Thread: many, many, MANY corrupt installs
View Single Post
Old 07-04-2009, 08:42 AM   #3 (permalink)
trippwojohn
Registered User
 
Join Date: Nov 2008
Posts: 16
OS: xp sp3


Re: many, many, MANY corrupt installs
Here's the log from my combofix run:

ComboFix 09-07-03.03 - Administrator 07/04/2009 9:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.778 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\install_flash_player.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp2.tmp
c:\windows\Installer\1791d6.msp
c:\windows\Installer\1791d7.msp
c:\windows\Installer\1791d8.msp
c:\windows\Installer\1791d9.msp
c:\windows\Installer\1791da.msp
c:\windows\Installer\1791db.msp
c:\windows\Installer\1791dc.msp
c:\windows\Installer\1791dd.msp
c:\windows\Installer\1791de.msp
c:\windows\Installer\3af1196.msp
c:\windows\Installer\4e9449.msi
c:\windows\Installer\7d512.msi
c:\windows\Installer\840ff.msp
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\gxvxckdviutfmliqftpiqyaoewflxmaudovns.sys
c:\windows\system32\drivers\gxvxckjmttkcnruuhrhxjhkymujnbocogmjcx.sys
c:\windows\system32\drivers\gxvxctymrmtkllnriqtqlhrwxoduibwxwhjiq.sys
c:\windows\system32\drivers\gxvxcwrriqplxkltlwossrprthxvdbapbpjdx.sys
c:\windows\system32\drivers\gxvxcxylqppamttiteoewswwaaucxovmarkwq.sys
c:\windows\system32\drivers\MSIVXserv.sys
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxcdyutyijejlktbxeusgwndsmfvppubobf.dll
c:\windows\system32\gxvxckjtlgnlirrsmlqpjovuvspuciqfbexfj.dll
c:\windows\system32\url(3).dll
J:\Autorun.inf
J:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-03 02:25 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 02:25 . 2009-07-03 02:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 02:25 . 2009-07-03 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-03 02:25 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 01:00 . 2009-07-03 01:01 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-06-28 20:45 . 2009-06-28 21:01 -------- d-----w- C:\totalcmd
2009-06-28 20:45 . 2009-06-28 20:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\GHISLER
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\UC.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\RAR.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\LHA.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\ARJ.PIF
2009-06-28 20:32 . 2009-06-28 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-24 21:31 . 2009-06-24 21:31 24064 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\SpeedConnect Internet Accelerator v.7.5\30000000c200002i\DW20.EXE
2009-06-24 17:44 . 2009-06-24 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thinstall
2009-06-24 17:44 . 2009-06-24 21:30 -------- d-----w- c:\program files\SpeedConnect Internet Accelerator
2009-06-24 11:27 . 2009-06-24 12:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xmarks
2009-06-24 11:27 . 2009-06-24 11:27 -------- d-----w- c:\program files\Xmarks
2009-06-21 22:18 . 2009-06-21 22:56 -------- d-----w- c:\program files\WhereIsIt
2009-06-21 22:18 . 2009-06-21 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WhereIsIt
2009-06-21 22:14 . 2009-06-21 22:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Boost Windows
2009-06-21 12:24 . 2009-06-21 12:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-06-21 01:02 . 2009-06-21 01:02 -------- d-----w- c:\program files\Easy DVD Player
2009-06-21 00:40 . 2009-06-21 00:40 -------- d-----w- c:\program files\WinDVD 8 Platinum
2009-06-21 00:22 . 2009-06-21 00:57 -------- d-----w- c:\program files\InterActual
2009-06-20 16:31 . 2009-06-20 16:33 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-06-16 15:07 . 2009-06-20 23:55 -------- d-----w- c:\program files\Unlocker
2009-06-15 18:03 . 2007-10-23 14:27 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2009-06-15 18:02 . 2008-05-02 15:41 3493888 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe
2009-06-15 18:02 . 2009-06-20 23:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-06-15 17:59 . 2009-06-15 17:59 -------- d-----w- c:\program files\ESTsoft
2009-06-15 16:03 . 2009-06-15 16:03 -------- d-----w- c:\windows\Sun
2009-06-15 00:07 . 2009-06-15 00:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\MediaMonkey
2009-06-15 00:07 . 2009-06-15 00:07 -------- d-----w- c:\program files\MediaMonkey
2009-06-14 23:10 . 2009-06-14 23:55 105 ----a-w- c:\windows\system32\_WDYSZYG.sys
2009-06-14 23:09 . 2009-06-14 23:10 -------- d-----w- c:\program files\WinUtilities
2009-06-14 20:40 . 2009-06-14 20:40 -------- d-----w- c:\windows\ASTULogTemp
2009-06-14 20:21 . 2009-06-14 20:21 -------- d-----w- c:\program files\Spb Backup
2009-06-14 19:15 . 2007-06-27 19:42 207488 ----a-r- c:\windows\system32\drivers\vinyl97.sys
2009-06-14 18:51 . 2009-06-14 19:12 -------- d-----w- C:\My Drivers
2009-06-14 18:48 . 2009-06-14 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-06-14 18:48 . 2009-06-14 18:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Innovative Solutions
2009-06-13 23:01 . 2009-06-13 23:01 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-13 22:07 . 2009-06-13 22:07 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-13 17:45 . 2009-06-13 17:45 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-06-13 17:20 . 2009-06-13 17:20 -------- d-----w- c:\program files\Java
2009-06-13 17:17 . 2009-06-13 23:00 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-13 16:20 . 2009-06-13 16:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2009-06-13 16:05 . 2009-06-13 16:05 -------- d-----w- c:\program files\SDM20
2009-06-13 14:16 . 2009-06-13 14:16 -------- d-----w- c:\program files\Hero Editor
2009-06-13 14:16 . 2009-06-13 14:16 249856 ----a-w- c:\windows\Setup1.exe
2009-06-13 14:16 . 2009-06-13 14:16 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-13 02:16 . 2009-06-13 14:05 35713 ----a-w- c:\windows\DIIUnin.dat
2009-06-13 02:16 . 2009-06-13 02:16 94208 ----a-w- c:\windows\DIIUnin.exe
2009-06-13 02:16 . 2009-06-13 02:16 2829 ----a-w- c:\windows\DIIUnin.pif
2009-06-13 02:10 . 2009-06-27 23:52 -------- d-----w- c:\program files\Diablo II
2009-06-12 15:05 . 2009-06-12 15:05 -------- d-----w- c:\program files\Google
2009-06-11 18:11 . 2009-06-16 23:22 -------- d-----w- c:\program files\TheWorld 3
2009-06-10 19:08 . 2009-06-10 19:08 -------- d-----w- c:\program files\Alcohol Soft
2009-06-09 16:24 . 2009-06-09 16:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\XemiComputers
2009-06-09 16:23 . 2009-06-09 16:23 -------- d-----w- c:\program files\XemiComputers
2009-06-09 11:09 . 2009-06-09 11:09 -------- d-----w- c:\program files\Microsoft Games
2009-06-07 19:39 . 2009-06-16 21:45 -------- d-----w- C:\mobile
2009-06-06 20:40 . 2009-06-29 00:15 -------- d-----w- C:\completedtorrents
2009-06-06 20:25 . 2009-06-29 00:15 -------- d-----w- C:\torrents
2009-06-06 20:23 . 2009-06-06 20:23 -------- d-----w- C:\rorrents
2009-06-06 19:31 . 1999-03-26 04:00 101888 ----a-w- c:\windows\system32\Vb6stkit.dll
2009-06-06 19:23 . 2009-06-06 19:51 -------- d-----w- c:\program files\eGames
2009-06-06 18:45 . 2009-06-07 01:23 -------- d-----w- c:\program files\PC Tools Disk Suite
2009-06-06 18:45 . 2009-06-06 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-06 00:32 . 2009-06-06 00:32 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{99D42EC7-652B-4819-B3E6-6450C815E03F}\ARPPRODUCTICON.exe
2009-06-06 00:32 . 2009-06-06 00:32 -------- d-----w- c:\program files\Common Files\Funk Software
2009-06-06 00:32 . 2009-06-06 00:32 -------- d-----w- c:\program files\Funk Software
2009-06-06 00:31 . 2003-07-17 03:43 94208 ----a-w- c:\windows\system32\W32N50CT.DLL
2009-06-06 00:31 . 2003-07-17 03:28 17142 ----a-w- c:\windows\system32\CBTNDIS5.SYS
2009-06-06 00:31 . 2002-02-02 05:00 1497088 ----a-w- c:\windows\system32\cc3260mt.dll
