Tech Support Forum - View Single Post - Possible virus -- changed windows background (not desktop background)

freefal1215 · 08-12-2007, 10:29 PM

Hi, I've done all of the listed steps above. Here's my........
Combofix.txt
ComboFix 07-08-13.3 - "Admin" 2007-08-13 10:48:29.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.637 [GMT 7:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\a.exe
C:\WINDOWS\system32\Y12d0Vn5.exe
C:\WINDOWS\Tasks.\At25.job
C:\WINDOWS\Tasks.\At26.job
C:\WINDOWS\Tasks.\At27.job
C:\WINDOWS\Tasks.\At28.job
C:\WINDOWS\Tasks.\At29.job
C:\WINDOWS\Tasks.\At30.job
C:\WINDOWS\Tasks.\At31.job
C:\WINDOWS\Tasks.\At32.job
C:\WINDOWS\Tasks.\At33.job
C:\WINDOWS\Tasks.\At34.job
C:\WINDOWS\Tasks.\At35.job
C:\WINDOWS\Tasks.\At36.job
C:\WINDOWS\Tasks.\At37.job
C:\WINDOWS\Tasks.\At38.job
C:\WINDOWS\Tasks.\At39.job
C:\WINDOWS\Tasks.\At40.job
C:\WINDOWS\Tasks.\At41.job
C:\WINDOWS\Tasks.\At42.job
C:\WINDOWS\Tasks.\At43.job
C:\WINDOWS\Tasks.\At44.job
C:\WINDOWS\Tasks.\At45.job
C:\WINDOWS\Tasks.\At46.job
C:\WINDOWS\Tasks.\At47.job
C:\WINDOWS\Tasks.\At48.job
C:\WINDOWS\WebAssist.dll
C:\WINDOWS\xhelper.dll

((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))

2007-08-13 10:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 18:00 <DIR> d-------- C:\Program Files\iTunes
2007-08-10 18:00 <DIR> d-------- C:\Program Files\iPod
2007-08-10 17:59 <DIR> d-------- C:\Program Files\QuickTime
2007-08-09 11:25 <DIR> d-------- C:\Program Files\CCleaner
2007-08-09 10:54 <DIR> d-------- C:\Deckard
2007-08-09 10:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-09 09:59 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Datalayer
2007-08-09 09:58 <DIR> d-------- C:\DOCUME~1\Admin\Phone Browser
2007-08-09 09:56 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Nokia
2007-08-09 09:55 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PC Suite
2007-08-09 09:54 <DIR> d-------- C:\Program Files\Nokia
2007-08-09 09:54 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-08-09 09:54 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-08-09 09:42 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-08 13:31 <DIR> d-------- C:\Program Files\LimeWire
2007-08-08 12:32 <DIR> d-------- C:\DOCUME~1\Admin\Incomplete
2007-08-08 12:31 <DIR> d-------- C:\DOCUME~1\Admin\.limewire
2007-08-07 13:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-07 13:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-07 13:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-07 10:56 26,176 --a------ C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-03 12:45 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-03 12:45 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-03 12:45 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-03 12:45 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-03 12:45 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-03 12:45 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-03 12:45 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-03 12:45 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-08-03 12:45 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-02 16:24 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PC Tools
2007-08-02 15:00 299,520 --a------ C:\WINDOWS\uninst.exe
2007-08-02 15:00 <DIR> d-------- C:\Program Files\ToniArts
2007-08-02 15:00 <DIR> d-------- C:\DOCUME~1\Admin\WINDOWS
2007-08-02 14:42 <DIR> d-------- C:\Program Files\ElcomSoft
2007-08-02 08:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
2007-08-01 19:29 <DIR> d-------- C:\DOCUME~1\Admin\Saved Games
2007-08-01 16:36 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\AdobeUM
2007-08-01 14:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin
2007-08-01 14:01 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\iWin
2007-08-01 13:15 <DIR> d-------- C:\Program Files\PMStitch20
2007-08-01 13:07 86,016 --a------ C:\WINDOWS\system32\xl_x263dec.dll
2007-08-01 13:07 61,440 --a------ C:\WINDOWS\system32\camiodll.dll
2007-08-01 13:07 49,152 --a------ C:\WINDOWS\system32\CamCapEx.dll
2007-08-01 13:07 40,960 --a------ C:\WINDOWS\system32\PicEng.dll
2007-08-01 13:07 <DIR> d-------- C:\Program Files\Veo Digital Studio
2007-08-01 13:07 <DIR> d-------- C:\Program Files\Veo Connect
2007-08-01 13:02 899,884 -ra------ C:\WINDOWS\system32\drivers\ucdnt.sys
2007-08-01 13:02 86,016 --a------ C:\WINDOWS\system32\ucdintf.dll
2007-08-01 13:02 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-08-01 13:02 85,376 --a------ C:\WINDOWS\system32\dllcache\nabtsfec.sys
2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_yv12.dll
2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_yuy2.dll
