Sorry for the delay. The online scan took nearly 5 hours. Here are the items:
1. Hijackthis log:
.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:47 AM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\RevoTask.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RevoTaskbarApp] C:\WINDOWS\system32\RevoTask.exe
O4 - HKLM\..\Run: [mp3infp] "C:\Program Files\mp3infp\mp3infp_regist.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 5262 bytes
2. Online scan
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 11, 2007 6:55:43 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 11/08/2007
Kaspersky Anti-Virus database records: 378528
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 617344
Number of viruses found: 42
Number of infected objects: 145
Number of suspicious objects: 2
Duration of the scan process: 04:48:46
Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Andrew\LOCALS~1\Temp\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Andrew\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file05/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Andrew\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file05 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Andrew\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file26 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Andrew\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file39 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Andrew\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe Inno: infected - 4 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Andrew\LOCALS~1\Temp\yazzlesnet.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Andrew\LOCALS~1\Temp\yazzlesnet.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.1/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ghgtf0tl.default\cert8.db Object is locked skipped
C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ghgtf0tl.default\history.dat Object is locked skipped
C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ghgtf0tl.default\key3.db Object is locked skipped
C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ghgtf0tl.default\parent.lock Object is locked skipped
C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ghgtf0tl.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ghgtf0tl.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Andrew\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andrew\Desktop\[4]-Submit_2007-08-10_222458.14.zip/is67718.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ks skipped
C:\Documents and Settings\Andrew\Desktop\[4]-Submit_2007-08-10_222458.14.zip/TTC-5555.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\Andrew\Desktop\[4]-Submit_2007-08-10_222458.14.zip/TTC-5555.exe Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\Andrew\Desktop\[4]-Submit_2007-08-10_222458.14.zip/tk68.exe Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\Andrew\Desktop\[4]-Submit_2007-08-10_222458.14.zip/install.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\Documents and Settings\Andrew\Desktop\[4]-Submit_2007-08-10_222458.14.zip/waverevenue.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\Andrew\Desktop\[4]-Submit_2007-08-10_222458.14.zip ZIP: infected - 6 skipped
C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\ghgtf0tl.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\ghgtf0tl.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\ghgtf0tl.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\ghgtf0tl.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrew\My Documents\pspv.zip/pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\Documents and Settings\Andrew\My Documents\pspv.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Andrew\ntuser.dat Object is locked skipped
C:\Documents and Settings\Andrew\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JW8JA3Q1\retadpu[1].exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\01K3M56P\packed_installer_cnb[1].exe Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\01K3M56P\retadpu[1].exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\01K3M56P\zgame2[1] Infected: Trojan-Downloader.Win32.Small.erg skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EI7B9VZU\m[2].exe Infected: Rootkit.Win32.Agent.ea skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EI7B9VZU\user9[1].exe Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-08-10.22-34-15.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\QooBox\Quarantine\C\Program Files\BraveSentry\BraveSentry.exe.vir Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\QooBox\Quarantine\C\Program Files\BraveSentry\BraveSentry0.dll.vir Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\QooBox\Quarantine\C\Program Files\BraveSentry\BraveSentry2.dll.vir Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\QooBox\Quarantine\C\Program Files\BraveSentry\BraveSentry3.dll.vir Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\laxu.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\Program Files\Windows Media Player\homeqyvi455101.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\QooBox\Quarantine\C\Program Files\Windows Media Player\homeqyvi5555.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\WINDOWS\afbtsuk.exe.vir Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\QooBox\Quarantine\C\WINDOWS\afbtsukA.exe.vir Infected: Trojan-Downloader.Win32.VB.ang skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\QooBox\Quarantine\C\WINDOWS\desktop.html.vir Infected: not-virus:Hoax.Win32.Renos.cy skipped
C:\QooBox\Quarantine\C\WINDOWS\dls0523pmw.exe.vir Infected: Trojan-Downloader.Win32.Zlob.bqw skipped
C:\QooBox\Quarantine\C\WINDOWS\hrgvx0578.exe.vir Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\QooBox\Quarantine\C\WINDOWS\retadpu27.exe.vir Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\QooBox\Quarantine\C\WINDOWS\retadpu361.exe.vir Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyvtu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\driver\by88.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcyvtt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\f06WtR\f06WtR1083.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fiouqsdq.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kernelwind32.exe.vir Infected: Email-Worm.Win32.Zhelatin.gr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\max1d1164v.exe.vir Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.i skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\msbind32.exe.vir Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mxcruehm.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\poof.vir Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\TISKY008.