airpirate545

Yesterday, my google search results started automatically redirecting themeselves to other generic sites. I dunno how it happened but it did.
Anyways here's all mah logs and stuff:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 19:48:51.07 on Sat 06/20/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.140 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = gbatemp.net
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: : {fffffef0-5b30-21d4-945d-000000000000} - c:\progra~1\stardo~1\SDIEInt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpeedswitchXP] c:\program files\speedswitchxp\SpeedswitchXP.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Executor] "c:\program files\executor\executor.exe" -s
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
IE: Download with Star Downloader - c:\program files\star downloader\sdie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
STS: Fences: {ec654325-1273-c2a9-2b7c-45a29bce2fbd} - c:\program files\stardock\fences\DesktopDock.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\yaywuUmL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\hlndvqsx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gbatemp.net/
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstar.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-11-24 127768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-24 394952]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 MAC607;MAC607 Filter;c:\windows\system32\drivers\mac607.sys --> c:\windows\system32\drivers\MAC607.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-1-23 28800]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-06-20 09:03 <DIR> --d----- c:\program files\Trend Micro
2009-06-19 22:40 <DIR> --d----- c:\docume~1\owner\applic~1\Stardock
2009-06-19 22:40 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{067CEB81-A49B-4597-9505-A5515881D672}
2009-06-19 21:04 218,624 a------- c:\windows\system32\uxtheme.uxtender
2009-06-19 20:30 <DIR> --d----- c:\program files\TGTSoft
2009-06-19 19:20 <DIR> --d----- c:\docume~1\owner\applic~1\Executor
2009-06-12 14:34 <DIR> --d----- c:\program files\Softnyx
2009-06-12 13:42 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-11 21:27 170 a------- c:\windows\.dat
2009-06-11 19:33 <DIR> --d----- c:\program files\Microsoft Games
2009-06-09 11:05 <DIR> --d----- c:\program files\Real Alternative
2009-06-08 08:18 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-06-08 08:18 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-06-08 08:16 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-08 08:16 <DIR> --d----- c:\program files\DivX
2009-06-07 12:39 <DIR> --d----- c:\program files\Xiph.Org
2009-06-06 10:46 <DIR> --d----- c:\program files\WBFS
2009-06-06 10:22 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-05 15:41 <DIR> --d----- c:\docume~1\owner\applic~1\Songbird2
2009-05-31 16:09 <DIR> --d----- C:\Nexon
2009-05-30 10:54 45,056 a------- c:\windows\system32\WNASPI32.DLL
2009-05-30 10:54 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-05-30 10:53 <DIR> --d----- c:\program files\Xilisoft
2009-05-30 10:45 <DIR> --d----- c:\documents and settings\owner\.dvdcss
2009-05-30 10:43 <DIR> --d----- c:\docume~1\owner\applic~1\Pavtube
2009-05-30 10:09 <DIR> --d----- C:\Quake2
2009-05-29 20:54 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-29 20:53 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-05-29 20:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\id Software
2009-05-29 20:15 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-05-29 20:15 <DIR> --d----- c:\program files\Kaiba Corporation

==================== Find3M ====================

2009-06-19 21:04 218,624 a------- c:\windows\system32\uxtheme.dll
2009-06-19 20:58 11,886,368 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-19 20:58 149,732 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-18 07:55 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-05-29 20:57 22,328 a------- c:\docume~1\owner\applic~1\PnkBstrK.sys
2009-05-29 20:56 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-05-29 20:53 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 16:03 129,784 -------- c:\windows\system32\pxafs.dll
2009-05-01 16:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-18 21:29 87,608 a------- c:\docume~1\owner\applic~1\inst.exe
2009-04-18 21:29 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-09-27 14:37 559 a------- c:\program files\Uninstall FolderSort.bat
2008-05-05 17:32 1,024 a------- c:\docume~1\alluse~1\applic~1\imgpdf2.dll
2008-03-16 21:35 412 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2009-02-10 19:28 51,131 a--sh--- c:\windows\system32\LmUuwyay.ini2
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2009-03-05 17:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021620090223\index.dat
2009-03-05 17:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030520090306\index.dat

============= FINISH: 19:50:45.03 ===============

Attached Files

Attach.zip (5.7 KB, 1 views)

