Tech Support Forum - View Single Post - Win32:Tenga-b

goliath9 · 05-04-2008, 03:23 AM

TYs o much here is the log from COMBOFIX and HIJACK THIS

COMBOFIX LOG:

ComboFix 08-05-01.1 - Administrator 2008-05-04 2:17:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2487 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-01 15:45 . 2008-05-01 15:45 <DIR> d-------- C:\Program Files\Tortun
2008-05-01 04:55 . 2008-05-01 04:56 178 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-05-01 03:01 . 2008-05-01 03:01 <DIR> d-------- C:\b75b307b425acf509f660b0e2fb66425
2008-04-30 19:51 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-30 19:51 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-30 13:42 . 2008-04-30 13:42 <DIR> d-------- C:\Logs
2008-04-30 08:08 . 2008-04-30 08:08 <DIR> d-------- C:\Program Files\Siber Systems
2008-04-30 08:02 . 2008-04-30 18:38 <DIR> d-------- C:\Program Files\World of Warcraft
2008-04-30 01:56 . 2008-04-30 01:56 <DIR> d-------- C:\WINDOWS\Sun
2008-04-30 01:22 . 2008-04-30 01:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 01:19 . 2008-05-02 20:01 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-30 01:19 . 2008-05-02 20:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-30 01:10 . 2006-08-21 02:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-30 01:10 . 2006-08-21 02:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-30 01:10 . 2006-08-21 05:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-30 01:08 . 2008-04-30 13:15 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-30 01:06 . 2008-04-30 01:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-30 00:40 . 2006-08-25 08:45 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-04-30 00:33 . 2007-07-12 16:31 765,952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2008-04-30 00:33 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-30 00:12 . 2007-07-09 06:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-30 00:11 . 2006-03-20 20:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-04-30 00:08 . 2008-04-30 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-29 23:45 . 2008-05-02 02:37 2,666,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-29 23:45 . 2008-05-02 02:37 24,404 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-29 23:39 . 2008-04-29 23:39 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-29 23:39 . 2008-04-29 23:39 <DIR> d-------- C:\Program Files\CCleaner
2008-04-29 23:36 . 2008-04-29 23:37 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-29 23:36 . 2008-04-29 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-29 23:36 . 2005-08-29 19:01 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-04-29 23:36 . 2005-05-24 19:23 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-04-29 23:36 . 2005-01-09 20:32 181,938 --a------ C:\WINDOWS\Gateway.bmp
2008-04-29 23:36 . 2003-03-25 05:00 67,072 --a------ C:\WINDOWS\POWERCFG.EXE
2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-04-29 23:34 . 2008-04-29 23:34 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-29 23:34 . 2008-04-29 23:34 <DIR> d-------- C:\Program Files\TurboTaxOnline
2008-04-29 23:34 . 2008-04-29 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-29 23:33 . 2008-04-29 23:33 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-29 23:33 . 2008-04-29 23:34 <DIR> d-------- C:\Program Files\Ahead
2008-04-29 23:33 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-04-29 23:33 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-04-29 23:33 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-04-29 23:33 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-04-29 23:33 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-29 23:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Real
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\QuickTime
2008-04-29 23:32 . 2008-04-30 00:07 <DIR> d-------- C:\Program Files\Pure Networks
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Learn2.com
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-29 23:31 . 2008-04-29 22:46 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-29 23:31 . 2008-04-29 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-29 23:31 . 2008-04-29 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-29 23:31 . 2008-04-29 23:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-29 23:31 . 2004-06-30 09:49 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll
2008-04-29 23:30 . 2008-04-29 23:30 <DIR> d-------- C:\Program Files\Digital Media Reader
2008-04-29 23:30 . 2008-04-29 23:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2008-04-29 23:29 . 2008-04-29 22:47 <DIR> d-------- C:\Program Files\Napster
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Program Files\Logitech
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Program Files\CyberLink
2008-04-29 23:29 . 2008-04-29 23:30 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-29 23:29 . 2008-04-29 22:43 <DIR> d-------- C:\Documents and Settings\Owner
