Tech Support Forum - View Single Post

SKaiser · 12-04-2008, 03:24 PM

I think this scan may have solved the problem, since every time I was running the firefox browser since the infection it was asking me if I wanted to make it the default browser (which I normally already have it set as) but it's stopped doing that now, not to mention in preparing this post I have received no signs of any pop-ups and my virus gaurds have been able to update themselves.

ComboFix 08-12-03.04 - Richard 2008-12-04 17:35:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1306 [GMT 0:00]
Running from: c:\documents and settings\Richard\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Richard\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\1960106143
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1960106143
C:\mguvbfr.exe
C:\opdwrpjm.exe
C:\qthqdso.exe
c:\temp\tn3
c:\windows\system32\aqojeuhg.ini
c:\windows\system32\BeghkUtv.ini
c:\windows\system32\BeghkUtv.ini2
c:\windows\system32\drivers\btcusbb.sys
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\edirhpvlbn.dll
c:\windows\system32\euspldow.dll
c:\windows\system32\g30.exe
c:\windows\system32\ghuejoqa.dll
c:\windows\system32\mtalbh.dll
c:\windows\system32\nanloaon.dll
c:\windows\system32\ouvirtkzoay.exe
c:\windows\system32\tdccmlvugevz.exe
c:\windows\system32\vtUkhgeB.dll
c:\windows\system32\winhlp.exe
c:\windows\system32\wvUnOHwT.dll
c:\windows\UmljaGFyZCBXaWx0c2hpcmU
c:\windows\UmljaGFyZCBXaWx0c2hpcmU\asappsrv.dll
c:\windows\UmljaGFyZCBXaWx0c2hpcmU\command.exe
c:\windows\UmljaGFyZCBXaWx0c2hpcmU\oA53u3IVtF1ruqUXwZ1DwAo.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTCUSBB
-------\Legacy_KBEEPM
-------\Service_btcusbb
-------\Service_kbeepm

((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.

2008-12-03 17:22 . 2007-12-05 21:32 237,568 --a------ c:\program files\Uninstall Morpheus Toolbar.dll
2008-12-02 20:41 . 2008-12-02 21:20 <DIR> d-------- C:\HJT
2008-12-02 20:24 . 2008-12-02 20:24 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-12-02 20:01 . 2008-12-02 20:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-02 20:00 . 2008-12-04 17:55 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-02 20:00 . 2008-12-02 20:00 <DIR> d-------- c:\program files\AVG
2008-12-02 20:00 . 2008-12-02 20:00 <DIR> d-------- c:\documents and settings\Richard\Application Data\AVGTOOLBAR
2008-12-02 20:00 . 2008-12-02 20:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-02 20:00 . 2008-12-02 20:00 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-02 20:00 . 2008-12-02 20:00 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-02 17:58 . 2008-12-02 17:58 <DIR> d-------- c:\program files\Lavasoft
2008-12-02 17:58 . 2008-12-02 17:58 <DIR> d-------- c:\documents and settings\Richard\Application Data\Lavasoft
2008-11-23 15:15 . 2008-11-23 15:15 <DIR> d-------- c:\program files\Common Files\Philips
2008-11-23 14:51 . 2008-11-24 13:33 <DIR> d-------- c:\program files\Philips
2008-11-12 17:26 . 2008-09-04 17:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 17:11 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-07 18:43 . 2008-12-01 22:48 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-07 18:43 . 2008-11-07 18:43 1,409 --a------ c:\windows\QTFont.for
2008-11-04 21:32 . 2008-11-04 21:32 <DIR> d-------- c:\documents and settings\Richard\Application Data\Damdai
2008-11-04 21:05 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-11-04 16:22 . 2008-11-06 20:55 <DIR> d-------- C:\vcs5BGEffects
2008-11-04 16:11 . 2008-11-06 20:38 <DIR> d-------- c:\program files\AV Vcs 6.0 DIAMOND

