Solved: Back, this time with Virtumonde.sci nibbling at my toes!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Dantesgirl

Thread Starter
Joined
Sep 25, 2008
Messages
89
God, you people must be sick of me. :p

A few days ago, I ran some routine scans and found that Spybot S&D has detected Virtumonde.sci. Ever since, I've been trying to get rid of it, but to no avail.

Luckily, the only thing I've noticed it has done is consume CPU Usage - I'm using FireFox and so far, there have been no pop-ups.

For the sake of convenience, here is a list of things I have done to try and remove this nasty bug:
+ Deleted suspicious looking files myself with HijackThis - didn't work, Virtumonde has a DLL file which relaunches these files upon reboot.
+ Scanned with Ad-Aware - nothing found.
+ Scanned with MalwareBytes (usually very reliable) - nothing found.
+ Scanned with Spyware Doctor (also usually very reliable) - nothing found.
+ Scanned with Spybot S&D - the only scanner that identified Virtumonde.sci, but cannot permanently remove due to that pesky DLL file.
+ Scanned with VundoFix - nothing found.
+ Scanned with Symantec's Virtumonde Removal Tool - received C++ error upon scanning, Task Manager couldn't end it so I had to log off. (A sign maybe?)
+ Scanned with Spybot S&D during Safe Mode - found Virtumonde.sci again, but still couldn't permanently remove it.
+ Scanned with Ad-Aware during Safe Mode - nothing found.
+ Scanned with MalwareBytes during Safe Mode - nothing found.
+ Scanned with Spyware Doctor during Safe Mode - nothing found.

I haven't tried ComboFix.exe just yet because I would very much prefer to be guided on its use by a professiona. Some of the warnings it carries has put me off using it independently, so I thought I'd come and bug you nice people. :D

As you can tell from my list, I'm pretty frustrated and feel that I've run out of options. Below is my recent HijackThis log and a start-up list, I hope this helps.

Again, for the sake of convenience, here are the two files that I tried to remove using HijackThis as they looked suspicious:
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)

Please note:
'O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)' Didn't appear until after I tried to remove Virtumonde.sci with Spybot S&D during Safe Mode, is there a particular reason for this?

Help is very much appreciated, thank you. :)
 

Attachments

Dantesgirl

Thread Starter
Joined
Sep 25, 2008
Messages
89
I've waited two days and nothing, can nobody help me out?

Fresh log attached.

ANOTHER EDIT: Finally read some guides and did a Combofix scan, the results are attached.
 

Attachments

Dantesgirl

Thread Starter
Joined
Sep 25, 2008
Messages
89
What do I have to do to get a response? I'm really frustrated here!

ANOTHER fresh log, hopefully 3rd time'll be the charm.
 

Attachments

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,249
Please do not attach the logs unless it's necessary because they are too big to fit in one post or you've been instructed to.

Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe Stock Photos 1.0
AIM 6
AppCore
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Belkin Wireless G Plus MIMO USB Network Adapter
Bonjour
ccCommon
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Component Framework
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
CyberLink YouCam
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.40 D3
HP Total Care Advisor
HP Update
HP User Guides 0110
HP Wireless Assistant
HPNetworkAssistant
InterVideo DeviceService
iTunes
Java(TM) 6 Update 4
Java(TM) 6 Update 7
LabelPrint
LightScribe System Software 1.14.25.1
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
muvee autoProducer 6.1
My HP Games
NetWaiting
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
OpenOffice.org 2.4
Pen Tablet
Power2Go
PowerDirector
QuickPlay SlingPlayer 0.4.6
QuickTime
Rapidown 5.9 SE - http://www.rapidown.com
Realtek USB 2.0 Card Reader
Skype™ 3.6
SPBBC 32bit
Spybot - Search & Destroy
Spyware Doctor 6.0
Symantec Real Time Storage Protection Component
Synaptics Pointing Device Driver
System Requirements Lab
Ulead VideoStudio 11
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
VeohTV BETA
Viewpoint Media Player
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 12.0
World of Warcraft
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,249
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:43, on 10/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Rapidown\rapidown.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\Geek.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13614 bytes
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,249
ComboFix 08-10-08.05 - Natalie 2008-10-10 1:03:00.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.857 [GMT 1:00]
Running from: C:\Users\Natalie\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 )))))))))))))))))))))))))))))))
.