2008-04-29 23:29 . 2008-04-29 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-04-29 23:29 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-04-29 23:29 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-04-29 23:29 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-04-29 23:29 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-04-29 23:29 . 2003-03-18 20:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-04-29 23:29 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-04-29 23:28 . 2008-04-29 23:28 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-04-29 23:28 . 2008-04-29 22:44 <DIR> d-------- C:\Program Files\BigFix
2008-04-29 23:28 . 2008-04-29 23:28 <DIR> d-------- C:\NVIDIA
2008-04-29 23:28 . 2004-07-15 14:06 471,298 --a------ C:\WINDOWS\wallpg.exe
2008-04-29 23:28 . 2008-03-24 11:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 23:28 . 2008-03-24 19:52 175,336 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-04-29 23:28 . 2005-01-11 13:09 51,656 --a------ C:\WINDOWS\system32\OEMLOGO.bmp
2008-04-29 23:28 . 2005-10-11 12:48 13,352 --a------ C:\WINDOWS\BigFixClientOverride.dll
2008-04-29 23:28 . 2008-04-29 23:36 953 --a------ C:\RebootLog.ini
2008-04-29 23:28 . 2008-04-29 23:28 2 --a------ C:\AUDIT_INSTALL_IN_PROGRESS
2008-04-29 23:27 . 2008-04-29 23:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-29 23:27 . 2008-05-01 07:40 <DIR> d-------- C:\Program Files\Netscape Internet Service
2008-04-29 23:27 . 2008-04-30 00:07 <DIR> d-------- C:\Program Files\Google
2008-04-29 23:27 . 2008-04-29 23:27 <DIR> d-------- C:\Program Files\Gateway
2008-04-29 23:27 . 2008-04-29 22:13 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-04-29 23:27 . 2008-05-01 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
2008-04-29 23:27 . 2008-04-29 23:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlarySoft
2008-04-29 23:27 . 2008-04-29 23:27 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-04-29 23:27 . 2008-04-29 22:43 1,024 --ah----- C:\Documents and Settings\Default User\ntuser.dat.LOG
2008-04-29 23:27 . 2008-04-29 22:43 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
2008-04-29 23:26 . 2008-04-29 23:26 <DIR> d-------- C:\Program Files\Java
2008-04-29 23:26 . 2008-04-29 23:29 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 23:26 . 2008-04-29 23:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-29 23:26 . 2008-04-29 23:28 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-29 23:23 . 2008-04-29 23:31 <DIR> d-------- C:\Program Files\Intel
2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Program Files\DNA
2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Program Files\Common Files\New Boundary
2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Program Files\BitTorrent
2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-04-29 23:23 . 2008-05-04 02:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-04-29 23:22 . 2008-04-29 23:22 <DIR> d-------- C:\Program Files\Registry Repair
2008-04-29 23:21 . 2008-04-29 23:21 <DIR> d-------- C:\Program Files\Microsoft Streets and Trips
2008-04-29 23:21 . 2008-04-29 23:21 <DIR> d-------- C:\Program Files\Encarta
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Ventrilo
2008-04-29 23:20 . 2008-04-29 23:30 <DIR> d-------- C:\Program Files\Picture It! Premium 10
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft Works Suite 2005
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft Money 2005
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 23:20 . 2008-04-30 18:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2008-04-29 23:20 . 2008-04-29 23:20 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-29 23:19 . 2008-04-30 00:07 <DIR> d-------- C:\WINDOWS\nview
2008-04-29 23:19 . 2008-03-24 19:52 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-29 23:19 . 2008-05-03 12:27 168,688 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-29 23:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 09:43 42,276 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_02_02_35_44_small.dmp.zip
2008-05-01 14:48 729,088 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-01 14:48 1,507,840 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-30 06:32 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-04-30 06:30 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-30 06:30 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-30 05:13 --------- d-----w C:\Program Files\Windows Plus
2008-04-30 05:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-03 03:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-04-03 03:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-02_ 0.37.30.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-02 05:01:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-03 19:18:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-01-07 18:21:24 237,936 ----a-w C:\WINDOWS\system32\unicows.dll