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 17:26 --------- d-----w c:\documents and settings\Richard\Application Data\Hamachi
2008-12-03 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-03 17:27 --------- d-----w c:\program files\Morpheus
2008-12-02 17:01 --------- d-----w c:\program files\Steam
2008-11-23 15:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 13:34 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-26 12:44 --------- d-----w c:\program files\Half Life Player
2008-10-24 20:05 --------- d-----w c:\program files\Lexmark 1200 Series
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 12:01 --------- d-----w c:\program files\Nokia
2008-10-19 12:01 --------- d-----w c:\program files\Common Files\PCSuite
2008-10-19 12:01 --------- d-----w c:\program files\Common Files\Nokia
2008-10-19 12:01 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-10-19 11:59 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-09 11:05 --------- d-----w c:\program files\Creative
2006-03-15 13:19 212,992 ----a-w c:\windows\inf\WG311v3\CopyWHQLDriver.exe
2006-01-26 16:55 280,576 ----a-w c:\windows\inf\WG311v3\WG311v3.sys
2005-10-06 14:17 280,576 ----a-w c:\windows\inf\WG311v3\WG311v3XP.sys
1999-07-07 00:00 6 --sh--r c:\windows\@desktop@.dat
2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe
2005-10-07 18:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2005-12-22 19:23 816,640 --sha-r c:\windows\system32\smab.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-04_16.21.27.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-04 15:43:31 93,966 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-04 17:56:38 93,966 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-04 15:43:32 510,476 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-04 17:56:38 510,476 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-11 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-29 8466432]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Popup"="c:\program files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2006-08-15 77920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-29 81920]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-02 1261336]
"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 c:\windows\system32\WDBtnMgr.exe]
"nwiz"="nwiz.exe" [2007-10-29 c:\windows\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.DLL]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Richard\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-05-14 624416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-03 110592]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-03 110592]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-05-07 1183744]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 1486848]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-12-04 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"=
"c:\\Program Files\\Croteam\\Serious Sam - The Second Encounter\\Bin\\SeriousSam.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\bmoworld\\BomberMan.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\counter-strike source\\hl2.exe"=
"c:\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Hangame\\JAPANESE\\gunster.exe"=
"c:\\Team17\\Worms2\\frontend.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\day of defeat\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Capcom\\Bionic Commando Rearmed\\bcr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\synergy\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\half-life 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\shinkosai\\garrysmod\\hl2.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Richard\\Local Settings\\Apps\\2.0\\5MKQLXRC.5B8\\K2Z47TBN.1GC\\2dff..tion_fcdf29b345c9098a_0001.0000_98805a01a3d42574\\2DF FreePlay Client.exe"=
"c:\\Program Files\\Kazaa Lite\\KazaaLite.kpp"=
"c:\\Documents and Settings\\Richard\\Local Settings\\Apps\\2.0\\5MKQLXRC.5B8\\K2Z47TBN.1GC\\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\\2DF FreePlay Client.exe"=
"c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"=
"c:\\Program Files\\Dell SAS RAID Storage Manager\\JRE\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\services.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-02 97928]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2007-07-20 28184]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-02 231704]
R2 lxcz_device;lxcz_device;c:\windows\system32\lxczcoms.exe -service []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4233892-ea14-11dc-85e3-001b2f2e029d}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{16F3AE0F-AB16-4B4C-BEC3-9C3B3642F29D} - c:\windows\system32\vtUkhgeB.dll

.
------- Supplementary Scan -------
.
uStart Page = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=6070720
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=6070720
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

c:\windows\Downloaded Program Files\hgstartjp24.exe - c:\windows\Downloaded Program Files\hgnotifyjp24.exe
c:\windows\Downloaded Program Files\HGPluginJP24.dll
O16 -: {19A08B4B-EA7C-4C62-B477-D36E5396A1B5}
hxxp://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP24.cab
c:\windows\Downloaded Program Files\HGPluginJP24.inf

c:\windows\Downloaded Program Files\hgstartjp23.exe - c:\windows\Downloaded Program Files\hgnotifyjp23.exe
c:\windows\Downloaded Program Files\HGPluginJP23.dll
O16 -: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03}
hxxp://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab
c:\windows\Downloaded Program Files\HGPluginJP23.inf
FireFox -: Profile - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\vcspei4i.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 17:52:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\MrvGINA.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wdfmgr.exe
c:\program files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
c:\program files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Lexmark 1200 Series\LXCZbmon.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2008-12-04 18:11:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 18:11:40
ComboFix2.txt 2008-12-04 16:21:55

