[nether_dragon]

I downloaded a torrent, then shutdown my computer. Next time I started it up, it went really slow and every time I move the mouse, the desktop icons disappear and a window pops up saying "Explorer has encountered a problem and needs to close" also something saying "run DLL as an APP has run into a problem and needs to close"

I deleted the afore mentioned download, but the problem persists and gets worse each day. Did the 5 steps, ran different cleaners, virus scans, etc. and nothing new. I tried to system restore, but it kept saying no changes made.

Here is my main.txt and extra.txt:

Deckard's System Scanner v20071014.68
Run by Tony on 2008-02-15 18:10:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-02-15 23:10:51 UTC - RP61 - Deckard's System Scanner Restore Point
60: 2008-02-15 07:26:13 UTC - RP60 - Software Distribution Service 3.0
59: 2008-02-15 06:06:25 UTC - RP59 - ComboFix created restore point
58: 2008-02-15 05:41:59 UTC - RP58 - Removed Ad-Aware 2007
57: 2008-02-15 05:24:38 UTC - RP57 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-14 00:39:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Tony.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:48 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\DOCUME~1\Tony\LOCALS~1\Temp\RtkBtMnt.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE
C:\WINDOWS\system32\sistray.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\3905K4V7\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tony.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alivenotdead.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Powerword 2003.lnk = C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PowerWord - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9000 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 3.0.1.904>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 3.0.1.904>
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>

S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-15 16:24:30 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-21 19:48:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-15 and 2008-02-15 -----------------------------

2008-02-15 18:04:10 0 d-------- C:\Program Files\SpywareBlaster
2008-02-15 16:59:15 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-15 16:45:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-15 16:45:30 0 d-------- C:\WINDOWS\LastGood
2008-02-15 01:04:44 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-15 01:04:44 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-15 01:04:44 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-15 01:04:44 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-15 00:56:34 0 dr-h----- C:\Documents and Settings\Tony\Recent
2008-02-15 00:55:12 0 d-------- C:\Program Files\CCleaner
2008-02-15 00:48:38 0 d-------- C:\WINDOWS\pss
2008-02-15 00:42:36 0 d-------- C:\WINDOWS\system32\appmgmt
2008-02-15 00:25:03 0 d-------- C:\Program Files\Trend Micro
2008-02-14 22:54:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-12 16:19:41 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-12 16:19:41 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-12 16:19:41 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-02-12 16:19:41 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-12 16:19:41 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-12 16:19:40 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-12 16:19:40 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-12 16:19:40 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-12 16:19:40 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-02-12 16:19:40 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-12 16:19:40 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-12 16:19:40 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-12 16:19:40 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-12 16:19:39 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-12 16:12:23 0 d-------- C:\Program Files\Alwil Software
2008-02-12 15:52:02 0 d-------- C:\Documents and Settings\Tony\Application Data\Grisoft
2008-02-12 15:51:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 15:40:21 0 d-------- C:\Program Files\Windows Defender
2008-02-12 14:56:48 0 d-------- C:\Documents and Settings\Tony\Application Data\Uniblue
2008-02-12 01:28:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-12 01:24:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-12 01:20:01 0 d-------- C:\Documents and Settings\Tony\Application Data\Symantec
2008-02-12 01:01:19 0 d-------- C:\Documents and Settings\Tony\Application Data\WinRAR
2008-02-12 01:00:10 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-12 01:00:10 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-12 01:00:09 0 d-------- C:\Program Files\D-Tools
2008-02-12 00:58:42 0 d-------- C:\Program Files\VideoLAN
2008-02-11 23:39:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-11 20:59:54 0 d-------- C:\Documents and Settings\Tony\Application Data\Kingsoft
2008-02-11 20:35:27 368912 --a------ C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-02-11 20:35:27 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:27 415504 --a------ C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-02-11 20:35:27 330000 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:27 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2008-02-11 20:35:26 287504 --a------ C:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:26 166672 --a------ C:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:26 252176 --a------ C:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:26 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:26 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:26 1238288 --a------ C:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:25 24848 --a------ C:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:25 123664 --a------ C:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:25 1050896 --a------ C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:25 252688 --a------ C:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:34:39 539968 --a------ C:\WINDOWS\system32\Voctool.dll <Not Verified; Kingsoft, Co.; VocTool>
2008-02-11 20:34:39 525824 --a------ C:\WINDOWS\system32\VOCTL32.DLL <Not Verified; Voxware, Inc.; ToolVox>
2008-02-11 20:34:39 19760 --a------ C:\WINDOWS\system32\Ractdnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-02-11 20:34:39 53568 --a------ C:\WINDOWS\system32\Ract14_4.dll <Not Verified; Progressive Networks, Inc.; 14.4 Audio Codec for RealAudio(tm) (16-bit) Version 3.0>
2008-02-11 20:34:39 14848 --a------ C:\WINDOWS\system32\Ra32dnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-02-11 20:34:39 72704 --a------ C:\WINDOWS\system32\Ra3228_8.dll <Not Verified; Progressive Networks, Inc.; 28.8 Audio Codec for RealAudio(tm) (32-bit) Version 3.0>
2008-02-11 20:34:39 81920 --a------ C:\WINDOWS\system32\Ra3214_4.dll <Not Verified; Progressive Networks, Inc.; 14.4 Audio Codec for RealAudio(tm) (32-bit) Version 3.0>
2008-02-11 20:34:39 189952 --a------ C:\WINDOWS\system32\Pnui3230.dll <Not Verified; Progressive Networks, Inc.; High-level Support Library for RealAudio® (32-bit) Version 3.0>
2008-02-11 20:34:39 27024 --a------ C:\WINDOWS\system32\Pnloader.dll <Not Verified; Progressive Networks, Inc.; Dynamic Load and Bind Support for RealAudio® (16-bit) Version 3.0>
2008-02-11 20:34:39 163328 --a------ C:\WINDOWS\system32\Pnen3230.dll <Not Verified; Progressive Networks, Inc.; Core Support Library for RealAudio® (32-bit) Version 3.0>
2008-02-11 20:34:39 61440 --a------ C:\WINDOWS\system32\Decdnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-02-11 20:34:08 0 d-------- C:\Program Files\Kingsoft
2008-02-11 20:34:08 0 d-------- C:\Program Files\Common Files\KingSoft
2008-02-11 01:12:13 0 d-------- C:\Documents and Settings\Tony\Application Data\Move Networks
2008-01-31 10:49:07 0 d-------- C:\Program Files\iPod
2008-01-24 00:33:39 73728 -ra------ C:\WINDOWS\system32\CNMCP4o.exe <Not Verified; CANON INC.; Canon BJ Raster Printer Driver Installer>
2008-01-24 00:33:38 0 d--h----- C:\BJPrinter
2008-01-24 00:29:14 0 d-------- C:\Temp
2008-01-23 00:53:17 0 d-------- C:\Documents and Settings\Tony\Application Data\DivX
2008-01-23 00:52:16 0 d-------- C:\Program Files\DivX
2008-01-22 11:20:27 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-22 11:20:27 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-22 11:20:26 0 d-------- C:\Program Files\Xvid
2008-01-21 23:42:56 0 d-------- C:\Program Files\Gabest
2008-01-21 23:24:09 0 d-------- C:\Documents and Settings\Tony\Application Data\BSplayer
2008-01-21 23:24:09 0 d-------- C:\Documents and Settings\Tony\Application Data\BSplayer Pro
2008-01-21 23:05:43 0 d-------- C:\Program Files\AC3Filter
2008-01-21 13:15:43 0 d-------- C:\Documents and Settings\Tony\Application Data\BitTorrent
2008-01-21 13:15:33 0 d-------- C:\Program Files\DNA
2008-01-21 13:15:33 0 d-------- C:\Program Files\BitTorrent
2008-01-21 13:15:33 0 d-------- C:\Documents and Settings\Tony\Application Data\DNA
2008-01-18 00:56:15 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-18 00:55:18 0 d-------- C:\WINDOWS\SHELLNEW
2008-01-18 00:50:17 0 d-------- C:\Program Files\Microsoft.NET
2008-01-18 00:47:16 0 dr-h----- C:\MSOCache
2008-01-16 21:39:38 0 d-------- C:\Documents and Settings\Tony\Application Data\BitSpirit
2008-01-16 21:39:00 0 d-------- C:\Program Files\BitSpirit
2008-01-15 00:16:10 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


