8183D97278274ba49A7245E2EB9A3E56.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610007
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610007.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8FE883813A0EB244B8EF2E1F3B0DC519
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8FE883813A0EB244B8EF2E1F3B0DC519.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_904000001E872D116BF00006799C897E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_904000001E872D116BF00006799C897E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_904010001E872D116BF00006799C897E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_904010001E872D116BF00006799C897E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_90404A0900063D11C8EF10054038389C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_90404A0900063D11C8EF10054038389C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_904071001E872D116BF00006799C897E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_904071001E872D116BF00006799C897E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9040711900063D11C8EF10054038389C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9040711900063D11C8EF10054038389C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_947CC08382C847C4EB105429D1603220
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_947CC08382C847C4EB105429D1603220.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9BA4C112DF3EEC444A59578B5F5488A6
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9BA4C112DF3EEC444A59578B5F5488A6.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9EC9653600AFC964FAC55E4D9DA3FC19
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9EC9653600AFC964FAC55E4D9DA3FC19.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A062EDCAB206bfc46A050DBD6AFFDA58
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A062EDCAB206bfc46A050DBD6AFFDA58.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A18B9BCCF76123843B502D0A3480043B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A18B9BCCF76123843B502D0A3480043B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B3358D867EE9BA648B2B6D348F885CFD
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B3358D867EE9BA648B2B6D348F885CFD.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B5ECD368AC6D5CD4F959D7FCDE51EDF8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B5ECD368AC6D5CD4F959D7FCDE51EDF8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B97CF7F995034624490593BE63E82302
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B97CF7F995034624490593BE63E82302.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C44CC767CBB9D834AB3DDF5459DD41B8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C44CC767CBB9D834AB3DDF5459DD41B8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C9280D8FF6C93D110808000CF43A92AA
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C9280D8FF6C93D110808000CF43A92AA.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CA81E36A405B5404FA6E2A97BBBA9B88
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CA81E36A405B5404FA6E2A97BBBA9B88.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CBCEC1F4F076aad4186D49B421549071
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CBCEC1F4F076aad4186D49B421549071.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D46B7E82F051E9A47B3AA5A68C2C8F22
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D46B7E82F051E9A47B3AA5A68C2C8F22.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6461317C3DC4F04799BDCE9E42626FE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6461317C3DC4F04799BDCE9E42626FE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DAED58A8F1C7863488C127CA47BCE219
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DAED58A8F1C7863488C127CA47BCE219.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E4C56ECF8E0BDBF4DA61DEBC6EDC95F1
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E4C56ECF8E0BDBF4DA61DEBC6EDC95F1.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB4C01D663C0E4F4C8A35E8E765A0FD1
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EB4C01D663C0E4F4C8A35E8E765A0FD1.dll
c:\windows\imsins.BAK
c:\windows\oritexaq.dll
c:\windows\system32\4661E.mht
c:\windows\system32\9a91F.sys
c:\windows\system32\f2720.tmp
c:\windows\winstart.bat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_9A91F
-------\Service_9a91F
((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))
.
2009-04-03 10:46 . 2009-04-03 10:46 <DIR> d-------- c:\program files\MSXML 4.0
2009-04-02 20:01 . 2009-04-04 09:32 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-04-02 20:00 . 2008-06-13 07:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-04-02 19:51 . 2008-05-01 08:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-04-02 13:50 . 2009-04-02 13:50 153,104 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-04-02 12:55 . 2009-04-02 13:10 250 --a------ c:\windows\gmer.ini
2009-04-02 10:28 . 2009-04-02 10:28 <DIR> d-------- c:\windows\RestoreSafeDeleted
2009-04-01 18:06 . 2009-04-02 19:50 <DIR> d-------- c:\program files\UnHackMe
2009-04-01 14:41 . 2009-04-01 14:41 <DIR> d-------- c:\program files\LucasArts
2009-04-01 13:55 . 2009-04-01 13:52 49,152 --a------ c:\windows\system32\md5sum.exe
2009-03-31 22:05 . 2009-04-05 10:25 29,988 --a------ c:\windows\system32\BMXStateBkp-{00000000-00000000-0000000E-00001102-00000004-10031102}.rfx
2009-03-31 22:05 . 2009-04-05 10:25 29,988 --a------ c:\windows\system32\BMXState-{00000000-00000000-0000000E-00001102-00000004-10031102}.rfx
2009-03-31 22:05 . 2009-04-05 10:25 29,760 --a------ c:\windows\system32\BMXCtrlState-{00000000-00000000-0000000E-00001102-00000004-10031102}.rfx
2009-03-31 22:05 . 2009-04-05 10:25 29,760 --a------ c:\windows\system32\BMXBkpCtrlState-{00000000-00000000-0000000E-00001102-00000004-10031102}.rfx
2009-03-31 22:05 . 2009-04-05 10:25 1,080 --a------ c:\windows\system32\settingsbkup.sfm
2009-03-31 22:05 . 2009-04-05 10:25 1,080 --a------ c:\windows\system32\settings.sfm
2009-03-31 22:05 . 2009-04-05 10:25 292 --a------ c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000E-00001102-00000004-10031102}.dat
2009-03-31 22:05 . 2009-04-05 10:25 292 --a------ c:\windows\system32\DVCState-{00000000-00000000-0000000E-00001102-00000004-10031102}.dat
2009-03-31 12:58 . 2009-03-31 12:58 <DIR> d-------- c:\documents and settings\Mike\Application Data\Uniblue
2009-03-31 10:49 . 2009-04-01 09:55 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-29 12:38 . 2009-03-29 12:38 <DIR> d-------- c:\program files\Trend Micro
2009-03-27 21:10 . 2009-03-30 17:41 <DIR> d-------- c:\program files\Security Task Manager
2009-03-23 15:00 . 2009-03-23 15:00 <DIR> d-------- c:\documents and settings\Mike\Application Data\Media Player Classic