Angelfire777

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

airpirate545

Here is my Combofix.txt

ComboFix 09-06-21.01 - Owner 06/22/2009 9:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.148 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETqfoextap.sys
c:\windows\system32\SKYNETnrwvktfo.dll
c:\windows\system32\SKYNETpasrsyap.dll
c:\windows\system32\SKYNETvniwajws.dat
c:\windows\system32\SKYNETyvbldlld.dat
c:\documents and settings\Owner\Application Data\inst.exe
c:\windows\system32\~.exe
c:\windows\system32\drivers\SKYNETqfoextap.sys
c:\windows\system32\LmUuwyay.ini
c:\windows\system32\LmUuwyay.ini2
c:\windows\system32\NtxA5y5I.exe.a_a
c:\windows\system32\SKYNETnrwvktfo.dll
c:\windows\system32\SKYNETpasrsyap.dll
c:\windows\system32\SKYNETvniwajws.dat
c:\windows\system32\SKYNETyvbldlld.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETjlnosyfr
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-21 23:12 . 2009-06-21 23:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit
2009-06-21 23:12 . 2009-06-21 23:12 -------- d-----w- c:\program files\Foxit Software
2009-06-21 21:59 . 2009-06-21 22:43 -------- d-----w- c:\program files\foobar2000
2009-06-21 20:24 . 2009-06-16 08:08 569344 ----a-w- c:\documents and settings\Owner\Application Data\Songbird2\Profiles\g0aqv0st.default\extensions\mtp@songbirdnest.com\components\sbMTPWin32.dll
2009-06-21 20:24 . 2009-06-16 08:08 270336 ----a-w- c:\documents and settings\Owner\Application Data\Songbird2\Profiles\g0aqv0st.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll
2009-06-21 20:24 . 2009-06-16 08:08 106496 ----a-w- c:\documents and settings\Owner\Application Data\Songbird2\Profiles\g0aqv0st.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll
2009-06-20 14:03 . 2009-06-20 14:03 -------- d-----w- c:\program files\Trend Micro
2009-06-20 03:50 . 2009-06-20 03:50 16286 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\5\42c06805-20358bf8-n\ShoddyHelper.dll
2009-06-20 03:40 . 2009-06-20 03:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Stardock
2009-06-20 03:40 . 2009-06-20 03:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{067CEB81-A49B-4597-9505-A5515881D672}
2009-06-20 03:40 . 2009-02-25 20:49 2755296 -c--a-w- c:\documents and settings\All Users\Application Data\{067CEB81-A49B-4597-9505-A5515881D672}\Fences.exe
2009-06-20 01:30 . 2009-06-20 01:30 -------- d-----w- c:\program files\TGTSoft
2009-06-20 00:20 . 2009-06-20 00:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Executor
2009-06-12 19:34 . 2009-06-12 19:34 -------- d-----w- c:\program files\Softnyx
2009-06-12 18:27 . 2009-06-12 18:27 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-12 02:27 . 2009-06-12 02:27 170 ----a-w- c:\windows\.dat
2009-06-12 00:33 . 2009-06-12 00:33 -------- d-----w- c:\program files\Microsoft Games
2009-06-09 16:05 . 2009-06-09 16:05 -------- d-----w- c:\program files\Real Alternative
2009-06-09 16:05 . 2009-06-09 16:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Real
2009-06-08 17:49 . 2009-06-08 17:49 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-06-08 13:18 . 2009-05-01 21:03 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-06-08 13:18 . 2009-05-01 21:03 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-06-08 13:16 . 2009-06-08 13:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-08 13:16 . 2009-06-08 13:18 -------- d-----w- c:\program files\DivX
2009-06-07 17:39 . 2009-06-07 17:39 -------- d-----w- c:\program files\Xiph.Org
2009-06-06 15:49 . 2009-06-06 15:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WBFSManager
2009-06-06 15:46 . 2009-06-06 15:46 -------- d-----w- c:\program files\WBFS
2009-06-06 15:22 . 2009-06-09 17:21 -------- d-----w- c:\windows\system32\NtmsData
2009-06-05 20:43 . 2009-06-05 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-05 20:41 . 2009-06-05 20:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Songbird2
2009-06-05 20:41 . 2009-06-05 20:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Songbird2
2009-05-31 21:13 . 2009-05-31 21:13 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{48E16DC7-79EC-45F1-847A-F8D3C620515E}\MapleStory.exe1_801DA03C4E824858A615529E6AFB9A78.exe
2009-05-31 21:13 . 2009-05-31 21:13 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{48E16DC7-79EC-45F1-847A-F8D3C620515E}\MapleStory.exe_801DA03C4E824858A615529E6AFB9A78.exe
2009-05-31 21:13 . 2009-05-31 21:13 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{48E16DC7-79EC-45F1-847A-F8D3C620515E}\ARPPRODUCTICON.exe
2009-05-31 21:09 . 2009-05-31 21:09 -------- d-----w- C:\Nexon
2009-05-30 15:54 . 2005-11-21 05:48 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-05-30 15:54 . 2005-11-21 05:48 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-05-30 15:54 . 2009-05-30 15:54 -------- d-----w- c:\program files\QuickTime
2009-05-30 15:53 . 2009-05-30 15:53 -------- d-----w- c:\program files\Xilisoft
2009-05-30 15:45 . 2009-05-30 15:45 -------- d-----w- c:\documents and settings\Owner\.dvdcss
2009-05-30 15:43 . 2009-05-30 15:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Pavtube