-- Find3M Report ---------------------------------------------------------------

2008-02-15 17:16:12 0 d-------- C:\Program Files\Launch Manager
2008-02-15 17:15:55 0 d-------- C:\Program Files\iTunes
2008-02-15 17:15:17 0 d-------- C:\Program Files\Google
2008-02-15 17:13:31 0 d-------- C:\Program Files\Arcade
2008-02-15 01:48:28 0 d-------- C:\Program Files\Common Files
2008-02-11 20:34:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-03 15:55:48 0 d-------- C:\Documents and Settings\Tony\Application Data\Apple Computer
2008-01-31 10:47:44 0 d-------- C:\Program Files\QuickTime
2008-01-14 21:01:55 0 d-------- C:\Program Files\Apple Software Update
2008-01-14 21:01:13 0 d-------- C:\Program Files\Common Files\Apple
2008-01-14 03:58:51 0 d-------- C:\Program Files\Windows Journal Viewer
2008-01-14 02:34:47 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-14 02:34:21 0 d-------- C:\Program Files\Logitech
2008-01-14 02:25:09 0 d-------- C:\Documents and Settings\Tony\Application Data\Google
2008-01-14 00:46:55 0 d-------- C:\Program Files\Western Digital
2008-01-14 00:46:32 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-14 00:41:04 0 d-------- C:\Program Files\Western Digital Technologies
2008-01-14 00:22:36 0 d-------- C:\Documents and Settings\Tony\Application Data\Adobe
2008-01-14 00:18:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-13 23:55:00 0 d-------- C:\Program Files\MSXML 4.0
2008-01-13 23:30:16 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-13 23:10:51 0 d-------- C:\Program Files\Windows Live
2008-01-13 23:10:29 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-13 22:41:20 0 d-------- C:\Program Files\Messenger
2008-01-13 20:18:23 0 d-------- C:\Program Files\Phoenix Technologies Ltd
2008-01-13 20:17:29 0 d-------- C:\Program Files\Synaptics
2008-01-13 20:16:46 0 d-------- C:\Program Files\SiS VGA Utilities V3.65f
2008-01-13 20:16:30 0 d-------- C:\Program Files\sisagp
2008-01-13 20:16:07 1 --a------ C:\WINDOWS\~sisRslt
2008-01-13 20:14:18 0 d-------- C:\Program Files\Realtek AC97
2008-01-13 20:09:34 0 d-------- C:\Program Files\CyberLink
2008-01-13 20:06:31 0 d-------- C:\Program Files\WIDCOMM
2008-01-13 20:00:46 0 d-------- C:\Documents and Settings\Tony\Application Data\Macromedia
2008-01-13 19:39:24 0 d-------- C:\Documents and Settings\Tony\Application Data\Identities
2008-01-13 19:30:14 0 d-------- C:\Program Files\microsoft frontpage
2008-01-13 19:29:57 0 -rahs---- C:\MSDOS.SYS
2008-01-13 19:29:57 0 -rahs---- C:\IO.SYS
2008-01-13 19:29:57 0 --a------ C:\CONFIG.SYS
2008-01-13 19:29:57 0 --a------ C:\AUTOEXEC.BAT
2008-01-13 19:28:22 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-13 19:28:17 0 d-------- C:\Program Files\Online Services
2008-01-13 19:27:21 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-13 19:27:02 0 d-------- C:\Program Files\Movie Maker
2008-01-13 19:25:43 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-13 19:25:05 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-13 19:24:55 0 d-------- C:\Program Files\Windows NT
2008-01-13 14:10:52 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-13 14:10:46 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-13 14:10:09 62 --ahs---- C:\Documents and Settings\Tony\Application Data\desktop.ini
2008-01-04 16:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 16:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 16:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 16:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 16:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [10/08/2004 10:50 AM C:\WINDOWS\AGRSMMSG.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [03/09/2005 06:59 PM]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [02/23/2005 11:04 AM]
"SoundMan"="SOUNDMAN.EXE" [03/01/2006 04:22 PM C:\WINDOWS\soundman.exe]
"SiSPower"="SiSPower.dll" [02/25/2005 07:35 PM C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [03/04/2005 01:13 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/08/2004 02:44 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/08/2004 02:43 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 07:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 07:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 07:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 07:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [07/19/2005 05:32 PM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 03:24 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 03:14 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/08/2005 02:44 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [02/12/2008 02:19 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [5/25/2004 3:38:42 PM]
Powerword 2003.lnk - C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE [2/11/2008 8:34:32 PM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [1/13/2008 8:16:09 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cb566d8-d10f-11dc-bd7e-00c09fb89fe6}]
AutoRun\command- G:\3g08.bat
explore\Command- G:\3g08.bat
open\Command- G:\3g08.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef68e81-c25f-11dc-bd5e-00c09fb89fe6}]
AutoRun\command- wd_windows_tools\setup.exe

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-02-15 18:12:35 ------------

Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0014A4214DB3. The IP address being used is 169.254.137.212.

