Tech Support Forum - View Single Post

zipzappy · 08-08-2007, 12:06 PM

k thanks again heres the combo fix and kasper sky log

ComboFix 07-08-07.6 - "Administrator" 2007-08-08 7:23:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.974 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\gwvmwer.dll
C:\WINDOWS\uninstall_nmon.vbs

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
C:\WINDOWS\R2lvcmdpbw

((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

2007-08-07 14:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-07 13:26 61,984 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2007-08-06 19:41 50,048 --a------ C:\WINDOWS\system32\drivers\xusb20.sys
2007-08-06 19:41 1,421,216 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2007-08-06 19:41 <DIR> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2007-08-06 19:37 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-08-06 12:20 <DIR> d-------- C:\My Downloads
2007-08-04 21:43 <DIR> d-------- C:\Program Files\Maxis
2007-08-04 20:24 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-08-04 20:24 <DIR> d-------- C:\Program Files\DkZ Studio
2007-08-04 14:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-08-04 14:36 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-04 14:36 <DIR> d-------- C:\WINDOWS\nview
2007-08-04 14:35 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-03 23:18 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-08-03 23:15 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-08-03 23:15 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-08-03 23:14 9,715,200 --a------ C:\WINDOWS\RTLCPL.exe
2007-08-03 23:14 86,016 --a------ C:\WINDOWS\SoundMan.exe
2007-08-03 23:14 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-08-03 23:14 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2007-08-03 23:14 4,432,384 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-08-03 23:14 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-08-03 23:14 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe
2007-08-03 23:14 2,162,688 --a------ C:\WINDOWS\MicCal.exe
2007-08-03 23:14 16,377,344 --a------ C:\WINDOWS\RTHDCPL.exe
2007-08-03 23:14 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2007-08-03 23:14 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2007-08-03 23:14 <DIR> d-------- C:\Program Files\Realtek
2007-08-03 22:03 <DIR> d-------- C:\Program Files\MagicISO
2007-08-02 23:15 12 --a------ C:\DOCUME~1\ADMINI~1\USERDATA.DAT
2007-08-02 23:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-07-31 13:35 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-29 22:51 <DIR> d-------- C:\Program Files\Native Instruments
2007-07-29 15:16 <DIR> d-------- C:\Program Files\Xilisoft
2007-07-27 14:05 <DIR> d-------- C:\Program Files\KONAMI
2007-07-27 01:56 <DIR> d-------- C:\Program Files\AIM6
2007-07-27 01:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-07-25 20:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-25 20:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-23 19:55 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 21:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRightToGo
2007-07-22 21:17 <DIR> d-------- C:\Program Files\Mp3 Renamer
2007-07-22 20:38 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-22 20:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Bitdefender
2007-07-22 20:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-07-22 19:38 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-07-22 19:34 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-07-22 19:34 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-07-22 19:34 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-07-22 19:34 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-07-22 19:34 <DIR> d-------- C:\VTPFiles
2007-07-16 12:27 <DIR> d-------- C:\Program Files\CDCheck
2007-07-16 11:34 <DIR> d-------- C:\Program Files\GTA 3 San Andreas
2007-07-16 00:15 <DIR> d-------- C:\Program Files\One-click Tag Editor
2007-07-16 00:04 <DIR> d-------- C:\Program Files\TagRename
2007-07-15 01:23 <DIR> d-------- C:\Program Files\LucasArts
2007-07-12 12:27 <DIR> d-------- C:\Program Files\iTunes
2007-07-12 12:27 <DIR> d-------- C:\Program Files\iPod