2008-10-08 19:33 . 2008-10-08 19:33 <DIR> d-------- C:\Windows\Noslip
2008-10-08 19:33 . 2008-10-08 19:34 296 --a------ C:\Windows\ULEAD32.INI
2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Uniblue
2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d--h-c--- C:\Users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d--h-c--- C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-05 18:03 . 2008-10-08 01:28 <DIR> d-------- C:\Program Files\BHODemon 2
2008-10-05 17:41 . 2008-10-05 17:41 <DIR> d-------- C:\VundoFix Backups
2008-10-05 17:08 . 2008-10-05 17:08 <DIR> d-------- C:\WTablet
2008-10-04 20:19 . 2008-10-04 20:19 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-10-04 00:08 . 2008-10-04 00:08 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-10-03 19:44 . 2008-10-03 19:44 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
2008-10-01 00:05 . 2008-10-09 16:33 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\OpenOffice.org2
2008-10-01 00:01 . 2008-10-01 00:01 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-09-30 17:56 . 2008-10-08 01:28 <DIR> d-------- C:\Program Files\Rapidown
2008-09-30 05:52 . 2008-09-30 05:52 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\WildTangent
2008-09-29 21:30 . 2008-09-29 21:30 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-29 21:09 . 2008-09-29 21:09 <DIR> d-------- C:\_OTMoveIt
2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\DivX
2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Program Files\DivX
2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-09-27 02:47 . 2008-10-09 16:32 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\WTablet
2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\Users\All Users\AppData
2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\ProgramData\AppData
2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\Program Files\TabletPen
2008-09-27 02:47 . 2007-09-07 19:07 2,684,200 --------- C:\Windows\System32\PenTablet.cpl
2008-09-27 02:47 . 2007-09-07 19:04 1,380,680 --------- C:\Windows\System32\PenTablet.znc
2008-09-27 02:46 . 2007-02-16 01:11 11,440 --a------ C:\Windows\System32\drivers\WacomVKHid.sys
2008-09-27 02:44 . 2008-09-27 02:44 <DIR> d-------- C:\Windows\System32\WTablet
2008-09-27 02:44 . 2008-09-27 02:46 <DIR> d-------- C:\Program Files\Tablet
2008-09-27 02:44 . 2007-09-07 19:16 1,373,480 --------- C:\Windows\System32\Pen_Tablet.exe
2008-09-27 02:44 . 2007-09-07 18:55 181,544 --------- C:\Windows\System32\Wintab32.dll
2008-09-27 02:44 . 2007-09-07 19:09 128,296 --------- C:\Windows\System32\Pen_Tablet.dll
2008-09-27 02:44 . 2007-02-16 19:30 12,848 --a------ C:\Windows\System32\drivers\wacomvhid.sys
2008-09-27 02:44 . 2007-02-16 20:12 11,312 --a------ C:\Windows\System32\drivers\wacommousefilter.sys
2008-09-27 01:07 . 2008-09-27 01:07 <DIR> d-------- C:\Program Files\Activision
2008-09-27 00:41 . 2008-09-27 00:41 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Ulead Systems
2008-09-27 00:39 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Searches
2008-09-27 00:39 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Contacts
2008-09-27 00:39 . 2008-09-27 00:39 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Symantec
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Videos
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Saved Games
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Pictures
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Music
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Links
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Downloads
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Documents
2008-09-27 00:38 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Media Center Programs
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> d--h----- C:\Users\Guest\AppData
2008-09-27 00:38 . 2008-10-08 01:28 <DIR> d-------- C:\Users\Guest
2008-09-26 17:30 . 2008-09-27 00:41 <DIR> d-------- C:\Program Files\World of Warcraft
2008-09-26 17:30 . 2008-09-26 17:31 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-26 03:20 . 2008-09-26 03:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Malwarebytes