2009-06-06 00:31 . 2000-01-31 10:00 25600 ----a-w- c:\windows\system32\borlndmm.dll
2009-06-06 00:31 . 2000-01-31 10:00 1496064 ----a-w- c:\windows\system32\cc3250mt.dll
2009-06-06 00:31 . 2006-04-25 04:51 543104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2009-06-06 00:31 . 2002-08-12 19:56 1706800 ----a-w- c:\windows\system32\GdiPlus.dll
2009-06-06 00:31 . 2009-06-06 00:31 -------- d-----w- c:\program files\Linksys
2009-06-04 22:50 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-06-04 22:50 . 2009-06-04 22:50 -------- d-----w- c:\program files\MagicDisc
2009-06-04 22:48 . 2009-06-04 22:48 -------- d-----w- c:\program files\MagicISO
2009-06-04 20:04 . 2009-06-04 20:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-04 20:03 . 2009-06-04 20:03 -------- d-----w- c:\program files\AccessMV
2009-06-04 20:02 . 2009-06-04 20:02 -------- d-----w- c:\program files\VideoLAN
2009-06-04 19:04 . 2009-07-04 12:14 -------- d-----w- c:\program files\uTorrent2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 14:04 . 2009-05-23 02:21 -------- d-----w- c:\program files\Chameleon Clock
2009-07-04 13:46 . 2009-05-24 23:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit
2009-07-04 13:46 . 2009-05-23 02:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-07-04 13:40 . 2009-05-23 03:35 -------- d-----w- c:\program files\Panda Security
2009-07-04 13:39 . 2009-05-23 01:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-04 13:32 . 2009-05-23 02:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\MxBoost
2009-07-03 10:13 . 2009-05-31 19:33 -------- d-----w- c:\program files\Common Files\Skyscape
2009-06-29 01:18 . 2009-05-24 23:15 -------- d-----w- c:\program files\Orbitdownloader
2009-06-28 23:47 . 2009-05-23 01:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-20 16:31 . 2009-05-23 01:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\URSoft
2009-06-14 13:04 . 2009-05-23 03:16 -------- d-----w- c:\program files\Kantaris
2009-06-13 16:27 . 2009-05-24 23:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\GrabPro
2009-06-13 02:05 . 2009-05-23 14:46 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-06-13 02:05 . 2009-05-23 14:46 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-06-13 02:05 . 2009-05-23 14:46 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-06-11 15:32 . 2009-05-23 02:32 -------- d-----w- c:\program files\Maxthon2
2009-06-09 19:06 . 2009-05-23 02:46 42944 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 00:31 . 2009-05-23 00:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 17:24 . 2009-05-31 20:07 -------- d-----w- c:\program files\Skyscape
2009-06-03 14:42 . 2009-06-03 14:42 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-06-03 14:42 . 2009-06-03 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-06-03 02:33 . 2009-06-02 14:17 -------- d-----w- c:\program files\Common Files\LogoManager
2009-06-03 00:20 . 2009-06-03 00:17 -------- d-----w- c:\program files\Inesoft CalcNote
2009-06-03 00:11 . 2009-06-03 00:08 -------- d-----w- c:\program files\Inesoft Cash Organizer 2008 Premium
2009-06-01 14:43 . 2009-06-01 14:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Scooter Software
2009-06-01 02:36 . 2009-05-23 02:10 -------- d-----w- c:\program files\uTorrent
2009-05-31 20:07 . 2009-05-31 19:33 724992 ----a-w- c:\windows\iun6002.exe
2009-05-30 18:17 . 2009-05-30 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ConeXware
2009-05-29 21:40 . 2009-05-29 21:40 162816 ----a-w- c:\windows\system32\fmod.dll
2009-05-29 21:24 . 2009-05-28 00:19 -------- d-----w- c:\program files\Microsoft.NET
2009-05-29 21:17 . 2009-05-29 21:17 -------- d-----w- c:\program files\Festinger Software
2009-05-29 19:53 . 2009-05-29 19:53 -------- d-----w- c:\program files\Broadcom
2009-05-29 18:13 . 2009-05-29 18:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wallperizer