2007-07-12 12:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-12 12:26 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-12 12:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-12 12:23 <DIR> d-------- C:\Program Files\QuickTime
2007-07-11 21:08 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 18:19 --------- d-------- C:\Program Files\Lexmark 4300 Series
2007-08-07 17:47 --------- d-------- C:\Program Files\FlashGet
2007-08-07 17:39 --------- d-------- C:\Program Files\AIM
2007-08-07 13:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2007-08-06 19:58 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2007-08-06 19:58 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
2007-08-03 23:14 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-02 19:50 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
2007-07-27 01:56 335 --a------ C:\WINDOWS\nsreg.dat
2007-07-26 21:58 --------- d-------- C:\Program Files\AMR
2007-07-22 23:35 913408 --a------ C:\WINDOWS\system32\xreglib.dll
2007-07-17 21:29 --------- d-------- C:\Program Files\Absolute Poker
2007-07-02 20:31 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-07-02 12:28 4 -r-hs---- C:\MSDOS.BIN
2007-07-01 11:59 --------- d-------- C:\Program Files\Sony
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-28 13:57 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony
2007-06-28 13:57 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Publish Providers
2007-06-28 13:57 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\NetMedia Providers
2007-06-27 22:58 --------- d-------- C:\Program Files\Vstplugins
2007-06-27 22:57 --------- d-------- C:\Program Files\Sony Setup
2007-06-27 22:19 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SopCast
2007-06-27 12:47 --------- d-------- C:\Program Files\Stardock
2007-06-17 17:49 --------- d-------- C:\Program Files\SopCast
2007-06-15 05:15 --------- d-------- C:\Program Files\VDJ5
2007-06-15 04:18 --------- d-------- C:\Program Files\TGTSoft
2007-06-14 23:58 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
2007-06-14 23:56 --------- d-------- C:\Program Files\VideoLAN
2007-06-14 23:27 --------- d-------- C:\Program Files\MediaMonkey
2007-06-14 19:35 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
2007-06-14 14:33 --------- d-------- C:\Program Files\Apple Software Update
2007-06-14 12:18 --------- d-------- C:\Program Files\Image-Line
2007-06-14 12:17 --------- d-------- C:\Program Files\Steinberg
2007-06-14 12:17 --------- d-------- C:\Program Files\ASIO4ALL v2
2007-06-14 06:19 --------- d-------- C:\Program Files\DivX
2007-06-14 06:12 --------- d-------- C:\Program Files\Winamp
2007-06-14 06:10 --------- d-------- C:\Program Files\Common Files\NSV
2007-06-14 01:32 --------- d-------- C:\Program Files\TagRunner
2007-06-11 02:25 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-06-11 02:24 --------- d-------- C:\Program Files\Google
2007-06-11 02:17 19088 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-11 01:10 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Steinberg
2007-06-11 01:03 --------- d-------- C:\Program Files\Syncrosoft
2007-06-10 20:02 --------- d-------- C:\Program Files\LimeWire
2007-06-10 19:51 --------- d-------- C:\Program Files\Audacity
2007-06-10 18:42 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-06-10 16:40 --------- d-------- C:\Program Files\Movie Maker
2007-06-10 16:40 --------- d-------- C:\Program Files\Messenger
2007-06-10 16:38 --------- d-------- C:\Program Files\Windows NT
2007-06-10 16:01 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
2007-06-10 15:57 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-06-10 15:32 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-06-10 15:12 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-10 15:06 --------- d-------- C:\Program Files\Common Files\Ahead
2007-06-10 15:06 --------- d-------- C:\Program Files\Ahead
2007-06-10 14:34 --------- d-------- C:\Program Files\AOD
2007-06-10 14:34 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Aim
2007-06-10 13:22 --------- d-------- C:\Program Files\Creative
2007-06-10 12:58 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-10 12:28 --------- d-------- C:\Program Files\ORiNOCO
2007-06-10 12:15 0 -rahs---- C:\MSDOS.SYS