2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-26 02:47 . 2008-09-29 02:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-26 02:47 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-26 02:47 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-26 02:31 . 2008-09-26 02:31 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-09-26 02:31 . 2008-09-26 02:31 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-26 02:30 . 2008-09-26 16:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-26 02:19 . 2008-09-26 02:22 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-26 02:19 . 2008-09-26 02:22 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-26 02:19 . 2008-09-26 02:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-26 01:13 . 2008-10-09 16:57 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-26 01:13 . 2008-06-10 21:22 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-09-26 01:13 . 2008-06-02 15:19 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-09-26 01:13 . 2008-06-02 15:19 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-09-26 01:13 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-09-26 01:05 . 2008-10-09 18:08 <DIR> d-------- C:\Users\All Users\Google Updater
2008-09-26 01:05 . 2008-10-09 18:08 <DIR> d-------- C:\ProgramData\Google Updater
2008-09-26 01:05 . 2008-09-26 01:05 <DIR> d-------- C:\Program Files\Google
2008-09-26 00:48 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-09-26 00:27 . 2008-09-26 00:27 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\PC Tools
2008-09-26 00:27 . 2008-10-10 01:01 <DIR> d-a------ C:\Users\All Users\TEMP
2008-09-26 00:27 . 2008-10-10 01:01 <DIR> d-a------ C:\ProgramData\TEMP
2008-09-25 23:32 . 2008-09-25 23:53 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Ulead Systems
2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\Users\All Users\InterVideo
2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\ProgramData\InterVideo
2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-09-25 23:30 . 2007-03-06 11:58 210,456 --a------ C:\Windows\System32\IVIresizeW7.dll
2008-09-25 23:30 . 2007-03-06 11:58 206,360 --a------ C:\Windows\System32\IVIresizeA6.dll
2008-09-25 23:30 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeP6.dll
2008-09-25 23:30 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeM6.dll
2008-09-25 23:30 . 2007-03-06 11:58 194,072 --a------ C:\Windows\System32\IVIresizePX.dll
2008-09-25 23:30 . 2007-03-06 11:58 26,136 --a------ C:\Windows\System32\IVIresize.dll
2008-09-25 23:29 . 2008-09-25 23:29 <DIR> d-------- C:\Program Files\Windows Media Components
2008-09-25 23:27 . 2008-10-08 01:28 <DIR> d-------- C:\Users\All Users\Ulead Systems
2008-09-25 23:27 . 2008-10-08 01:28 <DIR> d-------- C:\ProgramData\Ulead Systems
2008-09-25 23:27 . 2008-09-25 23:29 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-09-25 23:25 . 2008-10-08 19:33 <DIR> d-------- C:\Program Files\Ulead Systems
2008-09-25 23:09 . 2005-11-24 12:51 245,248 --a------ C:\Windows\System32\drivers\rt73.sys
2008-09-25 23:08 . 2008-09-25 23:08 <DIR> d-------- C:\Program Files\Belkin
2008-09-25 23:08 . 2004-04-30 15:12 40,960 --a------ C:\Windows\System32\F5D9050.dll
2008-09-25 19:08 . 2008-09-25 19:08 <DIR> d-------- C:\Users\All Users\Windows Genuine Advantage
2008-09-25 02:13 . 2008-09-25 02:13 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-09-25 02:13 . 2008-09-25 02:13 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-09-24 23:50 . 2008-10-03 17:36 <DIR> d-------- C:\Users\Natalie\dwhelper
2008-09-24 22:36 . 2008-09-24 22:36 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-09-24 22:30 . 2008-09-24 22:30 <DIR> d-------- C:\Users\All Users\LightScribe
2008-09-24 22:30 . 2008-09-24 22:30 <DIR> d-------- C:\ProgramData\LightScribe
2008-09-24 21:27 . 2008-09-24 21:56 <DIR> d-------- C:\Temp
2008-09-24 20:37 . 2008-07-12 13:30 47 --a------ C:\Windows\System32\readme.bat
2008-09-24 19:31 . 2008-09-24 19:33 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-24 19:31 . 2008-09-24 19:33 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-24 19:31 . 2008-09-24 19:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-24 19:30 . 2008-09-26 16:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 19:27 . 2008-09-24 19:27 <DIR> d-------- C:\Users\All Users\Adobe Systems
2008-09-24 19:27 . 2008-09-24 19:27 <DIR> d-------- C:\ProgramData\Adobe Systems
2008-09-24 19:23 . 2008-09-24 19:23 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-24 02:44 . 2008-09-24 02:44 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-09-24 02:44 . 2008-09-24 02:44 <DIR> d-------- C:\ProgramData\FLEXnet