Event Record #/Type2674 / Warning
Event Submitted/Written: 02/15/2008 02:28:43 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A4214DB3. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2672 / Warning
Event Submitted/Written: 02/15/2008 02:28:10 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A4214DB3. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2667 / Warning
Event Submitted/Written: 02/15/2008 02:27:40 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A4214DB3. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-02-15 18:12:35 ------------

Thanks a lot!
Tony

 

[nether_dragon]

Forgot to add:

Incident Status Location

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Tony\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Tony\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe

 

[nether_dragon]

Bump!

 

[Ried]

Hello nether_dragon,

Please post the C:\ComboFix.txt that you ran on 2/15

 

[nether_dragon]

ComboFix 08-02-15.1 - Tony 2008-02-15 1:07:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.113 [GMT -5:00]
Running from: C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\ZTTFZISE\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\_000042_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-15 00:55 . 2008-02-15 00:55 <DIR> d-------- C:\Program Files\CCleaner
2008-02-15 00:25 . 2008-02-15 00:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 00:14 . 2008-02-15 00:14 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-14 22:54 . 2008-02-14 22:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-12 16:12 . 2008-02-12 16:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-12 16:12 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-12 16:12 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-12 16:12 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-12 16:12 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-12 16:12 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-12 16:12 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-12 16:12 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-12 16:12 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-12 15:52 . 2008-02-12 15:52 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Grisoft
2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 15:51 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 15:40 . 2008-02-12 15:40 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-12 14:56 . 2008-02-12 14:56 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Uniblue
2008-02-12 01:28 . 2008-02-12 01:28 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-02-12 01:28 . 2008-02-12 02:02 <DIR> d-------- C:\Program Files\Symantec
2008-02-12 01:28 . 2008-02-12 02:17 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-02-12 01:28 . 2008-02-12 01:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-12 01:28 . 2008-02-12 02:02 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-12 01:28 . 2008-02-12 02:02 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-12 01:28 . 2008-02-12 02:02 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-12 01:28 . 2008-02-12 02:02 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-12 01:24 . 2008-02-15 00:28 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-12 01:20 . 2008-02-12 01:20 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Symantec
2008-02-12 01:00 . 2008-02-12 01:00 <DIR> d-------- C:\Program Files\D-Tools
2008-02-12 01:00 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-12 01:00 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-12 00:58 . 2008-02-12 00:58 <DIR> d-------- C:\Program Files\VideoLAN
2008-02-11 23:39 . 2008-02-15 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-11 20:59 . 2008-02-11 20:59 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Kingsoft
2008-02-11 20:59 . 2008-02-11 21:00 66 --a------ C:\WINDOWS\xdict.INI
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Kingsoft
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Common Files\KingSoft
2008-02-11 20:34 . 2002-11-28 03:34 2,986,038 --a------ C:\WINDOWS\CIBAH.BMP
2008-02-11 01:12 . 2008-02-11 01:12 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Move Networks
2008-02-01 02:35 . 2008-02-01 02:35 244 --ah----- C:\sqmnoopt10.sqm
2008-02-01 02:35 . 2008-02-01 02:35 232 --ah----- C:\sqmdata10.sqm
2008-02-01 00:18 . 2008-02-01 00:18 244 --ah----- C:\sqmnoopt09.sqm
2008-02-01 00:18 . 2008-02-01 00:18 232 --ah----- C:\sqmdata09.sqm
2008-02-01 00:15 . 2008-02-01 00:15 244 --ah----- C:\sqmnoopt08.sqm
2008-02-01 00:15 . 2008-02-01 00:15 232 --ah----- C:\sqmdata08.sqm
2008-01-31 10:49 . 2008-01-31 10:49 <DIR> d-------- C:\Program Files\iPod
2008-01-31 01:40 . 2008-01-31 01:40 244 --ah----- C:\sqmnoopt07.sqm
2008-01-31 01:40 . 2008-01-31 01:40 232 --ah----- C:\sqmdata07.sqm
2008-01-31 01:35 . 2008-01-31 01:35 244 --ah----- C:\sqmnoopt06.sqm
2008-01-31 01:35 . 2008-01-31 01:35 232 --ah----- C:\sqmdata06.sqm
2008-01-30 12:54 . 2008-01-30 12:54 244 --ah----- C:\sqmnoopt05.sqm
2008-01-30 12:54 . 2008-01-30 12:54 232 --ah----- C:\sqmdata05.sqm
2008-01-30 00:00 . 2008-01-30 00:00 244 --ah----- C:\sqmnoopt04.sqm
2008-01-30 00:00 . 2008-01-30 00:00 232 --ah----- C:\sqmdata04.sqm
2008-01-29 23:29 . 2008-01-29 23:29 244 --ah----- C:\sqmnoopt03.sqm
2008-01-29 23:29 . 2008-01-29 23:29 232 --ah----- C:\sqmdata03.sqm
2008-01-29 23:26 . 2008-01-29 23:26 244 --ah----- C:\sqmnoopt02.sqm
2008-01-29 23:26 . 2008-01-29 23:26 232 --ah----- C:\sqmdata02.sqm
2008-01-28 03:25 . 2008-01-28 03:25 244 --ah----- C:\sqmnoopt01.sqm
2008-01-28 03:25 . 2008-01-28 03:25 232 --ah----- C:\sqmdata01.sqm
2008-01-24 00:33 . 2002-11-09 08:00 88,576 --a------ C:\WINDOWS\system32\CNMLM4o.DLL
2008-01-24 00:33 . 2002-10-03 18:23 73,728 -ra------ C:\WINDOWS\system32\CNMCP4o.exe
2008-01-24 00:33 . 2002-11-09 08:00 5,632 --a------ C:\WINDOWS\system32\CNMVS4o.DLL
2008-01-24 00:29 . 2008-01-24 00:33 <DIR> d-------- C:\Temp\i70_2KXP_v163
2008-01-24 00:29 . 2008-01-24 00:33 <DIR> d-------- C:\Temp\Canon_i70_2KXP_v163
2008-01-24 00:29 . 2008-01-24 00:29 <DIR> d-------- C:\Temp
2008-01-24 00:20 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-24 00:20 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-23 00:53 . 2008-01-23 00:53 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\DivX
2008-01-23 00:52 . 2008-01-23 00:52 <DIR> d-------- C:\Program Files\DivX
2008-01-23 00:45 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-01-23 00:45 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-01-23 00:45 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-01-22 11:20 . 2008-01-22 11:20 <DIR> d-------- C:\Program Files\Xvid
