Well although slow to boot up the system appears to be a little more stable then it was, since it can now read usbs without needing to go into safemode again, as well as the virusguard identifying various copies of the trojen horse '
generic12.UGM' and
Downloader Generic2.MYA. The previous issues however are still in effect, such as the popups and I have taken no action to deal with the identified trojen horses at this time:
ComboFix 08-12-03.04 - Richard 2008-12-04 15:40:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1514 [GMT 0:00]
Command switches used :: c:\documents and settings\Richard\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\Richard\Application Data\gadcom
c:\documents and settings\Richard\Application Data\gadcom\gadcom.exe
c:\documents and settings\Richard\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Richard\Local Settings\Temporary Internet Files\hgstarterjp_verinfo.dat
c:\documents and settings\Richard\Start Menu\Programs\Startup\Deewoo.lnk
c:\documents and settings\Richard\Start Menu\Programs\Startup\DW_Start.lnk
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\program files\network monitor
c:\program files\network monitor\netmon.exe
c:\program files\webhancer
c:\program files\webhancer\Programs\license.txt
c:\program files\webhancer\Programs\readme.txt
c:\program files\webhancer\Programs\SET1D9.tmp
c:\temp\tn3
c:\windows\system32\~.exe
c:\windows\system32\agucpwos.dll
c:\windows\system32\DdMoYccf.ini
c:\windows\system32\DdMoYccf.ini2
c:\windows\system32\drivers\ati2rtxx.sys
c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\system32\dwwnw64r.exe
c:\windows\system32\eagdflvs.dll
c:\windows\system32\fccYoMdD.dll
c:\windows\system32\gizolama.dll
c:\windows\system32\gs73gfidgf.dll
c:\windows\system32\lnimkwxr.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\msnav32.ax
c:\windows\system32\najytkxa.dll
c:\windows\system32\oejvvlxr.ini
c:\windows\system32\prunnet.exe
c:\windows\system32\rs32net.exe
c:\windows\system32\ruvoziyi.dll
c:\windows\system32\rxwkminl.ini
c:\windows\system32\ssprs.dll
c:\windows\system32\TDSSarxx.dll
c:\windows\system32\TDSScfmm.dll
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSlxcp.dll
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvkql.dll
c:\windows\system32\TDSSxhyf.log
c:\windows\system32\vfqxut.dll
c:\windows\system32\vokeloso.dll
c:\windows\system32\vufkso.dll
c:\windows\system32\winpfz33.sys
c:\windows\system32\xxywWoND.dll
c:\windows\system32\yckgqhco.dll
c:\windows\system32\zxdnt3d.cfg
c:\windows\Tasks\jdntzijh.job
c:\windows\Temp\tmp3.tmp
c:\windows\uninstall_nmon.vbs
c:\windows\system32\drivers\core.cache.dsk . . . . failed to delete
----- BITS: Possible infected sites -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_ATI2RTXX
-------\Legacy_NETWORK_MONITOR
-------\Service_ati2rtxx
-------\Service_Network Monitor
-------\Service_restore
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-04 16:00 . 2008-12-04 16:00 <DIR> d-------- c:\temp\tn3
2008-12-04 15:58 . 2008-12-04 15:58 932 --------- c:\windows\system32\drivers\core.cache.dsk
2008-12-03 17:22 . 2007-12-05 21:32 237,568 --a------ c:\program files\Uninstall Morpheus Toolbar.dll
2008-12-02 20:41 . 2008-12-02 21:20 <DIR> d-------- C:\HJT
2008-12-02 20:24 . 2008-12-02 20:24 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-12-02 20:01 . 2008-12-02 20:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-02 20:00 . 2008-12-04 16:03 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-02 20:00 . 2008-12-02 20:00 <DIR> d-------- c:\program files\AVG
2008-12-02 20:00 . 2008-12-02 20:00 <DIR> d-------- c:\documents and settings\Richard\Application Data\AVGTOOLBAR
2008-12-02 20:00 . 2008-12-02 20:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-02 20:00 . 2008-12-02 20:00 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-02 20:00 . 2008-12-02 20:00 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-02 18:52 . 2008-12-02 18:52 153,484 --a------ c:\windows\system32\g30.exe
2008-12-02 18:52 . 2008-12-02 18:52 64,859 --a------ c:\windows\system32\tdccmlvugevz.exe
2008-12-02 17:58 . 2008-12-02 17:58 <DIR> d-------- c:\program files\Lavasoft
2008-12-02 17:58 . 2008-12-02 17:58 <DIR> d-------- c:\documents and settings\Richard\Application Data\Lavasoft
2008-12-02 17:19 . 2008-12-02 17:19 <DIR> d--hs---- c:\windows\UmljaGFyZCBXaWx0c2hpcmU
2008-12-02 17:19 . 2008-12-02 17:19 47,598 --a------ c:\windows\system32\ouvirtkzoay.exe
2008-12-02 17:18 . 2008-12-02 17:18 86,272 --a------ c:\windows\system32\drivers\btcusbb.sys