2008-09-24 02:06 . 2008-09-24 02:06 <DIR> d-------- C:\Users\All Users\Messenger Plus!
2008-09-24 02:06 . 2008-09-24 02:06 <DIR> d-------- C:\ProgramData\Messenger Plus!
2008-09-24 00:52 . 2008-09-24 00:52 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Template
2008-09-24 00:52 . 2008-10-02 00:19 702 --a------ C:\Users\Natalie\AppData\Roaming\wklnhst.dat
2008-09-23 23:34 . 2008-09-23 23:34 <DIR> d-------- C:\Program Files\Veoh Networks
2008-09-23 21:05 . 2008-09-24 00:48 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Azureus
2008-09-23 21:05 . 2008-09-23 21:05 <DIR> d-------- C:\Users\All Users\Azureus
2008-09-23 21:05 . 2008-09-23 21:05 <DIR> d-------- C:\ProgramData\Azureus
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\SystemRequirementsLab
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-09-23 20:35 . 2008-09-23 20:35 <DIR> d-------- C:\Windows\Sun
2008-09-23 19:49 . 2008-09-23 20:13 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\CyberLink
2008-09-23 19:44 . 2008-09-23 19:44 <DIR> d----c--- C:\Windows\System32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 15:32 56,957 ----a-w C:\Users\All Users\nvModes.dat
2008-10-09 15:32 56,957 ----a-w C:\ProgramData\nvModes.dat
2008-10-08 18:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-30 23:00 --------- d-----w C:\Program Files\Java
2008-09-30 17:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-30 04:54 --------- d-----w C:\ProgramData\WildTangent
2008-09-26 16:43 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-09-26 16:43 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-09-26 16:43 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-09-26 16:43 --------- d-----w C:\Program Files\Symantec
2008-09-26 16:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-26 15:30 --------- d-----w C:\ProgramData\Symantec
2008-09-24 18:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-23 17:28 --------- d-----w C:\ProgramData\CyberLink
2008-09-23 15:35 --------- d-----w C:\Program Files\Windows Mail
2008-09-16 00:12 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-08-29 09:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 92704]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-04-02 468264]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-07 51048]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
BHODemon 2.0.lnk - C:\Program Files\BHODemon 2\BHODemon.exe [2005-06-19 946176]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
Rapidown.lnk - C:\Program Files\Rapidown\rapidown.exe [2008-09-30 1044992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-09-11 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{73DCAADE-7627-4A60-8086-FF24BB17F1EB}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{2F027587-83B6-45B1-BB62-3CA8EF66ABBA}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{D0C40AC4-6AEC-4CB1-8E4D-BB41A513DE82}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8D7A5FAD-4221-4887-8932-355D9ED791D9}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3137D307-CCAE-4112-94B6-5641398A88CB}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{42B90F95-FF38-4ACE-ABDC-64E89E5BEAFF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{902A2ADF-D21B-403B-AD1B-BE1839E3A278}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{40307A1A-8E93-426F-BA00-99DD6600A1D4}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6AB25FE0-88B1-4987-97FA-C54343C65C94}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9A7ADBC0-94A4-4929-B78F-E9C5FD8E7195}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081003.001\IDSvix86.sys [2008-09-12 270384]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-07 149864]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-04-17 203776]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-05-03 42528]
R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\system32\drivers\RTSTOR.SYS [2008-04-22 62976]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-09-23 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Natalie.job
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 13:05]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\fcgbzlxs.default\
FF -: plugin - C:\Program Files\Google\Google Updater\2.3.1334.1308\npCIDetect13.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 01:10:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-10 1:12:37
ComboFix-quarantined-files.txt 2008-10-10 00:12:28
ComboFix2.txt 2008-10-09 23:58:58