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-05-03 22:38 C:\WINDOWS\system32\P17.dll]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-07-22 23:34]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-07-22 23:34]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 14:49 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-02-12 17:21]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 06:06]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 20:45]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 15:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 03:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 18:35]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-24 14:30:37]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-02-07 17:31 226992 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R1 StyleXPHelper;StyleXPHelper;\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 P17;Creative SB Audigy LS;C:\WINDOWS\system32\drivers\P17.sys
R3 PRISM_USB;ORiNOCO 802.11b USB Driver;C:\WINDOWS\system32\DRIVERS\EXPSUSB.sys
R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21;C:\WINDOWS\system32\DRIVERS\xusb21.sys
S3 AWINDIS5;AWINDIS5 Protocol Driver;\??\C:\WINDOWS\System32\AWINDIS5.SYS
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys

Contents of the 'Scheduled Tasks' folder
2007-07-26 15:33:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 07:28:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd4w\2]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\27:\xf5wjY\1]
"DisplayName"="\x3da2\x7667\x480\27\x1340\21\t"
"DeviceDesc"="\x3da2\x7667\x480\27\x1340\21\t"
"ProviderName"="\xad8\x388\x24dc\21\x69e0\27\x2808\21\x9005\x77f7"
"MFG"="\xffff\xffff\x3dbf\x7667\x654f\x7667\x112c"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=str(7):"c:\intel desktop board\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-08 7:29:21
C:\ComboFix-quarantined-files.txt ... 2007-08-08 07:28
C:\ComboFix2.txt ... 2007-08-07 19:41

--- E O F ---

and heres my kasper sky log...

Wednesday, August 08, 2007 10:40:11 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 8/08/2007
Kaspersky Anti-Virus database records: 377073
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 115298
Number of viruses found 16
Number of infected objects 24
Number of suspicious objects 0
Duration of the scan process 02:49:26

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Application Data\Aim\mtbfdwzz\giorgi1011\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Aim\mtbfdwzz\giorgi1011\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\Giorgio Media\Proggies and Stuff\Vista Transformation\Auto Vista Transformation\Vista Transformation Pack 7.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\Documents and Settings\Administrator\Desktop\Giorgio Media\Proggies and Stuff\Vista Transformation\Auto Vista Transformation\Vista Transformation Pack 7.0.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\Administrator\Desktop\Giorgio Media\Proggies and Stuff\Vista Transformation\Auto Vista Transformation\vtp7.zip/Vista Transformation Pack 7.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\Documents and Settings\Administrator\Desktop\Giorgio Media\Proggies and Stuff\Vista Transformation\Auto Vista Transformation\vtp7.zip/Vista Transformation Pack 7.0.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\Documents and Settings\Administrator\Desktop\Giorgio Media\Proggies and Stuff\Vista Transformation\Auto Vista Transformation\vtp7.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007080820070809\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\netmon.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\spoolsv.exe Infected: Trojan-Downloader.Win32.PurityScan.dx skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\winpop.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Softwin\BitDefender10\aspdict.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011034.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011036.exe/file02 Infected: not-a-virus:AdWare.Win32.Lop.bo skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011036.exe/file13 Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011036.exe Inno: infected - 2 skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011075.exe Infected: Trojan-Downloader.Win32.Agent.boa skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011076.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011077.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011188.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011189.exe Infected: not-a-virus:AdWare.Win32.Mostofate.al skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011190.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011191.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011191.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011191.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011192.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP88\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00002993\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

