Tech Support Forum - View Single Post - John Berry's Home Page..Ever heard of it??

vickystylton · 08-28-2008, 01:40 AM

sry fr the delay...my net's got some probs...

The prob wit IE's still not gone, anyways, here's the log:

ComboFix 08-08-27.03 - Administrator 2008-08-28 12:52:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1623 [GMT 5.5:30]
Running from: G:\Software\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Syskernel12.dll
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-28 09:11 . 2008-08-28 09:11 <DIR> d-------- C:\Program Files\UseNeXT
2008-08-28 07:53 . 2008-08-28 07:53 <DIR> d-------- C:\Program Files\EACOM
2008-08-28 04:41 . 2008-08-28 05:32 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-08-28 04:05 . 2008-08-28 12:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\UseNeXT
2008-08-27 19:28 . 2000-04-03 22:05 118,784 --a------ C:\WINDOWS\system32\Msstdfmt.dll
2008-08-27 17:35 . 2008-08-27 17:35 <DIR> d-------- C:\Documents and Settings\Administrator\.VirtualBox
2008-08-27 17:35 . 2008-07-29 21:24 54,896 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-08-27 17:35 . 2008-07-29 21:24 41,616 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-08-27 08:28 . 2008-08-27 08:28 <DIR> d-------- C:\Program Files\eMule
2008-08-27 08:28 . 2008-08-27 08:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\eMule
2008-08-27 07:28 . 2008-08-27 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Torrent Episode Downloader
2008-08-27 07:26 . 2008-08-27 07:26 <DIR> d-------- C:\Program Files\Torrent Episode Downloader
2008-08-26 18:29 . 2008-08-26 18:29 <DIR> d-------- C:\Program Files\Kozmos
2008-08-24 19:13 . 2008-08-24 19:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-24 19:13 . 2008-08-24 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-21 08:24 . 2008-08-21 08:24 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-08-20 13:05 . 2008-08-20 13:05 <DIR> d-------- C:\Program Files\Veoh Networks
2008-08-19 22:37 . 2008-08-19 22:37 1,643 --a------ C:\WINDOWS\cheatbook.ini
2008-08-19 08:29 . 2008-08-19 08:29 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-08-19 07:28 . 2008-08-19 07:28 <DIR> d-------- C:\Program Files\Archive
2008-08-18 23:07 . 2008-08-18 23:07 503 --a------ C:\WINDOWS\eReg.dat
2008-08-15 11:53 . 2008-08-15 11:54 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Program Files\WMV9_VCM
2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Program Files\River Past
2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Program Files\Common Files\River Past
2008-08-15 11:47 . 2008-08-15 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\River Past G5
2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\River Past G5
2008-08-15 11:47 . 2008-08-15 11:47 166,193 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2008-08-13 17:00 . 2008-08-13 17:00 <DIR> d-------- C:\Program Files\Blackjack International
2008-08-13 08:19 . 2008-08-13 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BeachPartyCraze
2008-08-13 08:10 . 2008-08-13 08:10 <DIR> d-------- C:\WINDOWS\Beach Party Craze
2008-08-13 05:35 . 2008-08-13 05:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-13 04:16 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-13 04:15 . 2008-08-13 04:15 <DIR> d-------- C:\Program Files\Panda Security
2008-08-12 11:10 . 2008-08-12 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-08-12 11:09 . 2008-08-12 11:09 <DIR> d-------- C:\WINDOWS\Elf Bowling - Hawaiian Vacation
2008-08-12 08:02 . 2008-08-12 08:02 <DIR> d-------- C:\WINDOWS\The Race
2008-08-12 08:02 . 2008-08-12 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TheRace_dev
2008-08-11 09:10 . 2008-08-11 09:10 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-11 09:10 . 2008-08-11 09:10 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-11 09:09 . 2008-08-11 09:09 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-11 09:09 . 2008-08-28 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-11 09:09 . 2008-08-28 12:53 5,067,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-11 09:09 . 2008-08-28 12:53 622,624 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-11 09:09 . 2008-08-28 12:53 44,864 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-11 09:09 . 2008-08-28 12:53 7,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-11 09:05 . 2008-08-11 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-10 12:41 . 2008-08-10 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 12:22 . 2008-08-10 12:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-08-09 11:26 . 2004-12-10 10:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-08-09 11:26 . 2004-12-10 10:47 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2008-08-09 10:06 . 2008-08-12 12:38 <DIR> d-------- C:\Temp