2008-01-22 11:20 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-22 11:20 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-22 11:20 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-21 23:42 . 2008-01-21 23:42 <DIR> d-------- C:\Program Files\Gabest
2008-01-21 23:24 . 2008-01-21 23:24 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\BSplayer Pro
2008-01-21 23:24 . 2008-01-21 23:31 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\BSplayer
2008-01-21 23:05 . 2008-01-21 23:05 <DIR> d-------- C:\Program Files\AC3Filter
2008-01-21 23:05 . 2007-08-18 02:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-01-21 13:15 . 2008-01-21 13:15 <DIR> d-------- C:\Program Files\DNA
2008-01-21 13:15 . 2008-01-21 13:15 <DIR> d-------- C:\Program Files\BitTorrent
2008-01-21 13:15 . 2008-02-15 01:04 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\DNA
2008-01-21 13:15 . 2008-02-11 23:27 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\BitTorrent
2008-01-18 00:57 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-18 00:57 . 2008-01-18 00:57 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-18 00:56 . 2008-01-18 00:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-18 00:55 . 2008-01-18 00:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-18 00:50 . 2008-01-18 00:50 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-18 00:47 . 2008-01-18 00:47 <DIR> dr-h----- C:\MSOCache
2008-01-16 21:39 . 2008-01-21 13:17 <DIR> d-------- C:\Program Files\BitSpirit
2008-01-16 21:39 . 2008-01-16 21:39 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\BitSpirit
2008-01-15 00:16 . 2008-01-15 00:16 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 01:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 20:55 --------- d-----w C:\Documents and Settings\Tony\Application Data\Apple Computer
2008-01-31 15:49 --------- d-----w C:\Program Files\iTunes
2008-01-31 15:47 --------- d-----w C:\Program Files\QuickTime
2008-01-19 06:24 --------- d-s---w C:\Documents and Settings\All Users\Application Data\Memeo
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-15 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 02:01 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-15 02:01 --------- d-----w C:\Program Files\Apple Software Update
2008-01-15 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-15 01:48 --------- d-----w C:\Program Files\Launch Manager
2008-01-14 08:58 --------- d-----w C:\Program Files\Windows Journal Viewer
2008-01-14 07:34 --------- d-----w C:\Program Files\Logitech
2008-01-14 07:34 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-14 05:46 --------- d-----w C:\Program Files\Western Digital
2008-01-14 05:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-14 05:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-14 05:41 --------- d-----w C:\Program Files\Western Digital Technologies
2008-01-14 05:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-14 05:16 --------- d-----w C:\Program Files\Google
2008-01-14 04:55 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-14 04:30 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-14 04:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-14 04:10 --------- d-----w C:\Program Files\Windows Live
2008-01-14 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-14 01:18 --------- d-----w C:\Program Files\Phoenix Technologies Ltd
2008-01-14 01:17 --------- d-----w C:\Program Files\Synaptics
2008-01-14 01:16 --------- d-----w C:\Program Files\sisagp
2008-01-14 01:16 --------- d-----w C:\Program Files\SiS VGA Utilities V3.65f
2008-01-14 01:14 --------- d-----w C:\Program Files\Realtek AC97
2008-01-14 01:09 --------- d-----w C:\Program Files\CyberLink
2008-01-14 01:09 --------- d-----w C:\Program Files\Arcade
2008-01-14 01:06 --------- d-----w C:\Program Files\WIDCOMM
2008-01-14 01:05 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-14 00:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2006-10-03 07:43 2,402,550 ----a-w C:\WINDOWS\inf\SET337.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-12 02:07 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-12 02:19 287040]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 10:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-02-23 11:04 315392]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 577536 C:\WINDOWS\soundman.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-05-25 15:38:42 565309]
Powerword 2003.lnk - C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE [2008-02-11 20:34:32 823296]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-01-13 20:16:09 331776]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 16:43]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2008-01-31 13:15]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cb566d8-d10f-11dc-bd7e-00c09fb89fe6}]
\Shell\AutoRun\command - G:\3g08.bat
\Shell\explore\Command - G:\3g08.bat
\Shell\open\Command - G:\3g08.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef68e81-c25f-11dc-bd5e-00c09fb89fe6}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

*Newly Created Service* - APPMGMT
.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 00:48:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 05:31:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-12 06:48:55 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Tony.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 01:11:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-15 1:12:43
ComboFix-quarantined-files.txt 2008-02-15 06:12:24
.
2008-02-15 05:25:11 --- E O F ---

 

[nether_dragon]

This is the quarantined files text:

2004-08-04 07:00 111104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000011_.tmp.dll.vir
2004-08-04 07:00 132096 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000014_.tmp.dll.vir
2004-08-04 07:00 144896 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000009_.tmp.dll.vir
2004-08-04 07:00 1835904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000012_.tmp.dll.vir
2004-08-04 07:00 34304 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir
2004-08-04 07:00 553472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000013_.tmp.dll.vir
2004-08-04 07:00 611328 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000010_.tmp.dll.vir
2004-08-04 07:00 68608 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000042_.tmp.dll.vir
2004-08-04 07:00 721920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000007_.tmp.dll.vir
2004-08-04 07:00 96768 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000003_.tmp.dll.vir
2004-08-04 07:00 983552 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir



Thanks a lot!!!

 

[Ried]

You're welcome, nether_dragon.