2009-05-30 15:09 . 2009-05-30 15:11 -------- d-----w- C:\Quake2
2009-05-30 04:35 . 2009-05-30 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-30 02:07 . 2009-05-30 02:07 2669632 ----a-w- c:\documents and settings\Owner\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-05-30 01:54 . 2009-05-30 01:57 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-30 01:53 . 2009-05-30 01:56 2246144 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-30 01:53 . 2009-05-30 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-05-30 01:15 . 2009-05-30 01:15 -------- d-----w- c:\program files\Kaiba Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 14:53 . 2008-11-25 03:43 151076 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-22 14:53 . 2008-11-25 03:43 11886368 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-22 14:53 . 2009-06-22 14:54 119808 ----a-w- c:\windows\Internet Logs\xDB15A.tmp
2009-06-22 14:16 . 2008-01-18 23:57 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-06-22 02:34 . 2008-05-15 01:18 -------- d-----w- c:\documents and settings\Owner\Application Data\.purple
2009-06-21 22:52 . 2009-04-19 03:50 -------- d-----w- c:\program files\MediaMonkey
2009-06-21 20:44 . 2008-03-13 23:19 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-06-20 17:02 . 2009-06-20 22:49 50176 ----a-w- c:\windows\Internet Logs\xDB159.tmp
2009-06-20 03:47 . 2008-11-25 02:30 -------- d-----w- c:\program files\YVD 9.0
2009-06-20 03:41 . 2008-01-18 23:54 45248 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 03:40 . 2008-02-03 01:39 -------- d-----w- c:\program files\Stardock
2009-06-20 02:52 . 2008-04-06 00:42 -------- d-----w- c:\program files\Launchy
2009-06-20 02:05 . 2009-06-20 02:06 36352 ----a-w- c:\windows\Internet Logs\xDB157.tmp
2009-06-20 02:05 . 2009-06-20 02:06 1847808 ----a-w- c:\windows\Internet Logs\xDB158.tmp
2009-06-20 02:04 . 2004-08-04 10:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-06-20 01:58 . 2009-06-20 01:59 54272 ----a-w- c:\windows\Internet Logs\xDB155.tmp
2009-06-20 01:58 . 2009-06-20 01:59 1847296 ----a-w- c:\windows\Internet Logs\xDB156.tmp
2009-06-20 01:39 . 2009-06-20 01:40 157184 ----a-w- c:\windows\Internet Logs\xDB153.tmp
2009-06-20 01:39 . 2009-06-20 01:40 1844736 ----a-w- c:\windows\Internet Logs\xDB154.tmp
2009-06-19 02:36 . 2008-05-15 01:20 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2009-06-18 06:12 . 2009-06-18 12:54 117760 ----a-w- c:\windows\Internet Logs\xDB152.tmp
2009-06-17 17:59 . 2009-06-17 17:59 66080 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_06_17_12_30_30_small.dmp.zip
2009-06-16 03:51 . 2009-06-16 13:37 1816064 ----a-w- c:\windows\Internet Logs\xDB151.tmp
2009-06-15 23:23 . 2009-06-15 23:24 1815040 ----a-w- c:\windows\Internet Logs\xDB150.tmp
2009-06-15 05:01 . 2009-06-15 12:49 1815040 ----a-w- c:\windows\Internet Logs\xDB14F.tmp
2009-06-15 05:01 . 2009-06-15 12:49 241152 ----a-w- c:\windows\Internet Logs\xDB14E.tmp
2009-06-12 18:41 . 2008-01-30 23:08 -------- d-----w- c:\program files\Java
2009-06-12 17:58 . 2008-04-06 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Launchy
2009-06-12 04:34 . 2008-04-06 01:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Hamachi
2009-06-12 04:10 . 2009-04-28 15:03 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2009-06-11 13:35 . 2009-06-11 13:36 2947072 ----a-w- c:\windows\Internet Logs\xDB14C.tmp
2009-06-11 13:35 . 2009-06-11 13:36 1752064 ----a-w- c:\windows\Internet Logs\xDB14D.tmp
2009-06-11 13:17 . 2008-01-23 02:14 -------- d-----w- c:\program files\Microsoft Works
2009-06-06 02:24 . 2008-01-23 00:37 -------- d-----w- c:\program files\Dl_cats
2009-06-06 02:23 . 2008-01-20 02:37 13795612 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-06-05 20:52 . 2009-02-07 02:22 -------- d--h--w- c:\documents and settings\Owner\Application Data\ijjigame
2009-06-05 20:52 . 2008-01-12 21:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-05 20:52 . 2009-05-03 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\IJJIGame
2009-06-05 20:50 . 2008-03-17 17:19 -------- d-----w- c:\program files\MangaView
2009-06-05 04:05 . 2009-06-05 13:42 443904 ----a-w- c:\windows\Internet Logs\xDB14A.tmp
2009-06-05 04:05 . 2009-06-05 13:42 1646592 ----a-w- c:\windows\Internet Logs\xDB14B.tmp
2009-05-31 18:18 . 2009-02-08 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-05-31 12:47 . 2009-05-31 13:38 1595392 ----a-w- c:\windows\Internet Logs\xDB149.tmp
2009-05-30 15:56 . 2008-07-01 04:37 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2009-05-30 01:59 . 2009-05-02 18:23 -------- d-----w- c:\documents and settings\Owner\Application Data\id Software
2009-05-30 01:57 . 2009-05-02 18:20 22328 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-05-30 01:57 . 2009-05-02 18:20 22328 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-05-30 01:56 . 2009-05-02 18:19 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-30 01:53 . 2009-05-02 18:19 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-30 00:38 . 2008-09-26 16:38 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-05-30 00:35 . 2008-09-26 16:40 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-21 16:33 . 2009-05-01 22:34 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-18 00:27 . 2009-05-18 00:28 1532416 ----a-w- c:\windows\Internet Logs\xDB148.tmp