2008-08-09 09:48 . 2008-08-09 09:48 17,610,096 --a------ C:\WINDOWS\system32\x-dvd-ripper-platinum5.exe
2008-08-09 09:48 . 2008-05-06 11:31 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-08-09 09:48 . 2008-05-06 11:31 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-08-09 09:44 . 2008-08-09 10:00 <DIR> d-------- C:\MyAudio
2008-08-09 09:42 . 2008-08-09 10:07 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2008-08-09 08:04 . 2008-08-09 08:04 <DIR> d-------- C:\Program Files\Command Prompt Explorer Bar
2008-08-06 20:33 . 2008-08-06 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-06 20:30 . 2008-08-06 20:34 <DIR> d-------- C:\Program Files\SlySoft
2008-08-06 20:27 . 2008-08-06 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-04 18:35 . 2008-08-09 09:30 34 --a------ C:\WINDOWS\cdplayer.ini
2008-08-04 18:34 . 2008-08-09 09:30 <DIR> d-------- C:\Program Files\AudioGrabber
2008-08-04 07:14 . 2008-08-04 07:14 32 --a------ C:\WINDOWS\go
2008-08-03 15:36 . 2008-08-03 15:36 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-07-31 22:15 . 2008-07-31 22:15 <DIR> d-------- C:\Program Files\CCleaner
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 06:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-08-28 02:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-27 13:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-08-27 12:04 --------- d-----w C:\Program Files\Sun
2008-08-23 12:09 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-23 12:09 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-19 03:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-08-19 02:26 --------- d-----w C:\Program Files\Yahoo!
2008-08-18 17:19 29,392 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-08-18 15:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2008-08-12 06:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\M3
2008-08-11 02:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-08-11 02:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-08-10 06:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit
2008-08-09 04:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-07 00:38 --------- d-----w C:\Program Files\uTorrent
2008-08-04 14:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-07-25 07:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
2008-07-24 06:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hamachi
2008-07-21 13:04 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-21 01:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayPond
2008-07-21 00:43 --------- d-----w C:\Program Files\Dream Match Tennis
2008-07-20 06:42 --------- d-----w C:\Program Files\Raw Modders Union
2008-07-20 06:13 --------- d-----w C:\Program Files\Game Cam V2
2008-07-18 12:38 --------- d-----w C:\Program Files\GIMP-2.0
2008-07-18 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-14 10:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA
2008-07-08 10:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-07-06 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-06 16:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-07-06 16:14 --------- d-----w C:\Program Files\Alcohol 120 Portable
2008-07-06 08:45 --------- d-----w C:\Program Files\M3
2008-07-05 02:56 --------- d-----w C:\Program Files\Java
2008-07-05 02:55 --------- d-----w C:\Program Files\Common Files\Java
2008-07-01 19:18 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-07-01 18:23 --------- d-----w C:\Program Files\Vista Drive Icon
2008-07-01 18:11 --------- d-----w C:\Program Files\VisualTaskTips
2008-06-29 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-29 19:42 0 ----a-w C:\Program Files\temp01
2008-06-29 19:42 --------- d-----w C:\Program Files\bfgclient
2008-06-29 10:11 --------- d-----w C:\Program Files\Microsoft Games
2008-06-29 07:59 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-28 17:50 --------- d-----w C:\Program Files\RealChess
2008-06-28 17:45 --------- d-----w C:\Program Files\Windows Sidebar GadgetInstaller
2008-06-17 08:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-31 06:34 63,237 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-31 06:34 6,054 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-31 06:34 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-19 06:32 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