+ 2008-05-03 19:18:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-29 23:35 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-29 23:35 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-29 22:47 171448]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-29 23:23 289088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-04-30 08:08 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"Gateway Extended Warranty"="C:\Program Files\Gateway\GWCares\GWCares.exe" [2004-02-08 16:30 73728]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 16:19 77312 C:\WINDOWS\arpwrmsg.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 05:09 139264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"CTHelper"="CTHELPER.EXE" [2005-10-29 20:31 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-10-29 20:31 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 10:37 79224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 20:07 919016]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 14:26 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-29 23:32 98304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2008-04-29 23:28:45 2168360]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-29 23:29:58 789008]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 10:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 10:35]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-10-29 20:16]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 05:43:22 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-04-30 05:43:22 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-04 09:02:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 02:18:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Completion time: 2008-05-04 2:19:27
ComboFix-quarantined-files.txt 2008-05-04 09:19:23
ComboFix2.txt 2008-05-02 07:37:46

Pre-Run: 290,123,317,248 bytes free
Post-Run: 290,115,911,680 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

254 --- E O F --- 2008-05-02 07:17:24

HIJACKHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:14 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1209544639562
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9575 bytes

05-04-2008, 03:23 AM	#12 (permalink)
goliath9 Registered User Join Date: Apr 2008 Posts: 10 OS: XP	Re: Win32:Tenga-b TYs o much here is the log from COMBOFIX and HIJACK THIS COMBOFIX LOG: ComboFix 08-05-01.1 - Administrator 2008-05-04 2:17:18.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2487 [GMT -7:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 ))))))))))))))))))))))))))))))) . 2008-05-01 15:45 . 2008-05-01 15:45 <DIR> d-------- C:\Program Files\Tortun 2008-05-01 04:55 . 2008-05-01 04:56 178 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat 2008-05-01 03:01 . 2008-05-01 03:01 <DIR> d-------- C:\b75b307b425acf509f660b0e2fb66425 2008-04-30 19:51 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-30 19:51 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-04-30 13:42 . 2008-04-30 13:42 <DIR> d-------- C:\Logs 2008-04-30 08:08 . 2008-04-30 08:08 <DIR> d-------- C:\Program Files\Siber Systems 2008-04-30 08:02 . 2008-04-30 18:38 <DIR> d-------- C:\Program Files\World of Warcraft 2008-04-30 01:56 . 2008-04-30 01:56 <DIR> d-------- C:\WINDOWS\Sun 2008-04-30 01:22 . 2008-04-30 01:22 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-30 01:19 . 2008-05-02 20:01 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-04-30 01:19 . 2008-05-02 20:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-30 01:10 . 2006-08-21 02:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-04-30 01:10 . 2006-08-21 02:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-04-30 01:10 . 2006-08-21 05:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-04-30 01:08 . 2008-04-30 13:15 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-04-30 01:06 . 2008-04-30 01:06 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-04-30 00:40 . 2006-08-25 08:45 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll 2008-04-30 00:33 . 2007-07-12 16:31 765,952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll 2008-04-30 00:33 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2008-04-30 00:12 . 2007-07-09 06:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-04-30 00:11 . 2006-03-20 20:23 23,040 --------- C:\WINDOWS\kb913800.exe 2008-04-30 00:08 . 2008-04-30 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-04-29 23:45 . 2008-05-02 02:37 2,666,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-29 23:45 . 2008-05-02 02:37 24,404 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-29 23:39 . 2008-04-29 23:39 <DIR> d-------- C:\Program Files\Yahoo! 2008-04-29 23:39 . 2008-04-29 23:39 <DIR> d-------- C:\Program Files\CCleaner 2008-04-29 23:36 . 2008-04-29 23:37 <DIR> d-------- C:\Program Files\McAfee.com 2008-04-29 23:36 . 2008-04-29 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com 2008-04-29 23:36 . 2005-08-29 19:01 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll 2008-04-29 23:36 . 2005-05-24 19:23 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll 2008-04-29 23:36 . 2005-01-09 20:32 181,938 --a------ C:\WINDOWS\Gateway.bmp 2008-04-29 23:36 . 2003-03-25 05:00 67,072 --a------ C:\WINDOWS\POWERCFG.EXE 2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Program Files\ZoneAlarmSB 2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative 2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Creative 2008-04-29 23:34 . 