2008-12-02 17:17 . 2008-12-02 17:17 104,448 --a------ c:\windows\system32\winhlp.exe
2008-12-02 17:17 . 2008-12-02 17:17 104,448 --a------ C:\qthqdso.exe
2008-12-02 17:17 . 2008-12-02 17:17 8,192 --a------ C:\opdwrpjm.exe
2008-12-02 17:17 . 2008-12-02 17:17 705 --a------ C:\mguvbfr.exe
2008-12-02 17:17 . 2008-12-02 17:17 2 --a------ C:\1960106143
2008-12-02 17:16 . 2008-12-02 17:16 34,816 --a------ c:\windows\system32\wvUnOHwT.dll
2008-11-24 16:27 . 2008-11-24 16:27 369,152 --a------ c:\windows\system32\edirhpvlbn.dll
2008-11-23 15:15 . 2008-11-23 15:15 <DIR> d-------- c:\program files\Common Files\Philips
2008-11-23 14:51 . 2008-11-24 13:33 <DIR> d-------- c:\program files\Philips
2008-11-12 17:26 . 2008-09-04 17:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 17:11 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-07 18:43 . 2008-12-01 22:48 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-07 18:43 . 2008-11-07 18:43 1,409 --a------ c:\windows\QTFont.for
2008-11-04 21:32 . 2008-11-04 21:32 <DIR> d-------- c:\documents and settings\Richard\Application Data\Damdai
2008-11-04 21:05 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-11-04 16:22 . 2008-11-06 20:55 <DIR> d-------- C:\vcs5BGEffects
2008-11-04 16:11 . 2008-11-06 20:38 <DIR> d-------- c:\program files\AV Vcs 6.0 DIAMOND
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 15:32 --------- d-----w c:\documents and settings\Richard\Application Data\Hamachi
2008-12-03 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-02 17:01 --------- d-----w c:\program files\Steam
2008-11-23 15:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 13:34 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-26 12:44 --------- d-----w c:\program files\Half Life Player
2008-10-24 20:05 --------- d-----w c:\program files\Lexmark 1200 Series
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 12:01 --------- d-----w c:\program files\Nokia
2008-10-19 12:01 --------- d-----w c:\program files\Common Files\PCSuite
2008-10-19 12:01 --------- d-----w c:\program files\Common Files\Nokia
2008-10-19 12:01 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-10-19 11:59 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-09 11:05 --------- d-----w c:\program files\Creative
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-05 23:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-05 23:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2006-03-15 13:19 212,992 ----a-w c:\windows\inf\WG311v3\CopyWHQLDriver.exe
2006-01-26 16:55 280,576 ----a-w c:\windows\inf\WG311v3\WG311v3.sys
2005-10-06 14:17 280,576 ----a-w c:\windows\inf\WG311v3\WG311v3XP.sys
1999-07-07 00:00 6 --sh--r c:\windows\@desktop@.dat
2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe
2005-10-07 18:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2005-12-22 19:23 816,640 --sha-r c:\windows\system32\smab.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
2005-08-02 16:46 187,904 --sha-r c:\windows\UmljaGFyZCBXaWx0c2hpcmU\asappsrv.dll
2005-08-02 16:58 293,888 --sha-r c:\windows\UmljaGFyZCBXaWx0c2hpcmU\command.exe
2005-07-29 16:24 472 --sha-r c:\windows\UmljaGFyZCBXaWx0c2hpcmU\oA53u3IVtF1ruqUXwZ1DwAo.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14A18709-2CF5-E700-1A87-A501B3981CED}]
2008-11-24 16:27 369152 --a------ c:\windows\system32\edirhpvlbn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B46B97E-69B6-414C-9C71-20BD5B25B5A5}]
2008-12-04 16:12 302592 --a------ c:\windows\system32\vtUkhgeB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-02 17:16 34816 --a------ c:\windows\system32\wvUnOHwT.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c7a4457-e81c-4c0d-b588-b2e81d86bb85}]
2008-12-04 16:18 129024 --a------ c:\windows\system32\mtalbh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-11 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-29 8466432]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Popup"="c:\program files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2006-08-15 77920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-29 81920]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"lhgsmxrslbpwvytgo"="c:\windows\system32\edirhpvlbn.dll" [2008-11-24 369152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-02 1261336]
"74d4d830"="c:\windows\system32\ghuejoqa.dll" [2008-12-04 72704]
"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 c:\windows\system32\WDBtnMgr.exe]