------- Sigcheck -------

2004-08-03 23:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\explorer.exe
2004-08-03 23:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-03 23:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\wuauclt.exe
2004-08-03 23:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 21:28 217544]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 14:12 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 22:34 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-08 11:27 29744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 12:41 8523776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 23:56 55808 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 03:35:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-02 01:11:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 13:13:08 180224]
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2008-05-08 10:31:20 44384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VisualTaskTips.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\VisualTaskTips.lnk
backup=C:\WINDOWS\pss\VisualTaskTips.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 10:21 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-06-04 17:44 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-15 01:39 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
--a------ 2008-04-13 18:09 49152 C:\Program Files\Vista Drive Icon\DrvIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
--------- 2004-08-26 05:26 65536 C:\Program Files\Huawei\MT841\dslagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 12:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 12:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-03-28 01:07 593920 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-08 22:34 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-13 18:06 3660848 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 10:58 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2007-07-11 09:37 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
-r------- 2007-07-11 09:37 2808832 C:\WINDOWS\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 12:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-07-11 09:37 16132608 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2007-07-11 09:37 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2007-07-11 09:37 86016 C:\WINDOWS\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Huawei\\MT841\\dslagent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"E:\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-07-29 21:24]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-07-29 21:24]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-08 11:27]
S3 PCIUtil;PCI Utility;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PCIUtil.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 23:37]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 23:37]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 23:37]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 23:38]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 23:36]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 23:39]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 23:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe315ec-3cfe-11dd-a39f-89284bcd549d}]
\Shell\AutoRun\command - L:\AUTORUN.EXE
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NeroCheck - C:\WINDOWS\system32\NeroCheck.exe
MSConfigStartUp-TopDesk - C:\Program Files\TopDesk\topdesk.exe
MSConfigStartUp-_Alcohol - C:\Program Files\Alcohol Soft\Alcohol 120\_Alcohol.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/webhp?complete=1&hl=en
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1202.1501\npCIDetect11.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 12:54:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2008-08-28 12:57:42 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-08-28 07:27:39

Pre-Run: 4,481,941,504 bytes free
Post-Run: 4,933,607,424 bytes free

317

I dnt really use much pirated soft...n yea..those keygens...i juz copied them frm a dvd..ive never used those keygens.

And ive visited hxxp://www.serials.ws a couple or three times(again, for my friend, not fr me!)