Before we continue, move ComboFix.exe out of your temp internet directory and onto your desktop. It may be easier for you to simply download ComboFix.exe again from any of the links below, and save it to your desktop:

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

 

[nether_dragon]

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

[Ried]

The log appears as it should, you may reboot your system.

Download Flash_Disinfector.exe and save it to your desktop.

--------------------------------------------------------------------

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

-----------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

How is the system behaving now?

 

[nether_dragon]

My system still doesn't work well. It keeps flashing the desktop icons when I move the mouse around. Upon start-up I always open the task manager so that it will say "Task Manager is not working properly and needs to close". Then I click "ok", then it asks to "send a report or don't send" and I don't click either. I just move the non-working task manager and the send/don't send windows off to the side and the computer works fine.

Also, the taskbar at the bottom of the screen has all my open windows crammed into the right side, and all my quick launch buttons, which are normally just allow 3 to show, now show all of them.

 

[nether_dragon]

ComboFix 08-02-15.2 - Tony 2008-02-21 1:44:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.187 [GMT -5:00]
Running from: C:\Documents and Settings\Tony\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-17 15:27 . 2008-02-17 16:00 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\skypePM
2008-02-17 15:27 . 2008-02-17 15:27 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-17 15:22 . 2008-02-21 00:36 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Skype
2008-02-17 15:21 . 2008-02-17 15:21 <DIR> d-------- C:\Program Files\Skype
2008-02-17 15:21 . 2008-02-17 15:21 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-17 15:21 . 2008-02-17 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-17 12:08 . 2008-02-17 12:08 244 --ah----- C:\sqmnoopt16.sqm
2008-02-17 12:08 . 2008-02-17 12:08 232 --ah----- C:\sqmdata16.sqm
2008-02-17 12:07 . 2008-02-17 12:07 244 --ah----- C:\sqmnoopt15.sqm
2008-02-17 12:07 . 2008-02-17 12:07 232 --ah----- C:\sqmdata15.sqm
2008-02-16 19:01 . 2008-02-16 19:01 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\vlc
2008-02-16 17:39 . 2008-02-16 17:39 244 --ah----- C:\sqmnoopt14.sqm
2008-02-16 17:39 . 2008-02-16 17:39 232 --ah----- C:\sqmdata14.sqm
2008-02-16 17:26 . 2008-02-16 17:26 244 --ah----- C:\sqmnoopt13.sqm
2008-02-16 17:26 . 2008-02-16 17:26 232 --ah----- C:\sqmdata13.sqm
2008-02-16 16:31 . 2008-02-16 16:31 244 --ah----- C:\sqmnoopt12.sqm
2008-02-16 16:31 . 2008-02-16 16:31 232 --ah----- C:\sqmdata12.sqm
2008-02-16 12:07 . 2008-02-16 12:07 244 --ah----- C:\sqmnoopt11.sqm
2008-02-16 12:07 . 2008-02-16 12:07 232 --ah----- C:\sqmdata11.sqm
2008-02-15 18:10 . 2008-02-15 18:10 <DIR> d-------- C:\Deckard
2008-02-15 18:04 . 2008-02-15 18:04 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-15 18:04 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-15 16:59 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-15 16:45 . 2008-02-15 17:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-15 16:45 . 2008-02-15 16:47 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-15 16:45 . 2008-02-15 16:47 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-15 16:45 . 2008-02-15 16:47 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-15 02:27 . 2008-02-15 02:29 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-15 00:55 . 2008-02-15 00:55 <DIR> d-------- C:\Program Files\CCleaner
2008-02-15 00:25 . 2008-02-15 00:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 22:54 . 2008-02-14 22:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-12 16:12 . 2008-02-12 16:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-12 16:12 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-12 16:12 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-12 16:12 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-12 16:12 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-12 16:12 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-12 16:12 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-12 16:12 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-12 16:12 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-12 15:52 . 2008-02-12 15:52 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Grisoft
2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 15:51 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 15:40 . 2008-02-15 17:18 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-12 14:56 . 2008-02-12 14:56 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Uniblue
2008-02-12 01:28 . 2008-02-15 01:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-12 01:24 . 2008-02-15 01:54 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-12 01:20 . 2008-02-12 01:20 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Symantec
2008-02-12 01:00 . 2008-02-15 17:15 <DIR> d-------- C:\Program Files\D-Tools
2008-02-12 01:00 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-12 01:00 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-12 00:58 . 2008-02-12 00:58 <DIR> d-------- C:\Program Files\VideoLAN
2008-02-11 23:39 . 2008-02-15 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-11 20:59 . 2008-02-11 20:59 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Kingsoft
2008-02-11 20:59 . 2008-02-11 21:00 66 --a------ C:\WINDOWS\xdict.INI
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Kingsoft
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Common Files\KingSoft
2008-02-11 20:34 . 2002-11-28 03:34 2,986,038 --a------ C:\WINDOWS\CIBAH.BMP
2008-02-11 01:12 . 2008-02-11 01:12 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Move Networks
2008-02-01 02:35 . 2008-02-01 02:35 244 --ah----- C:\sqmnoopt10.sqm
2008-02-01 02:35 . 2008-02-01 02:35 232 --ah----- C:\sqmdata10.sqm
2008-02-01 00:18 . 2008-02-01 00:18 244 --ah----- C:\sqmnoopt09.sqm
2008-02-01 00:18 . 2008-02-01 00:18 232 --ah----- C:\sqmdata09.sqm
2008-02-01 00:15 . 2008-02-01 00:15 244 --ah----- C:\sqmnoopt08.sqm
2008-02-01 00:15 . 2008-02-01 00:15 232 --ah----- C:\sqmdata08.sqm
2008-01-31 10:49 . 2008-01-31 10:49 <DIR> d-------- C:\Program Files\iPod
2008-01-31 01:40 . 2008-01-31 01:40 244 --ah----- C:\sqmnoopt07.sqm
2008-01-31 01:40 . 2008-01-31 01:40 232 --ah----- C:\sqmdata07.sqm
2008-01-31 01:35 . 2008-01-31 01:35 244 --ah----- C:\sqmnoopt06.sqm
2008-01-31 01:35 . 2008-01-31 01:35 232 --ah----- C:\sqmdata06.sqm
2008-01-30 12:54 . 2008-01-30 12:54 244 --ah----- C:\sqmnoopt05.sqm