2009-05-17 21:59 . 2009-05-17 22:00 1530368 ----a-w- c:\windows\Internet Logs\xDB147.tmp
2009-05-17 21:53 . 2009-05-17 21:53 -------- d-----w- c:\program files\ƒZƒCƒo�[ƒtƒBƒbƒVƒ…
2009-05-17 20:26 . 2009-05-17 19:58 -------- d-----w- c:\program files\TVUPlayer
2009-05-17 19:58 . 2009-05-17 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-05-17 19:57 . 2009-05-17 19:48 -------- d-----w- c:\program files\SopCast
2009-05-17 01:51 . 2009-05-17 01:44 -------- d-----w- c:\program files\bmoworld
2009-05-17 00:48 . 2009-05-17 00:48 -------- d-----w- c:\program files\TRINITRON CG
2009-05-16 18:03 . 2009-05-16 21:11 1492480 ----a-w- c:\windows\Internet Logs\xDB146.tmp
2009-05-16 18:03 . 2009-05-16 21:11 330240 ----a-w- c:\windows\Internet Logs\xDB145.tmp
2009-05-16 15:38 . 2008-09-27 20:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics
2009-05-16 15:36 . 2008-09-27 20:10 -------- d-----w- c:\program files\Auslogics
2009-05-15 23:31 . 2009-05-15 23:32 1470976 ----a-w- c:\windows\Internet Logs\xDB144.tmp
2009-05-13 00:12 . 2009-05-13 21:24 1461760 ----a-w- c:\windows\Internet Logs\xDB143.tmp
2009-05-10 20:14 . 2008-05-16 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 21:09 . 2009-05-06 21:17 1358336 ----a-w- c:\windows\Internet Logs\xDB142.tmp
2009-05-06 21:09 . 2009-05-06 21:17 94720 ----a-w- c:\windows\Internet Logs\xDB141.tmp
2009-05-05 15:51 . 2009-05-05 15:51 625728 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2009-05-04 22:51 . 2009-05-05 21:02 1820160 ----a-w- c:\windows\Internet Logs\xDB13F.tmp
2009-05-04 22:51 . 2009-05-05 21:02 32768 ----a-w- c:\windows\Internet Logs\xDB13E.tmp
2009-05-04 22:50 . 2009-05-05 21:02 1820160 ----a-w- c:\windows\Internet Logs\xDB140.tmp
2009-05-04 01:54 . 2009-05-04 21:25 49664 ----a-w- c:\windows\Internet Logs\xDB13C.tmp
2009-05-04 01:54 . 2009-05-04 21:25 1819648 ----a-w- c:\windows\Internet Logs\xDB13D.tmp
2009-05-03 23:32 . 2009-05-03 23:32 -------- d-----w- c:\documents and settings\Owner\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2009-05-03 23:30 . 2009-05-03 23:30 383645136 ----a-w- c:\documents and settings\Owner\Application Data\ijjigame\U_GBOUND_setup.exe
2009-05-03 23:29 . 2009-05-03 23:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Raptr
2009-05-03 23:28 . 2009-05-03 23:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-03 23:26 . 2009-05-03 23:30 38208 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-05-03 17:56 . 2009-05-03 22:01 1785344 ----a-w- c:\windows\Internet Logs\xDB13B.tmp
2009-05-03 17:56 . 2009-05-03 22:01 118784 ----a-w- c:\windows\Internet Logs\xDB13A.tmp
2009-05-03 04:11 . 2009-05-03 16:03 1784832 ----a-w- c:\windows\Internet Logs\xDB139.tmp
2009-05-02 23:45 . 2009-05-02 18:01 -------- d-----w- c:\program files\Tremulous
2009-05-02 17:27 . 2009-05-02 17:28 1768960 ----a-w- c:\windows\Internet Logs\xDB138.tmp
2009-05-02 14:38 . 2009-05-02 14:38 2161 ----a-w- c:\documents and settings\Owner\Application Data\.purple\certificates\x509\tls_peers\contacts.msn.com
2009-05-02 04:47 . 2009-05-02 12:29 1761792 ----a-w- c:\windows\Internet Logs\xDB137.tmp
2009-05-02 04:47 . 2009-05-02 12:29 2552832 ----a-w- c:\windows\Internet Logs\xDB136.tmp
2009-05-01 22:31 . 2009-05-01 22:31 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-01 21:03 . 2008-03-09 07:05 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-29 23:20 . 2009-04-29 23:21 81920 ----a-w- c:\windows\Internet Logs\xDB134.tmp
2009-04-29 23:20 . 2009-04-29 23:21 1734144 ----a-w- c:\windows\Internet Logs\xDB135.tmp
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 10:06 . 2009-04-25 17:29 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-04-25 17:29 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-04-25 17:29 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 626688]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 919016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2009-6-19 286720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC654325-1273-C2A9-2B7C-45A29BCE2FBD}"= "c:\program files\Stardock\Fences\DesktopDock.dll" [2009-02-25 517480]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57278:TCP"= 57278:TCP:Pando Media Booster
"57278:UDP"= 57278:UDP:Pando Media Booster
"56491:TCP"= 56491:TCP:Pando Media Booster
"56491:UDP"= 56491:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
S3 MAC607;MAC607 Filter;c:\windows\system32\DRIVERS\MAC607.sys --> c:\windows\system32\DRIVERS\MAC607.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [1/23/2004 4:33 PM 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [1/23/2004 4:32 PM 28800]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-926492609-725345543-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-08 01:41]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Executor - c:\program files\Executor\executor.exe