2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_uyvy.dll
2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\Xl_I420.dll
2007-08-01 13:02 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-08-01 13:02 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-08-01 13:02 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-08-01 13:02 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys
2007-08-01 13:02 286,720 --a------ C:\WINDOWS\system32\CamFC.dll
2007-08-01 13:02 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-08-01 13:02 19,328 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys
2007-08-01 13:02 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-08-01 13:02 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-08-01 13:02 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-08-01 13:02 15,360 --a------ C:\WINDOWS\system32\dllcache\streamip.sys
2007-08-01 13:02 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-08-01 13:02 11,136 --a------ C:\WINDOWS\system32\dllcache\slip.sys
2007-08-01 13:02 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-08-01 13:02 10,880 --a------ C:\WINDOWS\system32\dllcache\ndisip.sys
2007-08-01 11:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
2007-08-01 11:26 <DIR> d-------- C:\Program Files\GameHouse
2007-08-01 11:26 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\GameHouse
2007-08-01 11:11 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-08-01 11:10 <DIR> d-------- C:\Program Files\MSECACHE
2007-07-31 20:11 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Help
2007-07-30 10:55 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Genie-Soft
2007-07-30 10:54 <DIR> d-------- C:\Program Files\Genie-Soft
2007-07-30 09:36 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\IsolatedStorage
2007-07-28 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
2007-07-28 17:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-07-28 16:15 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-07-27 23:07 <DIR> d-------- C:\Program Files\VirtualVillagers_at
2007-07-27 18:52 <DIR> d-------- C:\Program Files\PizzaFrenzy_at
2007-07-27 13:35 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-07-27 12:17 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Gaijin Ent
2007-07-27 10:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-07-27 10:07 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PlayFirst
2007-07-27 10:01 <DIR> d---s---- C:\DOCUME~1\Admin\UserData
2007-07-26 19:17 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-07-26 19:17 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Sandlot Games
2007-07-26 15:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
2007-07-26 14:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Yahoo!
2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Google
2007-07-26 13:47 <DIR> d-------- C:\Program Files\MostFun
2007-07-26 13:45 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
2007-07-26 13:44 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-31 10:41 64 --a------ C:\Program Files\maxscrpt.dsk
2007-07-31 10:41 2644 --a------ C:\Program Files\3dsmax.ini
2007-07-31 10:41 0 --a------ C:\Program Files\RtDxStdMtl2.log
2007-07-23 13:21 2722 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-07-23 13:20 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-07-18 14:45 114 --a------ C:\Program Files\plugin.ini
2004-10-05 16:12 138430 -ra------ C:\Program Files\Readme.rtf
2004-10-04 18:23 7168 --a------ C:\Program Files\viewfile.dll
2004-10-04 18:23 36864 --a------ C:\Program Files\zlibdll.dll
2004-10-04 18:23 271872 --a------ C:\Program Files\viz.dll
2004-10-04 18:23 17408 --a------ C:\Program Files\UIControls.dll
2004-10-04 18:23 151552 --a------ C:\Program Files\unzip32.dll
2004-10-04 18:23 131072 --a------ C:\Program Files\zip32.dll
2004-10-04 18:23 10752 --a------ C:\Program Files\undomgr.dll
2004-10-04 18:23 10240 --a------ C:\Program Files\UndoBody.dll
2004-10-04 18:22 97792 --a------ C:\Program Files\maxnet.dll
2004-10-04 18:22 974848 --a------ C:\Program Files\mfc70.dll
2004-10-04 18:22 97280 --a------ C:\Program Files\res2.dll
2004-10-04 18:22 97280 --a------ C:\Program Files\lsrd.dll
2004-10-04 18:22 97280 --a------ C:\Program Files\libDLcomponentManager.dll
2004-10-04 18:22 9728 --a------ C:\Program Files\helpsys.dll
2004-10-04 18:22 96256 --a------ C:\Program Files\Poly.dll
2004-10-04 18:22 92160 --a------ C:\Program Files\lpwrt.dll
2004-10-04 18:22 92160 --a------ C:\Program Files\CustDlg.dll
2004-10-04 18:22 89088 --a------ C:\Program Files\oglgfx.drv
2004-10-04 18:22 8704 --a------ C:\Program Files\resmgr.dll
2004-10-04 18:22 85504 --a------ C:\Program Files\hrigfx.drv