Pre-Run: 118,462,205,952 bytes free
Post-Run: 118,431,547,392 bytes free

293 --- E O F --- 2008-10-02 16:55:37
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,249
Would you also please post the log from the first run of ComboFix. It will be named ComboFix2.txt.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,249
Go to Control Panel - Add/Remove programs and remove:

Java(TM) 6 Update 4
Viewpoint Media Player



Read here about Rapidown. I recommend uninstalling it but it's up to you:

Rapidown
http://www.systemlookup.com/CLSID/488-rapi310_dll.html

Delete these two folders:

Folder::
C:\Users\Natalie\AppData\Roaming\WildTangent
C:\ProgramData\WildTangent


After doing the above, reboot and post a new HijackThis log please.
 

Dantesgirl

Thread Starter
Joined
Sep 25, 2008
Messages
89
Thanks for the reply.

I did everything you said, but I already uninstalled Rapidown yesterday as it was quite a nuisance. I have my desktop icons set up in a particular order and upon start-up, Rapidown would automatically run and create a new desktop icon, something that annoyed me. Also, when I went to uninstall it via Control Panel, it would just start up again. It took me around a week to figure out how to uninstall it - through the program's own 'options' menu.

I've searched my computer and I can't find the second ComboFix log, sorry. I thought it just brought up a list of items on your computer like HijackThis, I didn't think it automatically fixed some things.

Here's the fresh HJT log as requested:

--
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:39, on 13/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\Geek.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13223 bytes
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,249
I'm sorry, I should have been more specific. You should find the ComboFix log in this location:

C:\qoobox\ComboFix2.txt
 

Dantesgirl

Thread Starter
Joined
Sep 25, 2008
Messages
89
Found it, I just checked in C:\

Here's the first ComboFix log:

--
ComboFix 08-10-08.05 - Natalie 2008-10-10 0:48:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.918 [GMT 1:00]
Running from: C:\Users\Natalie\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.