2008-01-30 12:54 . 2008-01-30 12:54 232 --ah----- C:\sqmdata05.sqm
2008-01-30 00:00 . 2008-01-30 00:00 244 --ah----- C:\sqmnoopt04.sqm
2008-01-30 00:00 . 2008-01-30 00:00 232 --ah----- C:\sqmdata04.sqm
2008-01-29 23:29 . 2008-01-29 23:29 244 --ah----- C:\sqmnoopt03.sqm
2008-01-29 23:29 . 2008-01-29 23:29 232 --ah----- C:\sqmdata03.sqm
2008-01-29 23:26 . 2008-01-29 23:26 244 --ah----- C:\sqmnoopt02.sqm
2008-01-29 23:26 . 2008-01-29 23:26 232 --ah----- C:\sqmdata02.sqm
2008-01-28 03:25 . 2008-01-28 03:25 244 --ah----- C:\sqmnoopt01.sqm
2008-01-28 03:25 . 2008-01-28 03:25 232 --ah----- C:\sqmdata01.sqm
2008-01-24 00:33 . 2008-01-24 00:33 <DIR> d--h----- C:\BJPrinter
2008-01-24 00:33 . 2002-11-09 08:00 88,576 --a------ C:\WINDOWS\system32\CNMLM4o.DLL
2008-01-24 00:33 . 2002-10-03 18:23 73,728 -ra------ C:\WINDOWS\system32\CNMCP4o.exe
2008-01-24 00:33 . 2002-11-09 08:00 5,632 --a------ C:\WINDOWS\system32\CNMVS4o.DLL
2008-01-24 00:29 . 2008-01-24 00:33 <DIR> d-------- C:\Temp\i70_2KXP_v163
2008-01-24 00:29 . 2008-01-24 00:33 <DIR> d-------- C:\Temp\Canon_i70_2KXP_v163
2008-01-24 00:29 . 2008-01-24 00:29 <DIR> d-------- C:\Temp
2008-01-24 00:20 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-24 00:20 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-23 00:53 . 2008-01-23 00:53 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\DivX
2008-01-23 00:52 . 2008-01-23 00:52 <DIR> d-------- C:\Program Files\DivX
2008-01-23 00:45 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-01-23 00:45 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-01-23 00:45 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-01-22 11:20 . 2008-01-22 11:20 <DIR> d-------- C:\Program Files\Xvid
2008-01-22 11:20 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-22 11:20 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-22 11:20 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-21 23:42 . 2008-01-21 23:42 <DIR> d-------- C:\Program Files\Gabest
2008-01-21 23:24 . 2008-01-21 23:24 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\BSplayer Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 22:16 --------- d-----w C:\Program Files\Launch Manager
2008-02-15 22:15 --------- d-----w C:\Program Files\iTunes
2008-02-15 22:15 --------- d-----w C:\Program Files\Google
2008-02-15 22:13 --------- d-----w C:\Program Files\Arcade
2008-02-12 01:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 20:55 --------- d-----w C:\Documents and Settings\Tony\Application Data\Apple Computer
2008-01-31 15:47 --------- d-----w C:\Program Files\QuickTime
2008-01-21 18:17 --------- d-----w C:\Program Files\BitSpirit
2008-01-19 06:24 --------- d-s---w C:\Documents and Settings\All Users\Application Data\Memeo
2008-01-18 05:56 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-18 05:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-17 02:39 --------- d-----w C:\Documents and Settings\Tony\Application Data\BitSpirit
2008-01-15 05:16 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-15 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 02:01 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-15 02:01 --------- d-----w C:\Program Files\Apple Software Update
2008-01-15 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-14 08:58 --------- d-----w C:\Program Files\Windows Journal Viewer
2008-01-14 07:34 --------- d-----w C:\Program Files\Logitech
2008-01-14 07:34 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-14 05:46 --------- d-----w C:\Program Files\Western Digital
2008-01-14 05:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-14 05:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-14 05:41 --------- d-----w C:\Program Files\Western Digital Technologies
2008-01-14 05:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-14 04:55 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-14 04:30 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-14 04:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-14 04:10 --------- d-----w C:\Program Files\Windows Live
2008-01-14 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-14 01:18 --------- d-----w C:\Program Files\Phoenix Technologies Ltd
2008-01-14 01:17 --------- d-----w C:\Program Files\Synaptics
2008-01-14 01:16 --------- d-----w C:\Program Files\sisagp
2008-01-14 01:16 --------- d-----w C:\Program Files\SiS VGA Utilities V3.65f
2008-01-14 01:14 --------- d-----w C:\Program Files\Realtek AC97
2008-01-14 01:09 --------- d-----w C:\Program Files\CyberLink
2008-01-14 01:06 --------- d-----w C:\Program Files\WIDCOMM
2008-01-14 01:05 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-14 00:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-10-03 07:43 2,402,550 ----a-w C:\WINDOWS\inf\SET337.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-12 02:19 287040]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 10:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-02-23 11:04 315392]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 577536 C:\WINDOWS\soundman.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-05-25 15:38:42 565309]
Powerword 2003.lnk - C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE [2008-02-11 20:34:32 823296]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-01-13 20:16:09 331776]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 16:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cb566d8-d10f-11dc-bd7e-00c09fb89fe6}]
\Shell\AutoRun\command - G:\3g08.bat
\Shell\explore\Command - G:\3g08.bat
\Shell\open\Command - G:\3g08.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef68e81-c25f-11dc-bd5e-00c09fb89fe6}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 00:48:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-21 05:27:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 01:47:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Kingsoft\Powerword 2003\Cjktl32.dll
.
Completion time: 2008-02-21 1:48:33
ComboFix-quarantined-files.txt 2008-02-21 06:48:14
ComboFix2.txt 2008-02-17 22:25:22
ComboFix3.txt 2008-02-15 06:12:44
.
2008-02-15 07:32:40 --- E O F ---

 

[Ried]

After you've carried out my last set of instructions, please provide me with an update on the system behavior along with the requested logs.

 

[nether_dragon]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:16 AM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\DOCUME~1\Tony\LOCALS~1\Temp\RtkBtMnt.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE
C:\WINDOWS\system32\sistray.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alivenotdead.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Powerword 2003.lnk = C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PowerWord - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9275 bytes



System is still the same, no changes.