2004-10-04 18:22 84992 --a------ C:\Program Files\Atl70.dll
2004-10-04 18:22 843776 --a------ C:\Program Files\libpdx.dll
2004-10-04 18:22 83968 --a------ C:\Program Files\ParticleFlow.dll
2004-10-04 18:22 837632 --a------ C:\Program Files\d3dgfx.drv
2004-10-04 18:22 78968 --a------ C:\Program Files\iejfifrd80.dll
2004-10-04 18:22 78968 --a------ C:\Program Files\adlmres.dll
2004-10-04 18:22 770048 --a------ C:\Program Files\libDLbase.dll
2004-10-04 18:22 7680 --a------ C:\Program Files\rct_registry.dll
2004-10-04 18:22 74240 --a------ C:\Program Files\imageViewers.dll
2004-10-04 18:22 73216 --a------ C:\Program Files\res1.dll
2004-10-04 18:22 71680 --a------ C:\Program Files\MenuMan.dll
2004-10-04 18:22 7168 --a------ C:\Program Files\res10.dll
2004-10-04 18:22 69632 --a------ C:\Program Files\CdaLCDlg.dll
2004-10-04 18:22 68608 --a------ C:\Program Files\ManipSys.dll
2004-10-04 18:22 681472 --a------ C:\Program Files\mesh.dll
2004-10-04 18:22 66680 --a------ C:\Program Files\iepngrd80.dll
2004-10-04 18:22 65024 --a------ C:\Program Files\libDLltutility.dll
2004-10-04 18:22 649728 --a------ C:\Program Files\MNMath.dll
2004-10-04 18:22 63488 --a------ C:\Program Files\menus.dll
2004-10-04 18:22 62464 --a------ C:\Program Files\rtmax.dll
2004-10-04 18:22 6144 --a------ C:\Program Files\tessint.dll
2004-10-04 18:22 6144 --a------ C:\Program Files\res8.dll
2004-10-04 18:22 6144 --a------ C:\Program Files\libDLltutilityRes.dll
2004-10-04 18:22 610 --a------ C:\Program Files\hotkeyMap.html
2004-10-04 18:22 59904 --a------ C:\Program Files\max.task
2004-10-04 18:22 57344 --a------ C:\Program Files\libDLltgeometry.dll
2004-10-04 18:22 55808 --a------ C:\Program Files\MAXComponents.dll
2004-10-04 18:22 557568 --a------ C:\Program Files\splash.dll
2004-10-04 18:22 54904 --a------ C:\Program Files\iejfifwr80.dll
2004-10-04 18:22 54784 --a------ C:\Program Files\msvci70.dll
2004-10-04 18:22 54392 --a------ C:\Program Files\iepngwr80.dll
2004-10-04 18:22 534016 --a------ C:\Program Files\d3d81gfx.drv
2004-10-04 18:22 5264896 --a------ C:\Program Files\core.dll
2004-10-04 18:22 5129728 --a------ C:\Program Files\3dsmax.exe
2004-10-04 18:22 5104640 --a------ C:\Program Files\Maxscrpt.dll
2004-10-04 18:22 499712 --a------ C:\Program Files\msvcp71.dll
2004-10-04 18:22 495376 --a------ C:\Program Files\msxml.dll
2004-10-04 18:22 487424 --a------ C:\Program Files\msvcp70.dll
2004-10-04 18:22 486400 --a------ C:\Program Files\dbghelp.dll
2004-10-04 18:22 4853760 --a------ C:\Program Files\libiges.dll
2004-10-04 18:22 46080 --a------ C:\Program Files\geomimp.dll
2004-10-04 18:22 4608 --a------ C:\Program Files\libDLltgeometryRes.dll
2004-10-04 18:22 4590 --a------ C:\Program Files\max.tres
2004-10-04 18:22 45568 --a------ C:\Program Files\ParamRollup.dll
2004-10-04 18:22 454656 --a------ C:\Program Files\libDLprimitives.dll
2004-10-04 18:22 44032 --a------ C:\Program Files\res5.dll
2004-10-04 18:22 4096 --a------ C:\Program Files\minidumpVer.dll
2004-10-04 18:22 4096 --a------ C:\Program Files\MaxIges.msx
2004-10-04 18:22 398456 --a------ C:\Program Files\ie80.dll
2004-10-04 18:22 36352 --a------ C:\Program Files\expr.dll
2004-10-04 18:22 3604480 --a------ C:\Program Files\Ashli.dll
2004-10-04 18:22 3592192 --a------ C:\Program Files\libray.dll
2004-10-04 18:22 35840 --a------ C:\Program Files\res6.dll
2004-10-04 18:22 35448 --a------ C:\Program Files\ieproxy16.dll
2004-10-04 18:22 35328 --a------ C:\Program Files\res4.dll
2004-10-04 18:22 35328 --a------ C:\Program Files\maxutil.dll
2004-10-04 18:22 352256 --a------ C:\Program Files\liblint.dll
2004-10-04 18:22 349392 --a------ C:\Program Files\addflow4.ocx
2004-10-04 18:22 348160 --a------ C:\Program Files\msvcr71.dll
2004-10-04 18:22 344064 --a------ C:\Program Files\msvcr70.dll
2004-10-04 18:22 33280 --a------ C:\Program Files\acap.dll
2004-10-04 18:22 32819 --a------ C:\Program Files\mtl7.dll
2004-10-04 18:22 32447 --a------ C:\Program Files\AdlmLog.xml
2004-10-04 18:22 30840 --a------ C:\Program Files\ietiffrd80.dll
2004-10-04 18:22 30328 --a------ C:\Program Files\ietiffwr80.dll
2004-10-04 18:22 30208 --a------ C:\Program Files\particle.dll
2004-10-04 18:22 300544 --a------ C:\Program Files\Amodeler.dll
2004-10-04 18:22 2896896 --a------ C:\Program Files\gmi.dll
2004-10-04 18:22 28727 --a------ C:\Program Files\texture7.dll
2004-10-04 18:22 281208 --a------ C:\Program Files\Ereg.dll
2004-10-04 18:22 281088 --a------ C:\Program Files\AdskScInst.dll
2004-10-04 18:22 27648 --a------ C:\Program Files\gfx.dll