08-08-2007, 12:06 PM	#6 (permalink)
zipzappy Registered User Join Date: May 2007 Posts: 217 OS: XP	Re: Trojans & Adware k thanks again heres the combo fix and kasper sky log ComboFix 07-08-07.6 - "Administrator" 2007-08-08 7:23:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.974 [GMT -4:00] Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\gwvmwer.dll C:\WINDOWS\uninstall_nmon.vbs ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt C:\WINDOWS\R2lvcmdpbw ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 ))))))))))))))))))))))))))))))) 2007-08-07 14:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-07 13:26 61,984 --a------ C:\WINDOWS\system32\drivers\xusb21.sys 2007-08-06 19:41 50,048 --a------ C:\WINDOWS\system32\drivers\xusb20.sys 2007-08-06 19:41 1,421,216 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll 2007-08-06 19:41 <DIR> d-------- C:\Program Files\Microsoft Xbox 360 Accessories 2007-08-06 19:37 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-08-06 12:20 <DIR> d-------- C:\My Downloads 2007-08-04 21:43 <DIR> d-------- C:\Program Files\Maxis 2007-08-04 20:24 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-08-04 20:24 <DIR> d-------- C:\Program Files\DkZ Studio 2007-08-04 14:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles 2007-08-04 14:36 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-08-04 14:36 <DIR> d-------- C:\WINDOWS\nview 2007-08-04 14:35 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-08-03 23:18 <DIR> d-------- C:\WINDOWS\system32\Lang 2007-08-03 23:15 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe 2007-08-03 23:15 <DIR> d-------- C:\WINDOWS\system32\RTCOM 2007-08-03 23:14 9,715,200 --a------ C:\WINDOWS\RTLCPL.exe 2007-08-03 23:14 86,016 --a------ C:\WINDOWS\SoundMan.exe 2007-08-03 23:14 69,632 --a------ C:\WINDOWS\Alcmtr.exe 2007-08-03 23:14 520,192 --a------ C:\WINDOWS\RtlExUpd.dll 2007-08-03 23:14 4,432,384 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys 2007-08-03 23:14 315,392 --a------ C:\WINDOWS\HideWin.exe 2007-08-03 23:14 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe 2007-08-03 23:14 2,162,688 --a------ C:\WINDOWS\MicCal.exe 2007-08-03 23:14 16,377,344 --a------ C:\WINDOWS\RTHDCPL.exe 2007-08-03 23:14 1,826,816 --a------ C:\WINDOWS\SkyTel.exe 2007-08-03 23:14 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe 2007-08-03 23:14 <DIR> d-------- C:\Program Files\Realtek 2007-08-03 22:03 <DIR> d-------- C:\Program Files\MagicISO 2007-08-02 23:15 12 --a------ C:\DOCUME~1\ADMINI~1\USERDATA.DAT 2007-08-02 23:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems 2007-07-31 13:35 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-07-29 22:51 <DIR> d-------- C:\Program Files\Native Instruments 2007-07-29 15:16 <DIR> d-------- C:\Program Files\Xilisoft 2007-07-27 14:05 <DIR> d-------- C:\Program Files\KONAMI 2007-07-27 01:56 <DIR> d-------- C:\Program Files\AIM6 2007-07-27 01:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads 2007-07-25 20:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-07-25 20:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-07-23 19:55 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-22 21:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRightToGo 2007-07-22 21:17 <DIR> d-------- C:\Program Files\Mp3 Renamer 2007-07-22 20:38 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2007-07-22 20:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Bitdefender 2007-07-22 20:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender 2007-07-22 19:38 <DIR> d-------- C:\WINDOWS\system32\VIRepair 2007-07-22 19:34 8,636 --a------ C:\WINDOWS\system32\modifype.exe 2007-07-22 19:34 19,968 --a------ C:\WINDOWS\system32\reico.exe 2007-07-22 19:34 111,104 --a------ C:\WINDOWS\system32\Uharc.exe 2007-07-22 19:34 <DIR> d-------- C:\WINDOWS\system32\VITrans 2007-07-22 19:34 <DIR> d-------- C:\VTPFiles 2007-07-16 12:27 <DIR> d-------- C:\Program Files\CDCheck 2007-07-16 11:34 <DIR> d-------- C:\Program Files\GTA 3 San Andreas 2007-07-16 00:15 <DIR> d-------- C:\Program Files\One-click Tag Editor 2007-07-16 00:04 <DIR> d-------- C:\Program Files\TagRename 2007-07-15 01:23 <DIR> d-------- C:\Program Files\LucasArts 2007-07-12 12:27 <DIR> d-------- C:\Program Files\iTunes 2007-07-12 12:27 <DIR> d-------- C:\Program Files\iPod 2007-07-12 12:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-07-12 12:26 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-07-12 12:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-07-12 12:23 <DIR> d-------- C:\Program Files\QuickTime 2007-07-11 21:08 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-07 18:19 --------- d-------- C:\Program Files\Lexmark 4300 Series 2007-08-07 17:47 --------- d-------- C:\Program Files\FlashGet 2007-08-07 17:39 --------- d-------- C:\Program Files\AIM 2007-08-07 13:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf 2007-08-06 19:58 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf 2007-08-06 19:58 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb20_01001.Wdf 2007-08-03 23:14 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-02 19:50 