08-28-2008, 01:40 AM	#6 (permalink)
vickystylton Registered User Join Date: Aug 2008 Posts: 6 OS: Win XP SP 2	Re: John Berry's Home Page..Ever heard of it?? sry fr the delay...my net's got some probs... The prob wit IE's still not gone, anyways, here's the log: ComboFix 08-08-27.03 - Administrator 2008-08-28 12:52:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1623 [GMT 5.5:30] Running from: G:\Software\ComboFix.exe . ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Syskernel12.dll C:\WINDOWS\system32\MSINET.oca . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))) . 2008-08-28 09:11 . 2008-08-28 09:11 <DIR> d-------- C:\Program Files\UseNeXT 2008-08-28 07:53 . 2008-08-28 07:53 <DIR> d-------- C:\Program Files\EACOM 2008-08-28 04:41 . 2008-08-28 05:32 <DIR> d-------- C:\Program Files\PeerGuardian2 2008-08-28 04:05 . 2008-08-28 12:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\UseNeXT 2008-08-27 19:28 . 2000-04-03 22:05 118,784 --a------ C:\WINDOWS\system32\Msstdfmt.dll 2008-08-27 17:35 . 2008-08-27 17:35 <DIR> d-------- C:\Documents and Settings\Administrator\.VirtualBox 2008-08-27 17:35 . 2008-07-29 21:24 54,896 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys 2008-08-27 17:35 . 2008-07-29 21:24 41,616 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys 2008-08-27 08:28 . 2008-08-27 08:28 <DIR> d-------- C:\Program Files\eMule 2008-08-27 08:28 . 2008-08-27 08:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\eMule 2008-08-27 07:28 . 2008-08-27 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Torrent Episode Downloader 2008-08-27 07:26 . 2008-08-27 07:26 <DIR> d-------- C:\Program Files\Torrent Episode Downloader 2008-08-26 18:29 . 2008-08-26 18:29 <DIR> d-------- C:\Program Files\Kozmos 2008-08-24 19:13 . 2008-08-24 19:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-24 19:13 . 2008-08-24 19:13 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-21 08:24 . 2008-08-21 08:24 <DIR> d-------- C:\Program Files\Elaborate Bytes 2008-08-20 13:05 . 2008-08-20 13:05 <DIR> d-------- C:\Program Files\Veoh Networks 2008-08-19 22:37 . 2008-08-19 22:37 1,643 --a------ C:\WINDOWS\cheatbook.ini 2008-08-19 08:29 . 2008-08-19 08:29 <DIR> d-------- C:\Program Files\Combined Community Codec Pack 2008-08-19 07:28 . 2008-08-19 07:28 <DIR> d-------- C:\Program Files\Archive 2008-08-18 23:07 . 2008-08-18 23:07 503 --a------ C:\WINDOWS\eReg.dat 2008-08-15 11:53 . 2008-08-15 11:54 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Program Files\WMV9_VCM 2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Program Files\River Past 2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Program Files\Common Files\River Past 2008-08-15 11:47 . 2008-08-15 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\River Past G5 2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\River Past G5 2008-08-15 11:47 . 2008-08-15 11:47 166,193 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe 2008-08-13 17:00 . 2008-08-13 17:00 <DIR> d-------- C:\Program Files\Blackjack International 2008-08-13 08:19 . 2008-08-13 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BeachPartyCraze 2008-08-13 08:10 . 2008-08-13 08:10 <DIR> d-------- C:\WINDOWS\Beach Party Craze 2008-08-13 05:35 . 2008-08-13 05:35 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-13 04:16 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-13 04:15 . 2008-08-13 04:15 <DIR> d-------- C:\Program Files\Panda Security 2008-08-12 11:10 . 2008-08-12 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2008-08-12 11:09 . 2008-08-12 11:09 <DIR> d-------- C:\WINDOWS\Elf Bowling - Hawaiian Vacation 2008-08-12 08:02 . 2008-08-12 08:02 <DIR> d-------- C:\WINDOWS\The Race 2008-08-12 08:02 . 2008-08-12 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TheRace_dev 2008-08-11 09:10 . 2008-08-11 09:10 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-08-11 09:10 . 2008-08-11 09:10 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-08-11 09:09 . 2008-08-11 09:09 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-08-11 09:09 . 2008-08-28 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-08-11 09:09 . 2008-08-28 12:53 5,067,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-11 09:09 . 2008-08-28 12:53 622,624 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-11 09:09 . 2008-08-28 12:53 44,864 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-11 09:09 . 2008-08-28 12:53 7,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-11 09:05 . 2008-08-11 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-10 12:41 . 2008-08-10 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-10 12:22 . 2008-08-10 12:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2008-08-09 11:26 . 2004-12-10 10:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax 2008-08-09 11:26 . 2004-12-10 10:47 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl 2008-08-09 10:06 . 2008-08-12 12:38 <DIR> d-------- C:\Temp 2008-08-09 09:48 . 2008-08-09 09:48 17,610,096 --a------ C:\WINDOWS\system32\x-dvd-ripper-platinum5.exe 2008-08-09 09:48 . 2008-05-06 11:31 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-08-09 09:48 . 2008-05-06 11:31 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-08-09 09:44 . 2008-08-09 10:00 <DIR> d-------- C:\MyAudio 2008-08-09 09:42 . 2008-08-09 10:07 <DIR> d-------- C:\Program Files\AoA Audio Extractor 2008-08-09 08:04 . 2008-08-09 08:04 <DIR> d-------- C:\Program Files\Command Prompt Explorer Bar 2008-08-06 20:33 . 2008-08-06 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2008-08-06 20:30 . 2008-08-06 20:34 <DIR> d-------- C:\Program Files\SlySoft 2008-08-06 20:27 . 2008-08-06 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-08-04 18:35 . 2008-08-09 09:30 34 --a------ C:\WINDOWS\cdplayer.ini 2008-08-04 18:34 . 2008-08-09 09:30 <DIR> d-------- C:\Program Files\AudioGrabber 2008-08-04 07:14 . 2008-08-04 07:14 32 --a------ C:\WINDOWS\go 2008-08-03 15:36 . 2008-08-03 15:36 4,096 --a------ C:\WINDOWS\d3dx.dat 2008-07-31 22:15 . 2008-07-31 22:15 <DIR> d-------- C:\Program Files\CCleaner 2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll 2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 06:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-08-28 02:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-27 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-27 13:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent 2008-08-27 12:04 --------- d-----w C:\Program Files\Sun 2008-08-23 12:09 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-23 12:09 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-19 03:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss 2008-08-19 02:26 --------- d-----w C:\Program Files\Yahoo! 