2009-03-23 14:57 . 2009-03-23 14:57 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-23 14:57 . 2008-07-30 13:09 38 --a------ c:\windows\avisplitter.ini
2009-03-23 11:24 . 2009-03-25 15:03 <DIR> d-------- c:\program files\FlashGet
2009-03-23 11:13 . 2009-03-23 11:14 <DIR> d-------- c:\program files\Common Files\DivX Shared
2009-03-07 22:24 . 2009-03-07 22:24 7,168 --ahs---- c:\windows\system32\Thumbs.db
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 22:21 --------- d-----w c:\program files\Microsoft Picture It! PhotoPub
2009-04-03 13:10 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-02 01:50 --------- d-----w c:\program files\iTunes
2009-04-02 01:50 --------- d-----w c:\documents and settings\Mike\Application Data\Talkback
2009-04-01 20:37 --------- d--h--w c:\documents and settings\Mike\Application Data\Move Networks
2009-04-01 00:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-01 00:40 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-26 22:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 22:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-26 20:01 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-03-26 12:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 17:14 --------- d-----w c:\program files\DivX
2009-03-22 14:55 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-05 00:37 --------- d-----w c:\documents and settings\Mike\Application Data\U3
2009-03-05 00:36 --------- d-----w c:\program files\Risk II
2009-02-23 22:52 --------- d-----w c:\documents and settings\Mike\Application Data\GetRightToGo
2009-01-24 19:37 34 ----a-w c:\documents and settings\Mike\jagex_runescape_preferences.dat
2004-08-30 13:21 0 -c-ha-w c:\documents and settings\Mike\hpothb07.dat
2006-10-15 13:41 80 --sh--r c:\windows\system32\7401C44507.dll
2007-06-10 03:39 56 --sh--r c:\windows\system32\7401C44507.sys
2007-06-27 17:39 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-08-08 311350]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]
c:\documents and settings\Mike\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2005-09-27 208896]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-08-08 24633]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 06:13 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"MSACM.MI-SC4"= MI-SC4.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ipsdifx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Instant Update Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Instant Update Reminder.lnk
backup=c:\windows\pss\Instant Update Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^UltimateZip Quick Start.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\UltimateZip Quick Start.lnk
backup=c:\windows\pss\UltimateZip Quick Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-08-30 19:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-09-29 23:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-10-29 07:18 49152 c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-08-20 12:57 221184 c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-07-25 08:14 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
-ra------ 2003-08-20 15:15 483328 c:\windows\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-04-14 15:04 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-09-13 21:36 50688 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
--a------ 2002-06-19 08:50 180224 c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 08:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
--a------ 2004-07-29 02:41 1122304 c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2004-07-01 02:12 4112384 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
-ra------ 2004-07-01 02:12 81920 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-04-14 14:46 57393 c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare2.2]
--a------ 2007-05-04 07:21 198184 c:\program files\Qwest\QuickCare\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-06-20 16:53 1056768 c:\program files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 17:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
--a------ 2002-12-03 16:06 45056 c:\program files\Creative\SB Drive Det\SBDrvDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-07-07 10:42 2156368 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-11-08 21:50 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-10 23:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
--a------ 2002-09-25 13:13 77891 c:\windows\system32\usrmlnka.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2000-08-08 14:00 24576 c:\program files\Microsoft Works\wkfud.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
--a------ 2003-04-11 15:33 118784 c:\windows\system32\CTASIO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-04-10 10:36 28672 c:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
-ra------ 2003-06-20 13:06 118784 c:\windows\system32\ptipbmf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"sprtlisten"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-07-29 138780]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-20 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-20 107272]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2004-08-19 6656]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-07-29 46779]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-20 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-20 298264]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2004-08-19 28672]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2005-09-27 465988]
S0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\system32\Drivers\OCDE.sys --> c:\windows\system32\Drivers\OCDE.sys [?]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2007-04-07 515803]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2007-04-07 10986]
S4 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e9b2f0c-342d-11da-804d-000ea6c30cd5}]
\Shell\AutoRun\command - f:\jdsecure\Windows\JDSecure31.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Csikib - c:\windows\oritexaq.dll
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/mStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer =
IE: Open with &ZipScan - c:\progra~1\ZIPSCA~1\zs_ie.htm
Trusted Zone: aol.com\free
Trusted Zone: wikia.com\starwars
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-05 10:27:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(760)
c:\windows\ipsdifx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\gearsec.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-05 10:31:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-05 16:31:01
ComboFix2.txt 2009-04-04 15:00:01
Pre-Run: 101,266,911,232 bytes free
Post-Run: 101,574,217,728 bytes free
448 --- E O F --- 2009-04-03 16:53:51