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\user10.exe.vir Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxg4am1et2.exe.vir Infected: Email-Worm.Win32.Zhelatin.gr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxg6ame4.exe.vir Infected: Email-Worm.Win32.Zhelatin.gr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga1me4t1.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga3me2.exe.vir Infected: Trojan-Downloader.Win32.Small.erg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga5me3.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga8me6.exe.vir Infected: Email-Worm.Win32.Zhelatin.gr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vturpqp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\win\w71.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\winuqw32.dll.vir Infected: Trojan.Win32.Agent.qt skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wmvds32.dll.vir Infected: Trojan-Downloader.Win32.VB.asx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\Y2\x55.exe.vir Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\QooBox\Quarantine\C\WINDOWS\TISKY009.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\catchme2007-08-10_121848.23.zip/opnmjkj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\catchme2007-08-10_121848.23.zip/ldcore.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\QooBox\Quarantine\catchme2007-08-10_121848.23.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP777\A0098269.exe Infected: not-a-virus:Monitor.Win32.Ardamax.j skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP777\A0098279.exe Infected: not-a-virus:Monitor.Win32.Ardamax.j skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP777\A0098280.exe Infected: not-a-virus:Monitor.Win32.Ardamax.22 skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP779\A0103327.exe Infected: not-a-virus:Monitor.Win32.Perflogger.bs skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP779\A0103328.dll Infected: not-a-virus:Monitor.Win32.Perflogger.ca skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP779\A0103330.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ca skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP779\A0103332.exe Infected: Trojan-Spy.Win32.Perfloger.ab skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP789\A0104758.dll Infected: not-a-virus:Monitor.Win32.Perflogger.ca skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP789\A0104760.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP789\A0104761.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP789\A0104762.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP789\A0104765.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP789\A0104766.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP789\A0104768.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP791\A0104795.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP793\A0104861.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP794\A0104870.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP795\A0104918.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105957.exe Infected: Email-Worm.Win32.Zhelatin.gr skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105958.exe Infected: Email-Worm.Win32.Zhelatin.gr skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105959.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105960.exe Infected: Trojan-Downloader.Win32.Small.erg skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105962.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105963.exe Infected: Email-Worm.Win32.Zhelatin.gr skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105964.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105965.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105975.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.i skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105976.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105977.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105978.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105980.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105981.dll Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105982.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105984.exe Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105985.exe Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105986.exe Infected: Trojan-Downloader.Win32.VB.ang skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105987.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105988.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105991.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105993.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105994.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105995.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0105999.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106003.exe Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106005.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106006.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106007.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106009.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106012.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106013.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106014.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106017.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106019.dll Infected: Trojan-Downloader.Win32.VB.asx skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106022.exe Infected: Trojan-Downloader.Win32.Zlob.bqw skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106025.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106026.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106027.exe Infected: Email-Worm.Win32.Zhelatin.gr skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0106033.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0108001.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP796\A0108001.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP797\change.log Object is locked skipped
C:\temp\mIRC v6.16 + Keygen\mIRC v6.16.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\temp\mIRC v6.16 + Keygen\mIRC v6.16.exe mIRC: infected - 1 skipped
C:\temp\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\temp\mirc616.exe mIRC: infected - 1 skipped
C:\temp\pspv\pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\temp\rockxp.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\temp\rockxp.exe/data.rar/keyms.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\temp\rockxp.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\temp\rockxp.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\temp\rockxp.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\temp\rockxp.exe RarSFX: infected - 5 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP797\change.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{5A21D8ED-659C-43A3-8F99-694D3CC246D0}\RP797\change.log Object is locked skipped
Scan process completed.