2008-08-18 17:19 29,392 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-08-18 15:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\gtk-2.0 2008-08-12 06:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\M3 2008-08-11 02:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-08-11 02:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7 2008-08-10 06:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit 2008-08-09 04:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-07 00:38 --------- d-----w C:\Program Files\uTorrent 2008-08-04 14:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager 2008-07-25 07:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp 2008-07-24 06:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hamachi 2008-07-21 13:04 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-07-21 01:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayPond 2008-07-21 00:43 --------- d-----w C:\Program Files\Dream Match Tennis 2008-07-20 06:42 --------- d-----w C:\Program Files\Raw Modders Union 2008-07-20 06:13 --------- d-----w C:\Program Files\Game Cam V2 2008-07-18 12:38 --------- d-----w C:\Program Files\GIMP-2.0 2008-07-18 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2008-07-14 10:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA 2008-07-08 10:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Leadertech 2008-07-06 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2008-07-06 16:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead 2008-07-06 16:14 --------- d-----w C:\Program Files\Alcohol 120 Portable 2008-07-06 08:45 --------- d-----w C:\Program Files\M3 2008-07-05 02:56 --------- d-----w C:\Program Files\Java 2008-07-05 02:55 --------- d-----w C:\Program Files\Common Files\Java 2008-07-01 19:18 --------- d-----w C:\Program Files\Common Files\SWF Studio 2008-07-01 18:23 --------- d-----w C:\Program Files\Vista Drive Icon 2008-07-01 18:11 --------- d-----w C:\Program Files\VisualTaskTips 2008-06-29 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2008-06-29 19:42 0 ----a-w C:\Program Files\temp01 2008-06-29 19:42 --------- d-----w C:\Program Files\bfgclient 2008-06-29 10:11 --------- d-----w C:\Program Files\Microsoft Games 2008-06-29 07:59 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-06-28 17:50 --------- d-----w C:\Program Files\RealChess 2008-06-28 17:45 --------- d-----w C:\Program Files\Windows Sidebar GadgetInstaller 2008-06-17 08:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-05-31 06:34 63,237 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-05-31 06:34 6,054 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-05-31 06:34 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-05-19 06:32 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll . ------- Sigcheck ------- 2004-08-03 23:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\explorer.exe 2004-08-03 23:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-03 23:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\wuauclt.exe 2004-08-03 23:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\dllcache\wuauclt.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 21:28 217544] "VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 14:12 65536] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 22:34 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-08 11:27 29744] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 12:41 8523776] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-03 23:56 55808 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 03:35:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-02 01:11:18 65536] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 13:13:08 180224] WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2008-05-08 10:31:20 44384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VisualTaskTips.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\VisualTaskTips.lnk backup=C:\WINDOWS\pss\VisualTaskTips.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Y'z Shadow.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Y'z Shadow.lnk backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-06-01 10:21 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-06-04 17:44 289088 C:\Program Files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-09-15 01:39 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon] --a------ 2008-04-13 18:09 49152 C:\Program Files\Vista Drive Icon\DrvIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE] --------- 2004-08-26 05:26 65536 C:\Program Files\Huawei\MT841\dslagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 12:41 8523776 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 12:41 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-03-28 01:07 593920 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-05-08 22:34 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-08-13 18:06 3660848 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 10:58 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2007-07-11 09:37 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] -r------- 2007-07-11 09:37 2808832 C:\WINDOWS\alcwzrd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 12:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-07-11 09:37 16132608 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2007-07-11 09:37 1826816 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -r------- 2007-07-11 09:37 86016 C:\WINDOWS\SoundMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Huawei\\MT841\\dslagent.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "E:\\SecondLife\\SLVoice.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\Free Download Manager\\fdm.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-07-29 21:24] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-07-29 21:24] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-08 11:27] S3 PCIUtil;PCI Utility;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PCIUtil.sys [] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 23:37] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 23:37] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 23:37] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 23:38] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 23:36] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 23:39] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 23:36] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe315ec-3cfe-11dd-a39f-89284bcd549d}] \Shell\AutoRun\command - L:\AUTORUN.EXE . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-NeroCheck - C:\WINDOWS\system32\NeroCheck.exe MSConfigStartUp-TopDesk - C:\Program Files\TopDesk\topdesk.exe MSConfigStartUp-_Alcohol - C:\Program Files\Alcohol Soft\Alcohol 120\_Alcohol.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s5swqfcn.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/webhp?complete=1&hl=en FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1202.1501\npCIDetect11.dll FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 12:54:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe . ************************************************************************ . Completion time: 2008-08-28 12:57:42 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2008-08-28 07:27:39 Pre-Run: 4,481,941,504 bytes free Post-Run: 4,933,607,424 bytes free 317 I dnt really use much pirated soft...n yea..those keygens...i juz copied them frm a dvd..ive never used those keygens. And ive visited hxxp://www.serials.ws a couple or three times(again, for my friend, not fr me!) Last edited by MoralTerror; 08-28-2008 at 06:53 PM. Reason: edit url