 

[Ried]

Sorry about that--we cross posted. :smile:

What is your G:\ drive?

 

[Ried]

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

**Please ensure the removable media that is typically your G:\ drive is insterted.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

File::
G:\3g08.bat

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cb566d8-d10f-11dc-bd7e-00c09fb89fe6}]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Any improvement yet?

 

[nether_dragon]

I don't have one right now. It might be my external hard-drive, but I haven't plugged it in since the problems began for fear of corrupting it as well.

I have an external hard drive and an iPhone that I plug into my computer.

 

[Ried]

You'll have to insert whatever it is as that's the source:

G:\3g08.bat

Most likely it's whatever you had attached to the computer when you were downloading the bittorrent.

-------------------------------------------

It would also be helpful if you could carry out an online scan at Kaspersky:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
      [*]Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

 

[nether_dragon]

ComboFix 08-02-15.2 - Tony 2008-02-21 2:37:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.152 [GMT -5:00]
Running from: C:\Documents and Settings\Tony\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tony\Desktop\CFScript.txt
* Created a new restore point

FILE
G:\3g08.bat
.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-17 15:27 . 2008-02-17 16:00 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\skypePM
2008-02-17 15:27 . 2008-02-17 15:27 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-17 15:22 . 2008-02-21 01:58 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Skype
2008-02-17 15:21 . 2008-02-17 15:21 <DIR> d-------- C:\Program Files\Skype
2008-02-17 15:21 . 2008-02-17 15:21 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-17 15:21 . 2008-02-17 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-17 12:08 . 2008-02-17 12:08 244 --ah----- C:\sqmnoopt16.sqm
2008-02-17 12:08 . 2008-02-17 12:08 232 --ah----- C:\sqmdata16.sqm
2008-02-17 12:07 . 2008-02-17 12:07 244 --ah----- C:\sqmnoopt15.sqm
2008-02-17 12:07 . 2008-02-17 12:07 232 --ah----- C:\sqmdata15.sqm
2008-02-16 19:01 . 2008-02-16 19:01 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\vlc
2008-02-16 17:39 . 2008-02-16 17:39 244 --ah----- C:\sqmnoopt14.sqm
2008-02-16 17:39 . 2008-02-16 17:39 232 --ah----- C:\sqmdata14.sqm
2008-02-16 17:26 . 2008-02-16 17:26 244 --ah----- C:\sqmnoopt13.sqm
2008-02-16 17:26 . 2008-02-16 17:26 232 --ah----- C:\sqmdata13.sqm
2008-02-16 16:31 . 2008-02-16 16:31 244 --ah----- C:\sqmnoopt12.sqm
2008-02-16 16:31 . 2008-02-16 16:31 232 --ah----- C:\sqmdata12.sqm
2008-02-16 12:07 . 2008-02-16 12:07 244 --ah----- C:\sqmnoopt11.sqm
2008-02-16 12:07 . 2008-02-16 12:07 232 --ah----- C:\sqmdata11.sqm
2008-02-15 18:10 . 2008-02-15 18:10 <DIR> d-------- C:\Deckard
2008-02-15 18:04 . 2008-02-15 18:04 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-15 18:04 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-15 16:59 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-15 16:45 . 2008-02-15 17:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-15 16:45 . 2008-02-15 16:47 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-15 16:45 . 2008-02-15 16:47 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-15 16:45 . 2008-02-15 16:47 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-15 02:27 . 2008-02-15 02:29 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-15 00:55 . 2008-02-15 00:55 <DIR> d-------- C:\Program Files\CCleaner
2008-02-15 00:25 . 2008-02-15 00:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 22:54 . 2008-02-14 22:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-12 16:12 . 2008-02-12 16:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-12 16:12 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-12 16:12 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-12 16:12 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-12 16:12 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-12 16:12 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-12 16:12 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-12 16:12 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-12 16:12 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-12 15:52 . 2008-02-12 15:52 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Grisoft
2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 15:51 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 15:40 . 2008-02-15 17:18 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-12 14:56 . 2008-02-12 14:56 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Uniblue
2008-02-12 01:28 . 2008-02-15 01:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-12 01:24 . 2008-02-15 01:54 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-12 01:20 . 2008-02-12 01:20 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Symantec
2008-02-12 01:00 . 2008-02-15 17:15 <DIR> d-------- C:\Program Files\D-Tools
2008-02-12 01:00 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-12 01:00 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-12 00:58 . 2008-02-12 00:58 <DIR> d-------- C:\Program Files\VideoLAN
2008-02-11 23:39 . 2008-02-15 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-11 20:59 . 2008-02-11 20:59 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Kingsoft
2008-02-11 20:59 . 2008-02-11 21:00 66 --a------ C:\WINDOWS\xdict.INI
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Kingsoft
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Common Files\KingSoft
2008-02-11 20:34 . 2002-11-28 03:34 2,986,038 --a------ C:\WINDOWS\CIBAH.BMP
2008-02-11 01:12 . 2008-02-11 01:12 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Move Networks
2008-02-01 02:35 . 2008-02-01 02:35 244 --ah----- C:\sqmnoopt10.sqm
2008-02-01 02:35 . 2008-02-01 02:35 232 --ah----- C:\sqmdata10.sqm
2008-02-01 00:18 . 2008-02-01 00:18 244 --ah----- C:\sqmnoopt09.sqm
2008-02-01 00:18 . 2008-02-01 00:18 232 --ah----- C:\sqmdata09.sqm
2008-02-01 00:15 . 2008-02-01 00:15 244 --ah----- C:\sqmnoopt08.sqm
2008-02-01 00:15 . 2008-02-01 00:15 232 --ah----- C:\sqmdata08.sqm
2008-01-31 10:49 . 2008-01-31 10:49 <DIR> d-------- C:\Program Files\iPod
2008-01-31 01:40 . 2008-01-31 01:40 244 --ah----- C:\sqmnoopt07.sqm
2008-01-31 01:40 . 2008-01-31 01:40 232 --ah----- C:\sqmdata07.sqm
2008-01-31 01:35 . 2008-01-31 01:35 244 --ah----- C:\sqmnoopt06.sqm
2008-01-31 01:35 . 2008-01-31 01:35 232 --ah----- C:\sqmdata06.sqm
2008-01-30 12:54 . 2008-01-30 12:54 244 --ah----- C:\sqmnoopt05.sqm