3. ComboFix log
ComboFix 07-08-10.8 - "Andrew" 2007-08-10 22:24:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.713 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Andrew\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\skna455101.exe
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\remove_spyware_button.gif
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\Program Files\MSN Gaming Zone\prohdy.html
C:\WINDOWS\pss\TA_Start.lnkStartup
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Windows NT\hotyge3.exe
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\system32\apuuhtya.exe
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\remove_spyware_button.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\is67718.exe
C:\WINDOWS\system32\l3acdb.dll
C:\WINDOWS\system32\ohrchbhm.exe
C:\WINDOWS\system32\waverevenue.exe
C:\WINDOWS\tk68.exe
C:\WINDOWS\TTC-5555.exe
((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))
2007-08-10 11:49 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 12:15 <DIR> d-------- C:\Deckard
2007-08-09 12:11 21,312 --a------ C:\WINDOWS\choice.exe
2007-08-09 12:10 <DIR> d-------- C:\ie-spyad
2007-08-09 11:06 <DIR> d-------- C:\hijackthis
2007-08-03 12:57 <DIR> d-------- C:\Program Files\CDCheck
2007-07-20 14:27 <DIR> d-------- C:\Program Files\CKM
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-10 22:32 --------- d-------- C:\Program Files\Windows NT
2007-08-10 12:29 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-10 11:55 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-09 12:03 --------- d-------- C:\Program Files\xnews
2007-08-09 11:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-13 14:49 --------- d-------- C:\Program Files\mIRC
2007-06-22 12:03 --------- d-------- C:\Program Files\WhereIsMySpace
2007-05-28 11:17 4 --a------ C:\WINDOWS\uccspecb.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 15:41 C:\WINDOWS\system32\ptipbm.dll]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 09:42]
"RevoTaskbarApp"="C:\WINDOWS\system32\RevoTask.exe" [2005-04-20 14:44]
"mp3infp"="C:\Program Files\mp3infp\mp3infp_regist.exe" [2005-04-25 11:14]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-19 13:21:20]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-19 13:21:20]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo PopUpBlocker]
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]
\Updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\vxmfbmgw.dll",forkonce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
R0 IFPUSB;iriver Internet Audio Player IFP-100;C:\WINDOWS\system32\DRIVERS\ifpusb.sys
R0 UlSata;UlSata;C:\WINDOWS\system32\drivers\UlSata.sys
R0 Vax347b;Vax347b;C:\WINDOWS\system32\DRIVERS\Vax347b.sys
R0 Vax347s;Vax347s;C:\WINDOWS\system32\Drivers\Vax347s.sys
R1 mbmiodrvr;mbmiodrvr;\??\C:\WINDOWS\system32\mbmiodrvr.sys
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver;C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
R3 REVO;Service for Revo Driver (WDM);C:\WINDOWS\system32\drivers\revo.sys
R3 REVOSENS;REVOSENS;C:\WINDOWS\system32\drivers\revosens.sys
S3 UPATC;USBAT Controller Driver;C:\WINDOWS\system32\DRIVERS\upatc.sys
S4 ATMsrvc;ATM Service;C:\WINDOWS\System32\ATMsrvc.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-10 22:34:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76CE77C0-85EF-38F6-FBB5-D5607D186745}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76E21E4E-DA78-2E23-6FEE-08D89E1943D5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C53C2D4A-0301-FEF4-1A8E-9C8DF0BDDE9F}]
"pabckgdkjhcpmabfedpgphcocdekfofc"=hex:69,61,6c,69,64,68,63,62,6e,6e,6b,66,61,65,64,6b,68,6c,00,00
"oahbenfdhmfghoncnpelcgcpmakjjh"=hex:69,61,6c,69,64,68,63,62,6e,6e,6b,66,61,65,64,6b,68,6c,00,00
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-10 22:36:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 22:35
C:\ComboFix2.txt ... 2007-08-10 12:20
--- E O F ---