2008-10-08 19:33 . 2008-10-08 19:33 <DIR> d-------- C:\Windows\Noslip
2008-10-08 19:33 . 2008-10-08 19:34 296 --a------ C:\Windows\ULEAD32.INI
2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Uniblue
2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d--h-c--- C:\Users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d--h-c--- C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-05 18:03 . 2008-10-08 01:28 <DIR> d-------- C:\Program Files\BHODemon 2
2008-10-05 17:41 . 2008-10-05 17:41 <DIR> d-------- C:\VundoFix Backups
2008-10-05 17:08 . 2008-10-05 17:08 <DIR> d-------- C:\WTablet
2008-10-04 20:19 . 2008-10-04 20:19 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-10-04 00:08 . 2008-10-04 00:08 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-10-03 19:44 . 2008-10-03 19:44 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
2008-10-01 00:05 . 2008-10-09 16:33 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\OpenOffice.org2
2008-10-01 00:01 . 2008-10-01 00:01 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-09-30 17:56 . 2008-10-08 01:28 <DIR> d-------- C:\Program Files\Rapidown
2008-09-30 05:52 . 2008-09-30 05:52 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\WildTangent
2008-09-29 21:30 . 2008-09-29 21:30 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-29 21:09 . 2008-09-29 21:09 <DIR> d-------- C:\_OTMoveIt
2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\DivX
2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Program Files\DivX
2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-09-27 02:47 . 2008-10-09 16:32 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\WTablet
2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\Users\All Users\AppData
2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\ProgramData\AppData
2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\Program Files\TabletPen
2008-09-27 02:47 . 2007-09-07 19:07 2,684,200 --------- C:\Windows\System32\PenTablet.cpl
2008-09-27 02:47 . 2007-09-07 19:04 1,380,680 --------- C:\Windows\System32\PenTablet.znc
2008-09-27 02:46 . 2007-02-16 01:11 11,440 --a------ C:\Windows\System32\drivers\WacomVKHid.sys
2008-09-27 02:44 . 2008-09-27 02:44 <DIR> d-------- C:\Windows\System32\WTablet
2008-09-27 02:44 . 2008-09-27 02:46 <DIR> d-------- C:\Program Files\Tablet
2008-09-27 02:44 . 2007-09-07 19:16 1,373,480 --------- C:\Windows\System32\Pen_Tablet.exe
2008-09-27 02:44 . 2007-09-07 18:55 181,544 --------- C:\Windows\System32\Wintab32.dll
2008-09-27 02:44 . 2007-09-07 19:09 128,296 --------- C:\Windows\System32\Pen_Tablet.dll
2008-09-27 02:44 . 2007-02-16 19:30 12,848 --a------ C:\Windows\System32\drivers\wacomvhid.sys
2008-09-27 02:44 . 2007-02-16 20:12 11,312 --a------ C:\Windows\System32\drivers\wacommousefilter.sys
2008-09-27 01:07 . 2008-09-27 01:07 <DIR> d-------- C:\Program Files\Activision
2008-09-27 00:41 . 2008-09-27 00:41 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Ulead Systems
2008-09-27 00:39 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Searches
2008-09-27 00:39 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Contacts
2008-09-27 00:39 . 2008-09-27 00:39 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Symantec
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Videos
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Saved Games
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Pictures
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Music
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Links
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Downloads
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Documents
2008-09-27 00:38 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Media Center Programs
2008-09-27 00:38 . 2008-09-27 00:39 <DIR> d--h----- C:\Users\Guest\AppData
2008-09-27 00:38 . 2008-10-08 01:28 <DIR> d-------- C:\Users\Guest
2008-09-26 17:30 . 2008-09-27 00:41 <DIR> d-------- C:\Program Files\World of Warcraft
2008-09-26 17:30 . 2008-09-26 17:31 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-26 03:20 . 2008-09-26 03:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Malwarebytes
2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-26 02:47 . 2008-09-29 02:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-26 02:47 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-26 02:47 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-26 02:31 . 2008-09-26 02:31 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-09-26 02:31 . 2008-09-26 02:31 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-26 02:30 . 2008-09-26 16:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-26 02:19 . 2008-09-26 02:22 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-26 02:19 . 2008-09-26 02:22 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-26 02:19 . 2008-09-26 02:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-26 01:13 . 2008-10-09 16:57 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-26 01:13 . 2008-06-10 21:22 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-09-26 01:13 . 2008-06-02 15:19 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-09-26 01:13 . 2008-06-02 15:19 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-09-26 01:13 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-09-26 01:05 . 2008-10-09 18:08 <DIR> d-------- C:\Users\All Users\Google Updater
2008-09-26 01:05 . 2008-10-09 18:08 <DIR> d-------- C:\ProgramData\Google Updater
2008-09-26 01:05 . 2008-09-26 01:05 <DIR> d-------- C:\Program Files\Google
2008-09-26 00:48 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-09-26 00:27 . 2008-09-26 00:27 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\PC Tools
2008-09-26 00:27 . 2008-10-10 00:44 <DIR> d-a------ C:\Users\All Users\TEMP
2008-09-26 00:27 . 2008-10-10 00:44 <DIR> d-a------ C:\ProgramData\TEMP
2008-09-25 23:32 . 2008-09-25 23:53 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Ulead Systems
2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\Users\All Users\InterVideo
2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\ProgramData\InterVideo
2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-09-25 23:30 . 2007-03-06 11:58 210,456 --a------ C:\Windows\System32\IVIresizeW7.dll
2008-09-25 23:30 . 2007-03-06 11:58 206,360 --a------ C:\Windows\System32\IVIresizeA6.dll
2008-09-25 23:30 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeP6.dll
2008-09-25 23:30 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeM6.dll