2008-01-30 12:54 . 2008-01-30 12:54 232 --ah----- C:\sqmdata05.sqm
2008-01-30 00:00 . 2008-01-30 00:00 244 --ah----- C:\sqmnoopt04.sqm
2008-01-30 00:00 . 2008-01-30 00:00 232 --ah----- C:\sqmdata04.sqm
2008-01-29 23:29 . 2008-01-29 23:29 244 --ah----- C:\sqmnoopt03.sqm
2008-01-29 23:29 . 2008-01-29 23:29 232 --ah----- C:\sqmdata03.sqm
2008-01-29 23:26 . 2008-01-29 23:26 244 --ah----- C:\sqmnoopt02.sqm
2008-01-29 23:26 . 2008-01-29 23:26 232 --ah----- C:\sqmdata02.sqm
2008-01-28 03:25 . 2008-01-28 03:25 244 --ah----- C:\sqmnoopt01.sqm
2008-01-28 03:25 . 2008-01-28 03:25 232 --ah----- C:\sqmdata01.sqm
2008-01-24 00:33 . 2008-01-24 00:33 <DIR> d--h----- C:\BJPrinter
2008-01-24 00:33 . 2002-11-09 08:00 88,576 --a------ C:\WINDOWS\system32\CNMLM4o.DLL
2008-01-24 00:33 . 2002-10-03 18:23 73,728 -ra------ C:\WINDOWS\system32\CNMCP4o.exe
2008-01-24 00:33 . 2002-11-09 08:00 5,632 --a------ C:\WINDOWS\system32\CNMVS4o.DLL
2008-01-24 00:29 . 2008-01-24 00:33 <DIR> d-------- C:\Temp\i70_2KXP_v163
2008-01-24 00:29 . 2008-01-24 00:33 <DIR> d-------- C:\Temp\Canon_i70_2KXP_v163
2008-01-24 00:29 . 2008-01-24 00:29 <DIR> d-------- C:\Temp
2008-01-24 00:20 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-24 00:20 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-23 00:53 . 2008-01-23 00:53 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\DivX
2008-01-23 00:52 . 2008-01-23 00:52 <DIR> d-------- C:\Program Files\DivX
2008-01-23 00:45 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-01-23 00:45 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-01-23 00:45 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-01-22 11:20 . 2008-01-22 11:20 <DIR> d-------- C:\Program Files\Xvid
2008-01-22 11:20 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-22 11:20 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-22 11:20 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-21 23:42 . 2008-01-21 23:42 <DIR> d-------- C:\Program Files\Gabest
2008-01-21 23:24 . 2008-01-21 23:24 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\BSplayer Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 22:16 --------- d-----w C:\Program Files\Launch Manager
2008-02-15 22:15 --------- d-----w C:\Program Files\iTunes
2008-02-15 22:15 --------- d-----w C:\Program Files\Google
2008-02-15 22:13 --------- d-----w C:\Program Files\Arcade
2008-02-12 01:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 20:55 --------- d-----w C:\Documents and Settings\Tony\Application Data\Apple Computer
2008-01-31 15:47 --------- d-----w C:\Program Files\QuickTime
2008-01-21 18:17 --------- d-----w C:\Program Files\BitSpirit
2008-01-19 06:24 --------- d-s---w C:\Documents and Settings\All Users\Application Data\Memeo
2008-01-18 05:56 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-18 05:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-17 02:39 --------- d-----w C:\Documents and Settings\Tony\Application Data\BitSpirit
2008-01-15 05:16 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-15 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 02:01 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-15 02:01 --------- d-----w C:\Program Files\Apple Software Update
2008-01-15 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-14 08:58 --------- d-----w C:\Program Files\Windows Journal Viewer
2008-01-14 07:34 --------- d-----w C:\Program Files\Logitech
2008-01-14 07:34 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-14 05:46 --------- d-----w C:\Program Files\Western Digital
2008-01-14 05:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-14 05:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-14 05:41 --------- d-----w C:\Program Files\Western Digital Technologies
2008-01-14 05:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-14 04:55 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-14 04:30 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-14 04:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-14 04:10 --------- d-----w C:\Program Files\Windows Live
2008-01-14 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-14 01:18 --------- d-----w C:\Program Files\Phoenix Technologies Ltd
2008-01-14 01:17 --------- d-----w C:\Program Files\Synaptics
2008-01-14 01:16 --------- d-----w C:\Program Files\sisagp
2008-01-14 01:16 --------- d-----w C:\Program Files\SiS VGA Utilities V3.65f
2008-01-14 01:14 --------- d-----w C:\Program Files\Realtek AC97
2008-01-14 01:09 --------- d-----w C:\Program Files\CyberLink
2008-01-14 01:06 --------- d-----w C:\Program Files\WIDCOMM
2008-01-14 01:05 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-14 00:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-10-03 07:43 2,402,550 ----a-w C:\WINDOWS\inf\SET337.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-12 02:19 287040]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 10:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-02-23 11:04 315392]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 577536 C:\WINDOWS\soundman.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-05-25 15:38:42 565309]
Powerword 2003.lnk - C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE [2008-02-11 20:34:32 823296]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-01-13 20:16:09 331776]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 16:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef68e81-c25f-11dc-bd5e-00c09fb89fe6}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 00:48:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-21 06:59:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 02:40:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Kingsoft\Powerword 2003\Cjktl32.dll
.
Completion time: 2008-02-21 2:41:01
ComboFix-quarantined-files.txt 2008-02-21 07:40:44
ComboFix2.txt 2008-02-21 06:48:34
ComboFix3.txt 2008-02-17 22:25:22
ComboFix4.txt 2008-02-15 06:12:44
.
2008-02-15 07:32:40 --- E O F ---


-------------------------------

I don't have any idea what that G:\3g08.bat is. I really don't think it is my external hard drive as I haven't used it in months.

 

[nether_dragon]

At the time this problem began, I didn't have any external attachments. Is it possible that a virus could have attached itself to a drive that only exists when something else is attached so as not to be found easily?

 

[Ried]

Did you by any chance use someone else's usb stick? If so, then the file is not on any of your removable devices.

Go ahead and run the script so we can get rid of the mountpoint. Then please perform the online scan at Kaspersky to search for remnants. Post both the C:\ComboFix.txt and the Kaspersky results in your next reply?