2004-10-04 18:22 26624 --a------ C:\Program Files\gcomm2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 12:59 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 05:03]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-07 00:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-01-07 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R3 EL2000;3Com 3C2000x EtherLink XL Adapter;C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd5b172-3ef7-11dc-8490-f679e301c7a4}]
AutoRun\command- F:\Copy*of*Desktop.ini
explore\Command- F:\Copy*of*Desktop.ini
open\Command- F:\Copy*of*Desktop.ini

Contents of the 'Scheduled Tasks' folder
2007-08-12 17:01:02 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 18:01:02 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 19:01:02 C:\WINDOWS\Tasks\At3.job
2007-08-12 20:01:02 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 21:01:02 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 22:01:02 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 23:01:02 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-13 00:01:02 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-13 01:01:02 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-13 02:01:02 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-13 03:01:02 C:\WINDOWS\Tasks\At11.job
2007-08-10 04:01:02 C:\WINDOWS\Tasks\At12.job
2007-08-11 05:03:02 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-11 06:03:02 C:\WINDOWS\Tasks\At14.job
2007-08-11 07:03:02 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 08:01:02 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 09:01:02 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 10:01:02 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 11:01:02 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 12:01:02 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 13:01:02 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 14:01:02 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 15:01:02 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-12 16:01:02 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\bTbVnD0J.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 10:51:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-13 10:52:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-13 10:52

--- E O F ---

SDFix report
DFix: Version 1.98

Run by Admin on Mon 08/13/2007 at 11:00 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\OLD\D\Admin\Local Settings\Temp\5.dllb - Deleted
C:\OLD\D\NetworkService\Local Settings\Temp\v5xd2.g3ame - Deleted
C:\OLD\D\NetworkService\Local Settings\Temp\v6xdt4.game - Deleted
C:\OLD\D\LocalService\Local Settings\Temp\v5xd2.g3ame - Deleted
C:\OLD\D\LocalService\Local Settings\Temp\v6xdt4.game - Deleted
C:\OLD\D\NetworkService\Local Settings\Temp\vx1dt3.game - Deleted
C:\OLD\D\LocalService\Local Settings\Temp\vx1dt3.game - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll
C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe
C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL3732.tmp
C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL4072.tmp
C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL2522.tmp
C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL1742.tmp
C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL0954.tmp
C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL1663.tmp
C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL2600.tmp
C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL1627.tmp
C:\OLD\D\Admin\Local Settings\Temp\BITF.tmp
C:\OLD\W\SoftwareDistribution\Download\f941c900a413f153861a4032214a1aec\BIT3F.tmp
C:\OLD\W\SoftwareDistribution\Download\7b94d041c29d0b8d724c97ae0005e71b\BIT40.tmp
C:\OLD\W\SoftwareDistribution\Download\4596f4b9d8a4b5253ee760a58a45bcfb\BIT44.tmp
C:\OLD\W\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\BIT45.tmp
C:\OLD\W\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\BIT48.tmp
C:\OLD\W\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT62.tmp
C:\OLD\W\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\BIT41.tmp
C:\OLD\W\SoftwareDistribution\Download\52d0bad96d671744fec5c77caa4cdf4d\BIT42.tmp
C:\OLD\W\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\BIT96.tmp
C:\OLD\W\SoftwareDistribution\Download\deb995e7b7d2953ec6904bd5047bd45f\BIT6F.tmp
C:\OLD\W\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\BIT3B.tmp
C:\OLD\W\SoftwareDistribution\Download\05dc5f0b39a115d1962503e7297cdba7\BIT3C.tmp
C:\OLD\W\SoftwareDistribution\Download\587d85e782ae94381c309d8add64e1a0\BIT3D.tmp
C:\OLD\W\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\BIT3E.tmp

Finished

HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:30 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6023 bytes

Thanks again,
Gita

08-12-2007, 10:29 PM	#3 (permalink)