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire 2007-07-27 01:56 335 --a------ C:\WINDOWS\nsreg.dat 2007-07-26 21:58 --------- d-------- C:\Program Files\AMR 2007-07-22 23:35 913408 --a------ C:\WINDOWS\system32\xreglib.dll 2007-07-17 21:29 --------- d-------- C:\Program Files\Absolute Poker 2007-07-02 20:31 8 --a------ C:\WINDOWS\system32\nvModes.dat 2007-07-02 12:28 4 -r-hs---- C:\MSDOS.BIN 2007-07-01 11:59 --------- d-------- C:\Program Files\Sony 2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll 2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys 2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-06-29 00:43 5690624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll 2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll 2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll 2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll 2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll 2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll 2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll 2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll 2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll 2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe 2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll 2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll 2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin 2007-06-28 13:57 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony 2007-06-28 13:57 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Publish Providers 2007-06-28 13:57 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\NetMedia Providers 2007-06-27 22:58 --------- d-------- C:\Program Files\Vstplugins 2007-06-27 22:57 --------- d-------- C:\Program Files\Sony Setup 2007-06-27 22:19 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SopCast 2007-06-27 12:47 --------- d-------- C:\Program Files\Stardock 2007-06-17 17:49 --------- d-------- C:\Program Files\SopCast 2007-06-15 05:15 --------- d-------- C:\Program Files\VDJ5 2007-06-15 04:18 --------- d-------- C:\Program Files\TGTSoft 2007-06-14 23:58 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc 2007-06-14 23:56 --------- d-------- C:\Program Files\VideoLAN 2007-06-14 23:27 --------- d-------- C:\Program Files\MediaMonkey 2007-06-14 19:35 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX 2007-06-14 14:33 --------- d-------- C:\Program Files\Apple Software Update 2007-06-14 12:18 --------- d-------- C:\Program Files\Image-Line 2007-06-14 12:17 --------- d-------- C:\Program Files\Steinberg 2007-06-14 12:17 --------- d-------- C:\Program Files\ASIO4ALL v2 2007-06-14 06:19 --------- d-------- C:\Program Files\DivX 2007-06-14 06:12 --------- d-------- C:\Program Files\Winamp 2007-06-14 06:10 --------- d-------- C:\Program Files\Common Files\NSV 2007-06-14 01:32 --------- d-------- C:\Program Files\TagRunner 2007-06-11 02:25 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google 2007-06-11 02:24 --------- d-------- C:\Program Files\Google 2007-06-11 02:17 19088 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-06-11 01:10 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Steinberg 2007-06-11 01:03 --------- d-------- C:\Program Files\Syncrosoft 2007-06-10 20:02 --------- d-------- C:\Program Files\LimeWire 2007-06-10 19:51 --------- d-------- C:\Program Files\Audacity 2007-06-10 18:42 --------- d-------- C:\Program Files\Windows Media Connect 2 2007-06-10 16:40 --------- d-------- C:\Program Files\Movie Maker 2007-06-10 16:40 --------- d-------- C:\Program Files\Messenger 2007-06-10 16:38 --------- d-------- C:\Program Files\Windows NT 2007-06-10 16:01 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR 2007-06-10 15:57 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer 2007-06-10 15:32 --------- d-------- C:\Program Files\Microsoft ActiveSync 2007-06-10 15:12 --------- d--h----- C:\Program Files\WindowsUpdate 2007-06-10 15:06 --------- d-------- C:\Program Files\Common Files\Ahead 2007-06-10 15:06 --------- d-------- C:\Program Files\Ahead 2007-06-10 14:34 --------- d-------- C:\Program Files\AOD 2007-06-10 14:34 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Aim 2007-06-10 13:22 --------- d-------- C:\Program Files\Creative 2007-06-10 12:58 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-06-10 12:28 --------- d-------- C:\Program Files\ORiNOCO 2007-06-10 12:15 0 -rahs---- C:\MSDOS.SYS ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "P17Helper"="P17.dll" [2005-05-03 22:38 C:\WINDOWS\system32\P17.dll] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-07-22 23:34] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-07-22 23:34] "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 14:49 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-02-12 17:21] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 06:06] "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 20:45] "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 15:17] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 03:00] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 18:35] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-24 14:30:37] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-02-07 17:31 226992 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=sockspy.dll R1 StyleXPHelper;StyleXPHelper;\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys R3 P17;Creative SB Audigy LS;C:\WINDOWS\system32\drivers\P17.sys R3 PRISM_USB;ORiNOCO 802.11b USB Driver;C:\WINDOWS\system32\DRIVERS\EXPSUSB.sys R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21;C:\WINDOWS\system32\DRIVERS\xusb21.sys S3 AWINDIS5;AWINDIS5 Protocol Driver;\??