.
------- Supplementary Scan -------
.
uStart Page = gbatemp.net
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with Star Downloader - c:\program files\Star Downloader\sdie.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 09:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\docume~1\Owner\LOCALS~1\Temp\TMP4352$.TMP 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1801674531-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2124)
c:\program files\Stardock\Fences\DesktopDock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\dlcgcoms.exe
.
**************************************************************************
.
Completion time: 2009-06-22 10:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-22 15:03

Pre-Run: 8,092,942,336 bytes free
Post-Run: 8,017,068,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
341 --- E O F --- 2009-06-11 13:18

Attached Files

ComboFix.txt (26.1 KB, 1 views)

Angelfire777

Hi,

*I see you have P2P software ( µTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

http://www.techsupportforum.com/secu...e-sharing.html

I would strongly recommend that you uninstall this. You can do so via Control Panel >> Add or Remove Programs.


*Uninstall these two older versions of Java as they are vulnerable and they only take unnecessary space:

Java(TM) 6 Update 3
Java(TM) 6 Update 4



*Open notepad.
Copy and paste the text inside the code box below to notepad

• Save and Name it as "CFScript"
• Drag and drop CFScript.txt to your copy of combofix.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.



*Next, it's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

On your next reply, please include a

• kaspersky scan log
• combofix log