"nwiz"="nwiz.exe" [2007-10-29 c:\windows\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.DLL]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Richard\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-05-14 624416]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-03 110592]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-03 110592]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-05-07 1183744]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 1486848]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-12-04 77824]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\wvUnOHwT.dll" [2008-12-02 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUnOHwT]
2008-12-02 17:16 34816 c:\windows\system32\wvUnOHwT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\vtUkhgeB
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"=
"c:\\Program Files\\Croteam\\Serious Sam - The Second Encounter\\Bin\\SeriousSam.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\bmoworld\\BomberMan.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\counter-strike source\\hl2.exe"=
"c:\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Hangame\\JAPANESE\\gunster.exe"=
"c:\\Team17\\Worms2\\frontend.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\day of defeat\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Capcom\\Bionic Commando Rearmed\\bcr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\synergy\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\half-life 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\garrysmod\\hl2.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Richard\\Local Settings\\Apps\\2.0\\5MKQLXRC.5B8\\K2Z47TBN.1GC\\2dff..tion_fcdf29b345c9098a_0001.0000_98805a01a3d42574\\2DF FreePlay Client.exe"=
"c:\\Program Files\\Kazaa Lite\\KazaaLite.kpp"=
"c:\\Documents and Settings\\Richard\\Local Settings\\Apps\\2.0\\5MKQLXRC.5B8\\K2Z47TBN.1GC\\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\\2DF FreePlay Client.exe"=
"c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"=
"c:\\Program Files\\Dell SAS RAID Storage Manager\\JRE\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\services.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-02 97928]
R1 btcusbb;btcusbb;c:\windows\system32\drivers\btcusbb.sys [2008-12-02 86272]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2007-07-20 28184]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-02 231704]
R2 lxcz_device;lxcz_device;c:\windows\system32\lxczcoms.exe -service []
S3 kbeepm;kbeepm;\??\c:\docume~1\Richard\LOCALS~1\Temp\kbeepm.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4233892-ea14-11dc-85e3-001b2f2e029d}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -
BHO-{5D1AC792-53F5-44A5-8802-D3ACFC1B3C11} - c:\windows\system32\fccYoMdD.dll
BHO-{66c005b5-38a5-4a0b-af4b-19815d45a08f} - c:\windows\system32\gizolama.dll
BHO-{f0c9605b-2ddc-0bd1-0e74-b2416fe60202} - c:\windows\system32\jtqnitevgoxhz.dll
HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
------- Supplementary Scan -------
.
uStart Page =
http://www.google.co.uk/ig/dell?hl=e...uk&ibd=6070720
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=6070720
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
c:\windows\Downloaded Program Files\hgstartjp24.exe - c:\windows\Downloaded Program Files\hgnotifyjp24.exe
c:\windows\Downloaded Program Files\HGPluginJP24.dll
O16 -: {19A08B4B-EA7C-4C62-B477-D36E5396A1B5}
hxxp://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP24.cab
c:\windows\Downloaded Program Files\HGPluginJP24.inf
c:\windows\Downloaded Program Files\hgstartjp23.exe - c:\windows\Downloaded Program Files\hgnotifyjp23.exe
c:\windows\Downloaded Program Files\HGPluginJP23.dll
O16 -: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03}
hxxp://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab
c:\windows\Downloaded Program Files\HGPluginJP23.inf
FireFox -: Profile - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\vcspei4i.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-04 16:01:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\MrvGINA.dll
c:\windows\system32\wvUnOHwT.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wdfmgr.exe
c:\program files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
c:\program files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
c:\program files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Lexmark 1200 Series\LXCZbmon.exe
c:\progra~1\AVG\AVG8\aAvgApi.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-04 16:21:53 - machine was rebooted [Richard]
ComboFix-quarantined-files.txt 2008-12-04 16:21:50
Pre-Run: 79,769,960,448 bytes free
Post-Run: 84,061,978,624 bytes free
433 --- E O F --- 2008-11-25 00:32:59