\C:\WINDOWS\System32\AWINDIS5.SYS S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys Contents of the 'Scheduled Tasks' folder 2007-07-26 15:33:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-08 07:28:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac\|\xff\xff\xff\xff"\x2022\x20ac\|\xfe\xbb\xd4w\2] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\27:\xf5wjY\1] "DisplayName"="\x3da2\x7667\x480\27\x1340\21\t" "DeviceDesc"="\x3da2\x7667\x480\27\x1340\21\t" "ProviderName"="\xad8\x388\x24dc\21\x69e0\27\x2808\21\x9005\x77f7" "MFG"="\xffff\xffff\x3dbf\x7667\x654f\x7667\x112c" "ReinstallString"=".10.1000.7" "DeviceInstanceIds"=str(7):"c:\intel desktop board\smbus\smbusati.inf" scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-08 7:29:21 C:\ComboFix-quarantined-files.txt ... 2007-08-08 07:28 C:\ComboFix2.txt ... 2007-08-07 19:41 --- E O F --- and heres my kasper sky log... Wednesday, August 08, 2007 10:40:11 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 8/08/2007 Kaspersky Anti-Virus database records: 377073 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 115298 Number of viruses found 16 Number of infected objects 24 Number of suspicious objects 0 Duration of the scan process 02:49:26 Infected Object Name Virus Name Last Action C:\Documents and Settings\Administrator\Application Data\Aim\mtbfdwzz\giorgi1011\cert8.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Aim\mtbfdwzz\giorgi1011\key3.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\cert8.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\history.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\key3.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\parent.lock Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\search.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Desktop\Giorgio Media\Proggies and Stuff\Vista Transformation\Auto Vista Transformation\Vista Transformation Pack 7.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\Documents and Settings\Administrator\Desktop\Giorgio Media\Proggies and Stuff\Vista Transformation\Auto Vista Transformation\Vista Transformation Pack 7.0.exe WiseSFX: infected - 1 skipped C:\Documents and Settings\Administrator\Desktop\Giorgio Media\Proggies and Stuff\Vista Transformation\Auto Vista Transformation\vtp7.zip/Vista Transformation Pack 7.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\Documents and Settings\Administrator\Desktop\Giorgio Media\Proggies and Stuff\Vista Transformation\Auto Vista Transformation\vtp7.zip/Vista Transformation Pack 7.0.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped C:\Documents and Settings\Administrator\Desktop\Giorgio Media\Proggies and Stuff\Vista Transformation\Auto Vista Transformation\vtp7.zip ZIP: infected - 2 skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\mghtooke.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007080820070809\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\netmon.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\spoolsv.exe Infected: Trojan-Downloader.Win32.PurityScan.dx skipped C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\winpop.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Softwin\BitDefender10\aspdict.dat Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011034.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011036.exe/file02 Infected: not-a-virus:AdWare.Win32.Lop.bo skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011036.exe/file13 Infected: Trojan.Win32.Obfuscated.en skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011036.exe Inno: infected - 2 skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011075.exe Infected: Trojan-Downloader.Win32.Agent.boa skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011076.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP81\A0011077.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011188.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011189.exe Infected: not-a-virus:AdWare.Win32.Mostofate.al skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011190.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011191.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011191.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011191.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP86\A0011192.exe Infected: Trojan.Win32.Small.oa skipped C:\System Volume Information\_restore{6EA55B3F-6C11-4EA1-8720-1F5883615C5D}\RP88\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\bdss.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\tmp00002993\tmp00000000 Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.