2008-09-25 23:30 . 2007-03-06 11:58 194,072 --a------ C:\Windows\System32\IVIresizePX.dll
2008-09-25 23:30 . 2007-03-06 11:58 26,136 --a------ C:\Windows\System32\IVIresize.dll
2008-09-25 23:29 . 2008-09-25 23:29 <DIR> d-------- C:\Program Files\Windows Media Components
2008-09-25 23:27 . 2008-10-08 01:28 <DIR> d-------- C:\Users\All Users\Ulead Systems
2008-09-25 23:27 . 2008-10-08 01:28 <DIR> d-------- C:\ProgramData\Ulead Systems
2008-09-25 23:27 . 2008-09-25 23:29 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-09-25 23:25 . 2008-10-08 19:33 <DIR> d-------- C:\Program Files\Ulead Systems
2008-09-25 23:09 . 2005-11-24 12:51 245,248 --a------ C:\Windows\System32\drivers\rt73.sys
2008-09-25 23:08 . 2008-09-25 23:08 <DIR> d-------- C:\Program Files\Belkin
2008-09-25 23:08 . 2004-04-30 15:12 40,960 --a------ C:\Windows\System32\F5D9050.dll
2008-09-25 19:08 . 2008-09-25 19:08 <DIR> d-------- C:\Users\All Users\Windows Genuine Advantage
2008-09-25 02:13 . 2008-09-25 02:13 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-09-25 02:13 . 2008-09-25 02:13 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-09-24 23:50 . 2008-10-03 17:36 <DIR> d-------- C:\Users\Natalie\dwhelper
2008-09-24 22:36 . 2008-09-24 22:36 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-09-24 22:30 . 2008-09-24 22:30 <DIR> d-------- C:\Users\All Users\LightScribe
2008-09-24 22:30 . 2008-09-24 22:30 <DIR> d-------- C:\ProgramData\LightScribe
2008-09-24 21:27 . 2008-09-24 21:56 <DIR> d-------- C:\Temp
2008-09-24 20:37 . 2008-07-12 13:30 47 --a------ C:\Windows\System32\readme.bat
2008-09-24 19:31 . 2008-09-24 19:33 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-24 19:31 . 2008-09-24 19:33 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-24 19:31 . 2008-09-24 19:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-24 19:30 . 2008-09-26 16:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 19:27 . 2008-09-24 19:27 <DIR> d-------- C:\Users\All Users\Adobe Systems
2008-09-24 19:27 . 2008-09-24 19:27 <DIR> d-------- C:\ProgramData\Adobe Systems
2008-09-24 19:23 . 2008-09-24 19:23 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-24 02:44 . 2008-09-24 02:44 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-09-24 02:44 . 2008-09-24 02:44 <DIR> d-------- C:\ProgramData\FLEXnet
2008-09-24 02:06 . 2008-09-24 02:06 <DIR> d-------- C:\Users\All Users\Messenger Plus!
2008-09-24 02:06 . 2008-09-24 02:06 <DIR> d-------- C:\ProgramData\Messenger Plus!
2008-09-24 00:52 . 2008-09-24 00:52 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Template
2008-09-24 00:52 . 2008-10-02 00:19 702 --a------ C:\Users\Natalie\AppData\Roaming\wklnhst.dat
2008-09-23 23:34 . 2008-09-23 23:34 <DIR> d-------- C:\Program Files\Veoh Networks
2008-09-23 21:05 . 2008-09-24 00:48 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Azureus
2008-09-23 21:05 . 2008-09-23 21:05 <DIR> d-------- C:\Users\All Users\Azureus
2008-09-23 21:05 . 2008-09-23 21:05 <DIR> d-------- C:\ProgramData\Azureus
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\SystemRequirementsLab
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-09-23 20:35 . 2008-09-23 20:35 <DIR> d-------- C:\Windows\Sun
2008-09-23 19:49 . 2008-09-23 20:13 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\CyberLink
2008-09-23 19:44 . 2008-09-23 19:44 <DIR> d----c--- C:\Windows\System32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 15:32 56,957 ----a-w C:\Users\All Users\nvModes.dat
2008-10-09 15:32 56,957 ----a-w C:\ProgramData\nvModes.dat
2008-10-08 18:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-30 23:00 --------- d-----w C:\Program Files\Java
2008-09-30 17:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-30 04:54 --------- d-----w C:\ProgramData\WildTangent
2008-09-26 16:43 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-09-26 16:43 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-09-26 16:43 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-09-26 16:43 --------- d-----w C:\Program Files\Symantec
2008-09-26 16:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-26 15:30 --------- d-----w C:\ProgramData\Symantec
2008-09-24 18:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-23 17:28 --------- d-----w C:\ProgramData\CyberLink
2008-09-23 15:35 --------- d-----w C:\Program Files\Windows Mail
2008-09-16 00:12 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-08-29 09:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 92704]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-04-02 468264]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-07 51048]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
BHODemon 2.0.lnk - C:\Program Files\BHODemon 2\BHODemon.exe [2005-06-19 946176]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
Rapidown.lnk - C:\Program Files\Rapidown\rapidown.exe [2008-09-30 1044992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-09-11 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{73DCAADE-7627-4A60-8086-FF24BB17F1EB}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{2F027587-83B6-45B1-BB62-3CA8EF66ABBA}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{D0C40AC4-6AEC-4CB1-8E4D-BB41A513DE82}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8D7A5FAD-4221-4887-8932-355D9ED791D9}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3137D307-CCAE-4112-94B6-5641398A88CB}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{42B90F95-FF38-4ACE-ABDC-64E89E5BEAFF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{902A2ADF-D21B-403B-AD1B-BE1839E3A278}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{40307A1A-8E93-426F-BA00-99DD6600A1D4}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6AB25FE0-88B1-4987-97FA-C54343C65C94}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9A7ADBC0-94A4-4929-B78F-E9C5FD8E7195}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081003.001\IDSvix86.sys [2008-09-12 270384]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-07 149864]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-04-17 203776]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-05-03 42528]
R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\system32\drivers\RTSTOR.SYS [2008-04-22 62976]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-09-23 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Natalie.job
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 13:05]
.
- - - - ORPHANS REMOVED - - - -