Pre-Run: 84,005,400,576 bytes free
Post-Run: 83,974,840,320 bytes free

330 --- E O F --- 2008-11-25 00:32:59

12-04-2008, 03:24 PM	#9 (permalink)
SKaiser Registered User Join Date: Dec 2008 Posts: 8 OS: XP	Re: Stronger adware then I thought... I think this scan may have solved the problem, since every time I was running the firefox browser since the infection it was asking me if I wanted to make it the default browser (which I normally already have it set as) but it's stopped doing that now, not to mention in preparing this post I have received no signs of any pop-ups and my virus gaurds have been able to update themselves. ComboFix 08-12-03.04 - Richard 2008-12-04 17:35:37.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1306 [GMT 0:00] Running from: c:\documents and settings\Richard\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Richard\Desktop\CFScript.txt * Created a new restore point FILE :: C:\1960106143 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1960106143 C:\mguvbfr.exe C:\opdwrpjm.exe C:\qthqdso.exe c:\temp\tn3 c:\windows\system32\aqojeuhg.ini c:\windows\system32\BeghkUtv.ini c:\windows\system32\BeghkUtv.ini2 c:\windows\system32\drivers\btcusbb.sys c:\windows\system32\drivers\core.cache.dsk c:\windows\system32\edirhpvlbn.dll c:\windows\system32\euspldow.dll c:\windows\system32\g30.exe c:\windows\system32\ghuejoqa.dll c:\windows\system32\mtalbh.dll c:\windows\system32\nanloaon.dll c:\windows\system32\ouvirtkzoay.exe c:\windows\system32\tdccmlvugevz.exe c:\windows\system32\vtUkhgeB.dll c:\windows\system32\winhlp.exe c:\windows\system32\wvUnOHwT.dll c:\windows\UmljaGFyZCBXaWx0c2hpcmU c:\windows\UmljaGFyZCBXaWx0c2hpcmU\asappsrv.dll c:\windows\UmljaGFyZCBXaWx0c2hpcmU\command.exe c:\windows\UmljaGFyZCBXaWx0c2hpcmU\oA53u3IVtF1ruqUXwZ1DwAo.vbs . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BTCUSBB -------\Legacy_KBEEPM -------\Service_btcusbb -------\Service_kbeepm ((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 ))))))))))))))))))))))))))))))) . 2008-12-03 17:22 . 2007-12-05 21:32 237,568 --a------ c:\program files\Uninstall Morpheus Toolbar.dll 2008-12-02 20:41 . 2008-12-02 21:20 <DIR> d-------- C:\HJT 2008-12-02 20:24 . 2008-12-02 20:24 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR 2008-12-02 20:01 . 2008-12-02 20:01 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-02 20:00 . 2008-12-04 17:55 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-12-02 20:00 . 2008-12-02 20:00 <DIR> d-------- c:\program files\AVG 2008-12-02 20:00 . 2008-12-02 20:00 <DIR> d-------- c:\documents and settings\Richard\Application Data\AVGTOOLBAR 2008-12-02 20:00 . 2008-12-02 20:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-12-02 20:00 . 2008-12-02 20:00 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-12-02 20:00 . 2008-12-02 20:00 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-12-02 17:58 . 2008-12-02 17:58 <DIR> d-------- c:\program files\Lavasoft 2008-12-02 17:58 . 2008-12-02 17:58 <DIR> d-------- c:\documents and settings\Richard\Application Data\Lavasoft 2008-11-23 15:15 . 2008-11-23 15:15 <DIR> d-------- c:\program files\Common Files\Philips 2008-11-23 14:51 . 2008-11-24 13:33 <DIR> d-------- c:\program files\Philips 2008-11-12 17:26 . 2008-09-04 17:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 17:11 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-07 18:43 . 2008-12-01 22:48 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-07 18:43 . 2008-11-07 18:43 1,409 --a------ c:\windows\QTFont.for 2008-11-04 21:32 . 2008-11-04 21:32 <DIR> d-------- c:\documents and settings\Richard\Application Data\Damdai 2008-11-04 21:05 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll 2008-11-04 16:22 . 2008-11-06 20:55 <DIR> d-------- C:\vcs5BGEffects 2008-11-04 16:11 . 2008-11-06 20:38 <DIR> d-------- c:\program files\AV Vcs 6.0 DIAMOND . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-04 17:26 --------- d-----w c:\documents and settings\Richard\Application Data\Hamachi 2008-12-03 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-12-03 17:27 --------- d-----w c:\program files\Morpheus 2008-12-02 17:01 --------- d-----w c:\program files\Steam 2008-11-23 15:22 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-23 13:34 --------- d-----w c:\program files\Windows Live Safety Center 2008-10-26 12:44 --------- d-----w c:\program files\Half Life Player 2008-10-24 20:05 --------- d-----w c:\program files\Lexmark 1200 Series 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-19 12:01 --------- d-----w c:\program files\Nokia 2008-10-19 12:01 --------- d-----w c:\program files\Common Files\PCSuite 2008-10-19 12:01 --------- d-----w c:\program files\Common Files\Nokia 2008-10-19 12:01 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-10-19 11:59 --------- d-----w c:\program files\PC Connectivity Solution 2008-10-09 11:05 --------- d-----w c:\program files\Creative 2006-03-15 13:19 212,992 ----a-w c:\windows\inf\WG311v3\CopyWHQLDriver.exe 2006-01-26 16:55 280,576 ----a-w c:\windows\inf\WG311v3\WG311v3.sys 2005-10-06 14:17 280,576 ----a-w c:\windows\inf\WG311v3\WG311v3XP.sys 1999-07-07 00:00 6 --sh--r c:\windows\@desktop@.dat 2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe 2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe 2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe 2005-10-07 18:14 308,224 --sha-r c:\windows\system32\avisynth.dll 2005-07-14 11:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll 2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll 2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll 2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll 2005-12-22 19:23 816,640 --sha-r c:\windows\system32\smab.dll 2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe . ((((((((((((((((((((((((((((( snapshot@2008-12-04_16.21.27.37 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-04 