2009-05-29 15:34 . 2009-05-29 15:33 -------- d-----w- c:\program files\Ace Utilities
2009-05-29 14:39 . 2009-05-29 14:39 -------- d-----w- c:\program files\RadarSync
2009-05-28 19:52 . 2009-05-27 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\ImgBurn
2009-05-28 03:11 . 2009-05-28 03:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Panda Security
2009-05-28 03:09 . 2009-05-28 03:09 -------- d-----w- c:\program files\SOTI
2009-05-28 02:21 . 2009-05-28 02:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Conceiva
2009-05-28 02:21 . 2009-05-28 02:20 -------- d-----w- c:\program files\WinPcap
2009-05-28 02:19 . 2009-05-28 02:19 -------- d-----w- c:\program files\Conceiva
2009-05-28 02:19 . 2009-05-28 02:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-05-27 20:35 . 2009-05-27 20:35 -------- d-----w- c:\program files\7-Zip
2009-05-27 14:02 . 2009-05-23 03:16 -------- d-----w- c:\program files\doubleTwist 2.0
2009-05-27 03:37 . 2009-05-23 00:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-27 01:21 . 2009-05-27 01:21 -------- d-----w- c:\program files\KLC
2009-05-26 22:30 . 2009-05-25 23:20 -------- d-----w- c:\program files\ImgBurn
2009-05-26 15:49 . 2009-05-26 15:44 -------- d-----w- c:\program files\Hide My IP 2009
2009-05-26 03:19 . 2009-05-24 22:11 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-05-26 03:19 . 2009-05-26 03:19 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-26 01:54 . 2009-05-26 01:54 -------- d-----w- c:\program files\Paragon Software
2009-05-25 22:13 . 2009-05-25 22:13 -------- d-----w- c:\program files\CBS Software
2009-05-25 15:26 . 2009-05-25 15:25 -------- d-----w- c:\program files\Full Speed
2009-05-25 15:12 . 2009-05-25 15:12 6656 ----a-w- c:\windows\system32\drivers\iPodDrv.sys
2009-05-25 04:26 . 2009-05-24 21:25 -------- d-----w- c:\program files\SRWare Iron
2009-05-25 03:27 . 2009-05-25 03:27 -------- d-----w- c:\program files\Common Files\PSFactoryBuffer
2009-05-25 00:28 . 2009-05-25 00:26 -------- d-----w- c:\program files\Wyzo
2009-05-25 00:27 . 2009-05-25 00:27 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 00:27 . 2009-05-25 00:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Radical Software Ltd
2009-05-24 20:18 . 2009-05-24 20:18 -------- d-----w- c:\program files\MSBuild
2009-05-24 20:18 . 2009-05-24 20:18 64200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-24 20:13 . 2009-05-24 20:13 -------- d-----w- c:\program files\Reference Assemblies
2009-05-24 19:56 . 2009-05-24 19:56 -------- d-----w- c:\program files\Opera
2009-05-24 19:42 . 2009-05-24 19:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-05-24 19:33 . 2009-05-23 03:37 -------- d-----w- c:\program files\AskBarDis
2009-05-24 19:09 . 2009-05-24 19:09 -------- d-----w- c:\program files\MyLifeOrganized.net
2009-05-23 14:47 . 2009-05-23 03:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-05-23 04:45 . 2009-05-23 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-05-23 03:40 . 2009-05-23 03:39 -------- d-----w- c:\program files\Weather Watcher
2009-05-23 03:39 . 2009-05-23 03:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\WeatherWatcher
2009-05-23 03:37 . 2009-05-23 03:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit
2009-05-23 03:37 . 2009-05-23 03:37 -------- d-----w- c:\program files\Foxit Software
2009-05-23 03:36 . 2009-05-23 03:36 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-23 03:29 . 2009-05-23 03:29 -------- d-----w- c:\program files\ffdshow
2009-05-23 03:18 . 2009-05-23 03:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\kantaris
2009-05-23 03:16 . 2009-05-23 03:16 622432 ----a-w- c:\documents and settings\Administrator\Application Data\OpenCandy\doubleTwistSetup.exe
2009-05-23 03:16 . 2009-05-23 03:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenCandy
2009-05-23 02:48 . 2009-05-23 02:48 0 ----a-w- c:\windows\system32\cid_store.dat