BHO-{140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
HKLM-Run-F5D9050 - C:\Program Files\Belkin\F5D9050\Belkinwcui.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\fcgbzlxs.default\
FF -: plugin - C:\Program Files\Google\Google Updater\2.3.1334.1308\npCIDetect13.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 00:56:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-10 0:58:56
ComboFix-quarantined-files.txt 2008-10-09 23:58:47

Pre-Run: 119,182,000,128 bytes free
Post-Run: 118,844,477,440 bytes free

295 --- E O F --- 2008-10-02 16:55:37
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,249
OK, thanks.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version (it's the fifith one down the list :

Java Runtime Environment (JRE) 6 Update 7


Instructions for Kaspersky scan:

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
 

Dantesgirl

Thread Starter
Joined
Sep 25, 2008
Messages
89
I've been doing the scan for over an hour and a half and so far it's only at 18%.

Would there be an alternative to this scan or will I have to leave the laptop on overnight? I'm very tired.

EDIT: Scan went from 33% to finished immediately, confusing.

Anyway, here is the log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 14, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 14, 2008 00:28:33
Records in database: 1309715
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 150447
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:25:11


File name / Threat name / Threats count
C:\Users\Natalie\Downloads\setupxv.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.hx 1

The selected area was scanned.

ANOTHER EDIT: I just got two consecutive emails which I deleted immediately and refused to open. Here are the titles:

'Figght foreclosure'
'Don t let your lender forecclose'

Fair enough, whatever this thing is, it certainly has my details. What I want to know is that if I get rid of it, will I stop receiving these emails? Also, I've used my sister's PayPal account on this laptop, is there anyway this could compromise the account's security?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top