freefal1215 Registered User Join Date: Aug 2007 Posts: 8 OS: Win XP	Re: Possible virus -- changed windows background (not desktop background) Hi, I've done all of the listed steps above. Here's my........ Combofix.txt ComboFix 07-08-13.3 - "Admin" 2007-08-13 10:48:29.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.637 [GMT 7:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\a.exe C:\WINDOWS\system32\Y12d0Vn5.exe C:\WINDOWS\Tasks.\At25.job C:\WINDOWS\Tasks.\At26.job C:\WINDOWS\Tasks.\At27.job C:\WINDOWS\Tasks.\At28.job C:\WINDOWS\Tasks.\At29.job C:\WINDOWS\Tasks.\At30.job C:\WINDOWS\Tasks.\At31.job C:\WINDOWS\Tasks.\At32.job C:\WINDOWS\Tasks.\At33.job C:\WINDOWS\Tasks.\At34.job C:\WINDOWS\Tasks.\At35.job C:\WINDOWS\Tasks.\At36.job C:\WINDOWS\Tasks.\At37.job C:\WINDOWS\Tasks.\At38.job C:\WINDOWS\Tasks.\At39.job C:\WINDOWS\Tasks.\At40.job C:\WINDOWS\Tasks.\At41.job C:\WINDOWS\Tasks.\At42.job C:\WINDOWS\Tasks.\At43.job C:\WINDOWS\Tasks.\At44.job C:\WINDOWS\Tasks.\At45.job C:\WINDOWS\Tasks.\At46.job C:\WINDOWS\Tasks.\At47.job C:\WINDOWS\Tasks.\At48.job C:\WINDOWS\WebAssist.dll C:\WINDOWS\xhelper.dll ((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 ))))))))))))))))))))))))))))))) 2007-08-13 10:47 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-10 18:00 <DIR> d-------- C:\Program Files\iTunes 2007-08-10 18:00 <DIR> d-------- C:\Program Files\iPod 2007-08-10 17:59 <DIR> d-------- C:\Program Files\QuickTime 2007-08-09 11:25 <DIR> d-------- C:\Program Files\CCleaner 2007-08-09 10:54 <DIR> d-------- C:\Deckard 2007-08-09 10:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-09 09:59 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Datalayer 2007-08-09 09:58 <DIR> d-------- C:\DOCUME~1\Admin\Phone Browser 2007-08-09 09:56 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Nokia 2007-08-09 09:55 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PC Suite 2007-08-09 09:54 <DIR> d-------- C:\Program Files\Nokia 2007-08-09 09:54 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2007-08-09 09:54 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-08-09 09:42 <DIR> d-------- C:\Program Files\Apple Software Update 2007-08-08 13:31 <DIR> d-------- C:\Program Files\LimeWire 2007-08-08 12:32 <DIR> d-------- C:\DOCUME~1\Admin\Incomplete 2007-08-08 12:31 <DIR> d-------- C:\DOCUME~1\Admin\.limewire 2007-08-07 13:57 <DIR> d-------- C:\Program Files\Lavasoft 2007-08-07 13:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-07 13:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-07 10:56 26,176 --a------ C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-03 12:45 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-08-03 12:45 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-08-03 12:45 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-08-03 12:45 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-08-03 12:45 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-08-03 12:45 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-03 12:45 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-08-03 12:45 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-08-03 12:45 <DIR> d-------- C:\Program Files\Alwil Software 2007-08-02 16:24 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PC Tools 2007-08-02 15:00 299,520 --a------ C:\WINDOWS\uninst.exe 2007-08-02 15:00 <DIR> d-------- C:\Program Files\ToniArts 2007-08-02 15:00 <DIR> d-------- C:\DOCUME~1\Admin\WINDOWS 2007-08-02 14:42 <DIR> d-------- C:\Program Files\ElcomSoft 2007-08-02 08:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear 2007-08-01 19:29 <DIR> d-------- C:\DOCUME~1\Admin\Saved Games 2007-08-01 16:36 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\AdobeUM 2007-08-01 14:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin 2007-08-01 14:01 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\iWin 2007-08-01 13:15 <DIR> d-------- C:\Program Files\PMStitch20 2007-08-01 13:07 86,016 --a------ C:\WINDOWS\system32\xl_x263dec.dll 2007-08-01 13:07 61,440 --a------ C:\WINDOWS\system32\camiodll.dll 2007-08-01 13:07 49,152 --a------ C:\WINDOWS\system32\CamCapEx.dll 2007-08-01 13:07 40,960 --a------ C:\WINDOWS\system32\PicEng.dll 2007-08-01 13:07 <DIR> d-------- C:\Program Files\Veo Digital Studio 2007-08-01 13:07 <DIR> d-------- C:\Program Files\Veo Connect 2007-08-01 13:02 899,884 -ra------ C:\WINDOWS\system32\drivers\ucdnt.sys 2007-08-01 13:02 86,016 --a------ C:\WINDOWS\system32\ucdintf.dll 2007-08-01 13:02 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-08-01 13:02 85,376 --a------ C:\WINDOWS\system32\dllcache\nabtsfec.sys 2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_yv12.dll 2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_yuy2.dll 