2009-05-23 02:46 . 2009-05-23 02:46 -------- d-----w- c:\program files\MotionApps
2009-05-23 01:02 . 2009-05-23 01:02 -------- d-----w- c:\program files\SigmaTel
2009-05-23 01:02 . 2009-05-23 00:53 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-23 01:00 . 2009-05-23 01:00 -------- d-----w- c:\program files\Digital Line Detect
2009-05-23 00:59 . 2009-05-23 00:56 -------- d-----w- c:\program files\CONEXANT
2009-05-23 00:55 . 2009-05-23 00:55 -------- d-----w- c:\program files\Modem Helper
2009-05-23 00:55 . 2009-05-23 00:55 -------- d-----w- c:\program files\Broadcom Advanced Control Suite
2009-05-23 00:54 . 2009-05-23 00:54 -------- d-----w- c:\program files\Intel
2009-05-23 00:46 . 2009-05-23 00:46 -------- d-----w- c:\program files\microsoft frontpage
2009-05-23 00:40 . 2009-05-23 00:40 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 17:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"HomeAlarm"="c:\program files\Chameleon Clock\ChamClock.exe" [2007-12-11 709632]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2009-05-07 1089536]
"MLOWMSync.exe"="c:\program files\MyLifeOrganized.net\MLO\MLOWMSync.exe" [2009-02-16 245760]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2009-06-05 4520960]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"uTorrent"="c:\program files\uTorrent2\uTorrent.exe" [2009-06-23 782336]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-05-08 1003520]
"SandboxieControl"="j:\program files\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"DownloadStudio"="c:\program files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe" [2009-05-01 156312]
"Linksys Wireless-N Notebook Adapter"="c:\program files\Linksys\Wireless-N Network Monitor\WPC300N.exe" [2006-04-28 36864]
"DiskSuite"="c:\program files\PC Tools Disk Suite\aDSProcMngr.exe" [2009-01-16 267584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 148888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-6-4 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-5-22 24576]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-24 1719496]
Spb Backup Sync.lnk - c:\program files\Spb Backup\SpbBackupSync.exe [2009-6-14 430080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PSFactoryBuffer"= {7db1aaf8-4756-410a-8210-16b49208a6b6} - c:\program files\Common Files\PSFactoryBuffer\PSFactoryBuffer.dll [2009-05-25 110592]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\MotionApps\\mDesktop v2\\MotionAppsDesktop.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\uTorrent2\\uTorrent.exe"=
"c:\\Program Files\\TheWorld 3\\TheWorld.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 DiskSuiteService;PC Tools Disk Suite;c:\program files\PC Tools Disk Suite\DSService.exe [6/6/2009 1:45 PM 869696]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [5/25/2009 10:12 AM 6656]
R3 SbieDrv;SbieDrv;j:\program files\Sandboxie\SbieDrv.sys [5/28/2009 8:32 AM 108032]
S2 EasyHideIP;EasyHideIP;f:\program files\Easy-Hide-IP\services\EasyHideIp.exe --> f:\program files\Easy-Hide-IP\services\EasyHideIp.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [5/26/2009 10:44 AM 536896]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\SecureNet.dll
DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} - hxxp://iu.ak.sonico.com//ImageUploader.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\umzmkrti.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 09:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1964)
c:\program files\Funk Software\Funk Client\odLogin.dll

- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\SecureNet.dll
.
Completion time: 2009-07-04 9:21
ComboFix-quarantined-files.txt 2009-07-04 14:20

Pre-Run: 1,728,237,568 bytes free
Post-Run: 2,246,434,816 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

324 --- E O F --- 2009-06-08 17:26
trippwojohn is offline