2008-04-29 23:34 <DIR> d-------- C:\Program Files\Zone Labs 2008-04-29 23:34 . 2008-04-29 23:34 <DIR> d-------- C:\Program Files\TurboTaxOnline 2008-04-29 23:34 . 2008-04-29 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-04-29 23:33 . 2008-04-29 23:33 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-04-29 23:33 . 2008-04-29 23:34 <DIR> d-------- C:\Program Files\Ahead 2008-04-29 23:33 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll 2008-04-29 23:33 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll 2008-04-29 23:33 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll 2008-04-29 23:33 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll 2008-04-29 23:33 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-04-29 23:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Real 2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\QuickTime 2008-04-29 23:32 . 2008-04-30 00:07 <DIR> d-------- C:\Program Files\Pure Networks 2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Learn2.com 2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Common Files\Real 2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Common Files\Nullsoft 2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime 2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks 2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver 2008-04-29 23:31 . 2008-04-29 22:46 <DIR> d-------- C:\Program Files\Common Files\AOL 2008-04-29 23:31 . 2008-04-29 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-04-29 23:31 . 2008-04-29 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL 2008-04-29 23:31 . 2008-04-29 23:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView 2008-04-29 23:31 . 2004-06-30 09:49 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll 2008-04-29 23:30 . 2008-04-29 23:30 <DIR> d-------- C:\Program Files\Digital Media Reader 2008-04-29 23:30 . 2008-04-29 23:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech 2008-04-29 23:29 . 2008-04-29 22:47 <DIR> d-------- C:\Program Files\Napster 2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Program Files\Logitech 2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Program Files\CyberLink 2008-04-29 23:29 . 2008-04-29 23:30 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-04-29 23:29 . 2008-04-29 22:43 <DIR> d-------- C:\Documents and Settings\Owner 2008-04-29 23:29 . 2008-04-29 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster 2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield 2008-04-29 23:29 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-04-29 23:29 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-04-29 23:29 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-04-29 23:29 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-04-29 23:29 . 2003-03-18 20:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-04-29 23:29 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll 2008-04-29 23:28 . 2008-04-29 23:28 <DIR> d-------- C:\WINDOWS\nvidia icons 2008-04-29 23:28 . 2008-04-29 22:44 <DIR> d-------- C:\Program Files\BigFix 2008-04-29 23:28 . 2008-04-29 23:28 <DIR> d-------- C:\NVIDIA 2008-04-29 23:28 . 2004-07-15 14:06 471,298 --a------ C:\WINDOWS\wallpg.exe 2008-04-29 23:28 . 2008-03-24 11:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-04-29 23:28 . 2008-03-24 19:52 175,336 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-04-29 23:28 . 2005-01-11 13:09 51,656 --a------ C:\WINDOWS\system32\OEMLOGO.bmp 2008-04-29 23:28 . 2005-10-11 12:48 13,352 --a------ C:\WINDOWS\BigFixClientOverride.dll 2008-04-29 23:28 . 2008-04-29 23:36 953 --a------ C:\RebootLog.ini 2008-04-29 23:28 . 2008-04-29 23:28 2 --a------ C:\AUDIT_INSTALL_IN_PROGRESS 2008-04-29 23:27 . 2008-04-29 23:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-04-29 23:27 . 2008-05-01 07:40 <DIR> d-------- C:\Program Files\Netscape Internet Service 2008-04-29 23:27 . 2008-04-30 00:07 <DIR> d-------- C:\Program Files\Google 2008-04-29 23:27 . 2008-04-29 23:27 <DIR> d-------- C:\Program Files\Gateway 2008-04-29 23:27 . 2008-04-29 22:13 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS 2008-04-29 23:27 . 2008-05-01 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service 2008-04-29 23:27 . 2008-04-29 23:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlarySoft 2008-04-29 23:27 . 2008-04-29 23:27 8,192 --a------ C:\WINDOWS\REGLOCS.OLD 2008-04-29 23:27 . 2008-04-29 22:43 1,024 --ah----- C:\Documents and Settings\Default User\ntuser.dat.LOG 2008-04-29 23:27 . 2008-04-29 22:43 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG 2008-04-29 23:26 . 2008-04-29 23:26 <DIR> d-------- C:\Program Files\Java 2008-04-29 23:26 . 2008-04-29 23:29 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-04-29 23:26 . 2008-04-29 23:26 <DIR> d-------- C:\Program Files\Common Files\Java 2008-04-29 23:26 . 2008-04-29 23:28 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-04-29 23:23 . 