2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_uyvy.dll 2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\Xl_I420.dll 2007-08-01 13:02 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-08-01 13:02 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-08-01 13:02 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-08-01 13:02 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys 2007-08-01 13:02 286,720 --a------ C:\WINDOWS\system32\CamFC.dll 2007-08-01 13:02 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-08-01 13:02 19,328 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys 2007-08-01 13:02 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-08-01 13:02 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys 2007-08-01 13:02 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-08-01 13:02 15,360 --a------ C:\WINDOWS\system32\dllcache\streamip.sys 2007-08-01 13:02 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-08-01 13:02 11,136 --a------ C:\WINDOWS\system32\dllcache\slip.sys 2007-08-01 13:02 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-08-01 13:02 10,880 --a------ C:\WINDOWS\system32\dllcache\ndisip.sys 2007-08-01 11:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9 2007-08-01 11:26 <DIR> d-------- C:\Program Files\GameHouse 2007-08-01 11:26 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\GameHouse 2007-08-01 11:11 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2007-08-01 11:10 <DIR> d-------- C:\Program Files\MSECACHE 2007-07-31 20:11 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Help 2007-07-30 10:55 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Genie-Soft 2007-07-30 10:54 <DIR> d-------- C:\Program Files\Genie-Soft 2007-07-30 09:36 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\IsolatedStorage 2007-07-28 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise 2007-07-28 17:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia 2007-07-28 16:15 <DIR> d-------- C:\WINDOWS\system32\appmgmt 2007-07-27 23:07 <DIR> d-------- C:\Program Files\VirtualVillagers_at 2007-07-27 18:52 <DIR> d-------- C:\Program Files\PizzaFrenzy_at 2007-07-27 13:35 4,096 --a------ C:\WINDOWS\d3dx.dat 2007-07-27 12:17 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Gaijin Ent 2007-07-27 10:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst 2007-07-27 10:07 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PlayFirst 2007-07-27 10:01 <DIR> d---s---- C:\DOCUME~1\Admin\UserData 2007-07-26 19:17 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-07-26 19:17 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Sandlot Games 2007-07-26 15:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games 2007-07-26 14:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games 2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Yahoo! 2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Google 2007-07-26 13:47 <DIR> d-------- C:\Program Files\MostFun 2007-07-26 13:45 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Apple Computer 2007-07-26 13:44 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-31 10:41 64 --a------ C:\Program Files\maxscrpt.dsk 2007-07-31 10:41 2644 --a------ C:\Program Files\3dsmax.ini 2007-07-31 10:41 0 --a------ C:\Program Files\RtDxStdMtl2.log 2007-07-23 13:21 2722 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-07-23 13:20 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin 2007-07-18 14:45 114 --a------ C:\Program Files\plugin.ini 2004-10-05 16:12 138430 -ra------ C:\Program Files\Readme.rtf 2004-10-04 18:23 7168 --a------ C:\Program Files\viewfile.dll 2004-10-04 18:23 36864 --a------ C:\Program Files\zlibdll.dll 2004-10-04 18:23 271872 --a------ C:\Program Files\viz.dll 2004-10-04 18:23 17408 --a------ C:\Program Files\UIControls.dll 2004-10-04 18:23 151552 --a------ C:\Program Files\unzip32.dll 2004-10-04 18:23 131072 --a------ C:\Program Files\zip32.dll 2004-10-04 18:23 10752 --a------ C:\Program Files\undomgr.dll 2004-10-04 18:23 10240 --a------ C:\Program Files\UndoBody.dll 2004-10-04 18:22 97792 --a------ C:\Program Files\maxnet.dll 2004-10-04 18:22 974848 --a------ C:\Program Files\mfc70.dll 2004-10-04 18:22 97280 --a------ C:\Program Files\res2.dll 2004-10-04 18:22 97280 --a------ C:\Program Files\lsrd.dll 2004-10-04 18:22 97280 --a------ C:\Program Files\libDLcomponentManager.dll 2004-10-04 18:22 9728 --a------ C:\Program Files\helpsys.dll 2004-10-04 18:22 96256 --a------ C:\Program Files\Poly.dll 2004-10-04 18:22 92160 --a------ C:\Program Files\lpwrt.dll 2004-10-04 18:22 92160 --a------ C:\Program Files\CustDlg.dll 2004-10-04 18:22 89088 --a------ C:\Program Files\oglgfx.drv 2004-10-04 18:22 8704 --a------ C:\Program Files\resmgr.dll 2004-10-04 18:22 85504 --a------ C:\Program Files\hrigfx.drv 2004-10-04 18:22 84992 --a------ C:\Program Files\Atl70.dll 2004-10-04 18:22 843776 --a------ C:\Program Files\libpdx.dll 2004-10-04 18:22 83968 --a------ C:\Program Files\ParticleFlow.dll 2004-10-04 18:22 837632 --a------ C:\Program Files\d3dgfx.drv 2004-10-04 18:22 78968 --a------ C:\Program Files\iejfifrd80.dll 2004-10-04 18:22 78968 --a------ C:\Program Files\adlmres.dll 2004-10-04 18:22 770048 --a------ C:\Program Files\libDLbase.dll 2004-10-04 18:22 7680 --a------ C:\Program Files\rct_registry.dll 2004-10-04 18:22 74240 --a------ C:\Program Files\imageViewers.dll 2004-10-04 18:22 73216 --a------ C:\Program Files\res1.dll 2004-10-04 18:22 71680 --a------ C:\Program Files\MenuMan.dll 2004-10-04 18:22 7168 --a------ C:\Program Files\res10.dll 2004-10-04 18:22 69632 --a------ C:\Program Files\CdaLCDlg.dll 2004-10-04 18:22 68608 --a------ C:\Program Files\ManipSys.dll 2004-10-04 18:22 681472 --a------ C:\Program Files\mesh.dll 2004-10-04 18:22 66680 --a------ C:\Program Files\iepngrd80.dll 2004-10-04 18:22 65024 --a------ C:\Program Files\libDLltutility.dll 2004-10-04 18:22 649728 --a------ C:\Program Files\MNMath.dll 2004-10-04 18:22 63488 --a------ C:\Program Files\menus.dll 2004-10-04 18:22 62464 --a------ C:\Program Files\rtmax.dll 2004-10-04 18:22 6144 --a------ C:\Program Files\tessint.dll 2004-10-04 18:22 6144 --a------ C:\Program Files\res8.dll 2004-10-04 18:22 6144 --a------ C:\Program Files\libDLltutilityRes.dll 2004-10-04 18:22 610 --a------ C:\Program Files\hotkeyMap.html 2004-10-04 18:22 59904 --a------ C:\Program Files\max.task 2004-10-04 18:22 57344 --a------ C:\Program Files\libDLltgeometry.dll 2004-10-04 18:22 55808 --a------ C:\Program Files\MAXComponents.dll 2004-10-04 18:22 557568 --a------ C:\Program Files\splash.dll 2004-10-04 18:22 54904 --a------ C:\Program Files\iejfifwr80.dll 2004-10-04 18:22 54784 --a------ C:\Program Files\msvci70.dll 2004-10-04 18:22 54392 --a------ C:\Program Files\iepngwr80.dll 2004-10-04 18:22 534016 --a------ C:\Program Files\d3d81gfx.drv 2004-10-04 18:22 5264896 --a------ C:\Program Files\core.dll 2004-10-04 18:22 5129728 --a------ C:\Program Files\3dsmax.exe 2004-10-04 18:22 5104640 --a------ C:\Program Files\Maxscrpt.dll 2004-10-04 18:22 499712 --a------ C:\Program Files\msvcp71.dll 2004-10-04 18:22 495376 --a------ C:\Program Files\msxml.dll 2004-10-04 18:22 487424 --a------ C:\Program Files\msvcp70.dll 2004-10-04 18:22 486400 --a------ C:\Program Files\dbghelp.dll 2004-10-04 18:22 4853760 --a------ C:\Program Files\libiges.dll 2004-10-04 18:22 46080 --a------ C:\Program Files\geomimp.dll 2004-10-04 18:22 4608 --a------ C:\Program Files\libDLltgeometryRes.dll 2004-10-04 18:22 4590 --a------ C:\Program Files\max.tres 2004-10-04 18:22 45568 --a------ C:\Program Files\ParamRollup.dll 2004-10-04 18:22 454656 --a------ C:\Program Files\libDLprimitives.dll 2004-10-04 18:22 44032 --a------ C:\Program Files\res5.dll 2004-10-04 18:22 4096 --a------ C:\Program Files\minidumpVer.dll 2004-10-04 18:22 4096 --a------ C:\Program Files\MaxIges.msx 2004-10-04 18:22 398456 --a------ C:\Program Files\ie80.dll 2004-10-04 18:22 36352 --a------ C:\Program Files\expr.dll 2004-10-04 18:22 3604480 --a------ C:\Program Files\Ashli.dll 2004-10-04 18:22 3592192 --a------ C:\Program Files\libray.dll 2004-10-04 18:22 35840 --a------ C:\Program Files\res6.dll 2004-10-04 18:22 35448 --a------ C:\Program Files\ieproxy16.dll 2004-10-04 18:22 35328 --a------ C:\Program Files\res4.dll 2004-10-04 18:22 35328 --a------ C:\Program Files\maxutil.dll 2004-10-04 18:22 352256 --a------ C:\Program Files\liblint.dll 2004-10-04 18:22 349392 --a------ C:\Program Files\addflow4.ocx 2004-10-04 18:22 348160 --a------ C:\Program Files\msvcr71.dll 2004-10-04 18:22 344064 --a------ C:\Program Files\msvcr70.dll 2004-10-04 18:22 33280 --a------ C:\Program Files\acap.dll 2004-10-04 18:22 32819 --a------ C:\Program Files\mtl7.dll 2004-10-04 18:22 32447 --a------ C:\Program Files\AdlmLog.xml 2004-10-04 18:22 30840 --a------ C:\Program Files\ietiffrd80.dll 2004-10-04 18:22 30328 --a------ C:\Program Files\ietiffwr80.dll 2004-10-04 18:22 30208 --a------ C:\Program Files\particle.dll 2004-10-04 18:22 300544 --a------ C:\Program Files\Amodeler.dll 2004-10-04 18:22 2896896 --a------ C:\Program Files\gmi.dll 2004-10-04 18:22 28727 --a------ C:\Program Files\texture7.dll 2004-10-04 18:22 281208 --a------ C:\Program Files\Ereg.dll 2004-10-04 18:22 281088 --a------ C:\Program Files\AdskScInst.dll 2004-10-04 18:22 27648 --a------ C:\Program Files\gfx.dll 2004-10-04 18:22 26624 --a------ C:\Program Files\gcomm2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-08-05 