15:43:31 93,966 ----a-w c:\windows\system32\perfc009.dat + 2008-12-04 17:56:38 93,966 ----a-w c:\windows\system32\perfc009.dat - 2008-12-04 15:43:32 510,476 ----a-w c:\windows\system32\perfh009.dat + 2008-12-04 17:56:38 510,476 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-11 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-29 8466432] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Popup"="c:\program files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2006-08-15 77920] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400] "AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-29 81920] "lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-02 1261336] "WD Button Manager"="WDBtnMgr.exe" [2007-12-03 c:\windows\system32\WDBtnMgr.exe] "nwiz"="nwiz.exe" [2007-10-29 c:\windows\system32\nwiz.exe] "P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.DLL] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 c:\windows\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Richard\Start Menu\Programs\Startup\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-05-14 624416] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-03 110592] Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-03 110592] BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-05-07 1183744] NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 1486848] TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-12-04 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"= "c:\\Program Files\\Croteam\\Serious Sam - The Second Encounter\\Bin\\SeriousSam.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Steam\\steam.exe"= "c:\\WINDOWS\\system32\\lxczcoms.exe"= "c:\\Program Files\\bmoworld\\BomberMan.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\counter-strike source\\hl2.exe"= "c:\\UnrealTournament\\System\\UnrealTournament.exe"= "c:\\Hangame\\JAPANESE\\gunster.exe"= "c:\\Team17\\Worms2\\frontend.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\condition zero\\hl.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\ricochet\\hl.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\day of defeat\\hl.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\condition zero deleted scenes\\hl.exe"= "c:\\Program Files\\Capcom\\Bionic Commando Rearmed\\bcr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\synergy\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\zombie panic! source\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\diprip warm up\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\source 2007 dedicated server\\srcds.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\half-life 2\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\insurgency\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\shinkosai\\garrysmod\\hl2.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Documents and Settings\\Richard\\Local Settings\\Apps\\2.0\\5MKQLXRC.5B8\\K2Z47TBN.1GC\\2dff..tion_fcdf29b345c9098a_0001.0000_98805a01a3d42574\\2DF FreePlay Client.exe"= "c:\\Program Files\\Kazaa Lite\\KazaaLite.kpp"= "c:\\Documents and Settings\\Richard\\Local Settings\\Apps\\2.0\\5MKQLXRC.5B8\\K2Z47TBN.1GC\\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\\2DF FreePlay Client.exe"= "c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"= "c:\\Program Files\\Dell SAS RAID Storage Manager\\JRE\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\services.exe"= "c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-02 97928] R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2007-07-20 28184] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-02 231704] R2 lxcz_device;lxcz_device;c:\windows\system32\lxczcoms.exe -service [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4233892-ea14-11dc-85e3-001b2f2e029d}] \Shell\AutoRun\command - H:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] . - - - - ORPHANS REMOVED - - - - BHO-{16F3AE0F-AB16-4B4C-BEC3-9C3B3642F29D} - c:\windows\system32\vtUkhgeB.dll . ------- Supplementary Scan ------- . uStart Page = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=6070720 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=6070720 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm c:\windows\Downloaded Program Files\hgstartjp24.exe - c:\windows\Downloaded Program Files\hgnotifyjp24.exe c:\windows\Downloaded Program Files\HGPluginJP24.dll O16 -: {19A08B4B-EA7C-4C62-B477-D36E5396A1B5} hxxp://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP24.cab c:\windows\Downloaded Program Files\HGPluginJP24.inf c:\windows\Downloaded Program Files\hgstartjp23.exe - c:\windows\Downloaded Program Files\hgnotifyjp23.exe c:\windows\Downloaded Program Files\HGPluginJP23.dll O16 -: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} hxxp://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab c:\windows\Downloaded Program Files\HGPluginJP23.inf FireFox -: Profile - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\vcspei4i.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-04 17:52:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(948) c:\windows\system32\MrvGINA.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\brss01a.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\windows\system32\lxczcoms.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\Tablet.exe c:\windows\system32\wdfmgr.exe c:\program files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\program files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe c:\program files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Lexmark 1200 Series\LXCZbmon.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************ . Completion time: 2008-12-04 18:11:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-04 18:11:40 ComboFix2.txt 2008-12-04 16:21:55 Pre-Run: 84,005,400,576 bytes free Post-Run: 83,974,840,320 bytes free 330 --- E O F --- 2008-11-25 00:32:59