2008-04-29 23:31 <DIR> d-------- C:\Program Files\Intel 2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Program Files\DNA 2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Program Files\Common Files\New Boundary 2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Program Files\BitTorrent 2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prism Deploy 2008-04-29 23:23 . 2008-05-04 02:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA 2008-04-29 23:22 . 2008-04-29 23:22 <DIR> d-------- C:\Program Files\Registry Repair 2008-04-29 23:21 . 2008-04-29 23:21 <DIR> d-------- C:\Program Files\Microsoft Streets and Trips 2008-04-29 23:21 . 2008-04-29 23:21 <DIR> d-------- C:\Program Files\Encarta 2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\WINDOWS\ShellNew 2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Ventrilo 2008-04-29 23:20 . 2008-04-29 23:30 <DIR> d-------- C:\Program Files\Picture It! Premium 10 2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft Works Suite 2005 2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft Works 2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft Money 2005 2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-29 23:20 . 2008-04-30 18:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo 2008-04-29 23:20 . 2008-04-29 23:20 376 --a------ C:\WINDOWS\ODBC.INI 2008-04-29 23:19 . 2008-04-30 00:07 <DIR> d-------- C:\WINDOWS\nview 2008-04-29 23:19 . 2008-03-24 19:52 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-04-29 23:19 . 2008-05-03 12:27 168,688 --a------ C:\WINDOWS\system32\nvapps.xml 2008-04-29 23:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-02 09:43 42,276 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_02_02_35_44_small.dmp.zip 2008-05-01 14:48 729,088 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-05-01 14:48 1,507,840 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-04-30 06:32 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys 2008-04-30 06:30 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-30 06:30 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-04-30 05:13 --------- d-----w C:\Program Files\Windows Plus 2008-04-30 05:13 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-03 03:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2008-04-03 03:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-02_ 0.37.30.92 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-02 05:01:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-03 19:18:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2004-01-07 18:21:24 237,936 ----a-w C:\WINDOWS\system32\unicows.dll + 2008-05-03 19:18:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-04-29 23:35 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-29 23:35 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-29 22:47 171448] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-29 23:23 289088] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-04-30 08:08 160592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992] "nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe] "Gateway Extended Warranty"="C:\Program Files\Gateway\GWCares\GWCares.exe" [2004-02-08 16:30 73728] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 16:19 77312 C:\WINDOWS\arpwrmsg.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 05:09 139264] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "CTHelper"="CTHELPER.EXE" [2005-10-29 20:31 16384 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2005-10-29 20:31 18944 C:\WINDOWS\system32\CTXFIHLP.EXE] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 10:37 79224] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 20:07 919016] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 14:26 212992] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-29 23:32 98304] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2008-04-29 23:28:45 2168360] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-29 23:29:58 789008] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 10:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 10:35] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-10-29 20:16] . Contents of the 'Scheduled Tasks' folder "2008-04-30 05:43:22 C:\WINDOWS\Tasks\ISP signup reminder 2.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2008-04-30 05:43:22 C:\WINDOWS\Tasks\ISP signup reminder 3.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2008-05-04 09:02:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-04 02:18:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\nview.dll . Completion time: 2008-05-04 2:19:27 ComboFix-quarantined-files.txt 2008-05-04 09:19:23 ComboFix2.txt 2008-05-02 07:37:46 Pre-Run: 290,123,317,248 bytes free Post-Run: 290,115,911,680 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 254 --- E O F --- 2008-05-02 07:17:24 HIJACKHIS LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:21:14 AM, on 5/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Digital Media Reader\readericon45G.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wscntfy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe" O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1209544639562 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9575 bytes