12:59 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 05:03] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-07 00:00] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-01-07 07:00] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe R3 EL2000;3Com 3C2000x EtherLink XL Adapter;C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd5b172-3ef7-11dc-8490-f679e301c7a4}] AutoRun\command- F:\CopyofDesktop.ini explore\Command- F:\CopyofDesktop.ini open\Command- F:\CopyofDesktop.ini Contents of the 'Scheduled Tasks' folder 2007-08-12 17:01:02 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 18:01:02 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 19:01:02 C:\WINDOWS\Tasks\At3.job 2007-08-12 20:01:02 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 21:01:02 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 22:01:02 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 23:01:02 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-13 00:01:02 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-13 01:01:02 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-13 02:01:02 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-13 03:01:02 C:\WINDOWS\Tasks\At11.job 2007-08-10 04:01:02 C:\WINDOWS\Tasks\At12.job 2007-08-11 05:03:02 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-11 06:03:02 C:\WINDOWS\Tasks\At14.job 2007-08-11 07:03:02 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 08:01:02 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 09:01:02 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 10:01:02 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 11:01:02 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 12:01:02 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 13:01:02 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 14:01:02 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 15:01:02 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\bTbVnD0J.exe 2007-08-12 16:01:02 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\bTbVnD0J.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-13 10:51:33 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Completion time: 2007-08-13 10:52:39 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-13 10:52 --- E O F --- SDFix report DFix: Version 1.98 Run by Admin on Mon 08/13/2007 at 11:00 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\OLD\D\Admin\Local Settings\Temp\5.dllb - Deleted C:\OLD\D\NetworkService\Local Settings\Temp\v5xd2.g3ame - Deleted C:\OLD\D\NetworkService\Local Settings\Temp\v6xdt4.game - Deleted C:\OLD\D\LocalService\Local Settings\Temp\v5xd2.g3ame - Deleted C:\OLD\D\LocalService\Local Settings\Temp\v6xdt4.game - Deleted C:\OLD\D\NetworkService\Local Settings\Temp\vx1dt3.game - Deleted C:\OLD\D\LocalService\Local Settings\Temp\vx1dt3.game - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL3732.tmp C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL4072.tmp C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL2522.tmp C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL1742.tmp C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL0954.tmp C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL1663.tmp C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL2600.tmp C:\Documents and Settings\Admin\My Documents\My Work\BOB\DRILLING\RIG 750\~WRL1627.tmp C:\OLD\D\Admin\Local Settings\Temp\BITF.tmp C:\OLD\W\SoftwareDistribution\Download\f941c900a413f153861a4032214a1aec\BIT3F.tmp C:\OLD\W\SoftwareDistribution\Download\7b94d041c29d0b8d724c97ae0005e71b\BIT40.tmp C:\OLD\W\SoftwareDistribution\Download\4596f4b9d8a4b5253ee760a58a45bcfb\BIT44.tmp C:\OLD\W\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\BIT45.tmp C:\OLD\W\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\BIT48.tmp C:\OLD\W\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT62.tmp C:\OLD\W\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\BIT41.tmp C:\OLD\W\SoftwareDistribution\Download\52d0bad96d671744fec5c77caa4cdf4d\BIT42.tmp C:\OLD\W\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\BIT96.tmp C:\OLD\W\SoftwareDistribution\Download\deb995e7b7d2953ec6904bd5047bd45f\BIT6F.tmp C:\OLD\W\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\BIT3B.tmp C:\OLD\W\SoftwareDistribution\Download\05dc5f0b39a115d1962503e7297cdba7\BIT3C.tmp C:\OLD\W\SoftwareDistribution\Download\587d85e782ae94381c309d8add64e1a0\BIT3D.tmp C:\OLD\W\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\BIT3E.tmp Finished HijackThis log** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:16:30 AM, on 8/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 6023 bytes Thanks again, Gita