1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Back, this time with Virtumonde.sci nibbling at my toes!

Discussion in 'Virus & Other Malware Removal' started by Dantesgirl, Oct 7, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Dantesgirl

    Dantesgirl Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    89
    God, you people must be sick of me. :p

    A few days ago, I ran some routine scans and found that Spybot S&D has detected Virtumonde.sci. Ever since, I've been trying to get rid of it, but to no avail.

    Luckily, the only thing I've noticed it has done is consume CPU Usage - I'm using FireFox and so far, there have been no pop-ups.

    For the sake of convenience, here is a list of things I have done to try and remove this nasty bug:
    + Deleted suspicious looking files myself with HijackThis - didn't work, Virtumonde has a DLL file which relaunches these files upon reboot.
    + Scanned with Ad-Aware - nothing found.
    + Scanned with MalwareBytes (usually very reliable) - nothing found.
    + Scanned with Spyware Doctor (also usually very reliable) - nothing found.
    + Scanned with Spybot S&D - the only scanner that identified Virtumonde.sci, but cannot permanently remove due to that pesky DLL file.
    + Scanned with VundoFix - nothing found.
    + Scanned with Symantec's Virtumonde Removal Tool - received C++ error upon scanning, Task Manager couldn't end it so I had to log off. (A sign maybe?)
    + Scanned with Spybot S&D during Safe Mode - found Virtumonde.sci again, but still couldn't permanently remove it.
    + Scanned with Ad-Aware during Safe Mode - nothing found.
    + Scanned with MalwareBytes during Safe Mode - nothing found.
    + Scanned with Spyware Doctor during Safe Mode - nothing found.

    I haven't tried ComboFix.exe just yet because I would very much prefer to be guided on its use by a professiona. Some of the warnings it carries has put me off using it independently, so I thought I'd come and bug you nice people. :D

    As you can tell from my list, I'm pretty frustrated and feel that I've run out of options. Below is my recent HijackThis log and a start-up list, I hope this helps.

    Again, for the sake of convenience, here are the two files that I tried to remove using HijackThis as they looked suspicious:
    O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
    O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)

    Please note:
    'O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)' Didn't appear until after I tried to remove Virtumonde.sci with Spybot S&D during Safe Mode, is there a particular reason for this?

    Help is very much appreciated, thank you. :)
     

    Attached Files:

  2. Dantesgirl

    Dantesgirl Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    89
    I've waited two days and nothing, can nobody help me out?

    Fresh log attached.

    ANOTHER EDIT: Finally read some guides and did a Combofix scan, the results are attached.
     

    Attached Files:

  3. Dantesgirl

    Dantesgirl Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    89
    What do I have to do to get a response? I'm really frustrated here!

    ANOTHER fresh log, hopefully 3rd time'll be the charm.
     

    Attached Files:

  4. Dantesgirl

    Dantesgirl Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    89
  5. Dantesgirl

    Dantesgirl Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    89
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,247
    Please do not attach the logs unless it's necessary because they are too big to fit in one post or you've been instructed to.

    Activation Assistant for the 2007 Microsoft Office suites
    Ad-Aware
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 8.1.2
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    AIM 6
    AppCore
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    Belkin Wireless G Plus MIMO USB Network Adapter
    Bonjour
    ccCommon
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Component Framework
    Conexant HD Audio
    CyberLink DVD Suite
    CyberLink YouCam
    CyberLink YouCam
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    Google Updater
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    HijackThis 2.0.2
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.7
    HP Easy Setup - Frontend
    HP Help and Support
    HP Quick Launch Buttons 6.40 D3
    HP Total Care Advisor
    HP Update
    HP User Guides 0110
    HP Wireless Assistant
    HPNetworkAssistant
    InterVideo DeviceService
    iTunes
    Java(TM) 6 Update 4
    Java(TM) 6 Update 7
    LabelPrint
    LightScribe System Software 1.14.25.1
    LiveUpdate (Symantec Corporation)
    LiveUpdate (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Messenger Plus! Live
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox (3.0.3)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    muvee autoProducer 6.1
    My HP Games
    NetWaiting
    Norton AntiVirus
    Norton AntiVirus Help
    Norton Confidential Core
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    NVIDIA Drivers
    OpenOffice.org 2.4
    Pen Tablet
    Power2Go
    PowerDirector
    QuickPlay SlingPlayer 0.4.6
    QuickTime
    Rapidown 5.9 SE - http://www.rapidown.com
    Realtek USB 2.0 Card Reader
    Skype™ 3.6
    SPBBC 32bit
    Spybot - Search & Destroy
    Spyware Doctor 6.0
    Symantec Real Time Storage Protection Component
    Synaptics Pointing Device Driver
    System Requirements Lab
    Ulead VideoStudio 11
    Uniblue RegistryBooster 2009
    Uniblue RegistryBooster 2009
    VeohTV BETA
    Viewpoint Media Player
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Player Firefox Plugin
    WinRAR archiver
    WinZip 12.0
    World of Warcraft
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,247
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:22:43, on 10/10/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Rapidown\rapidown.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Trend Micro\HijackThis\Geek.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
    O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
    O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13614 bytes
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,247
    ComboFix 08-10-08.05 - Natalie 2008-10-10 1:03:00.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.857 [GMT 1:00]
    Running from: C:\Users\Natalie\Downloads\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 )))))))))))))))))))))))))))))))
    .

    2008-10-08 19:33 . 2008-10-08 19:33 <DIR> d-------- C:\Windows\Noslip
    2008-10-08 19:33 . 2008-10-08 19:34 296 --a------ C:\Windows\ULEAD32.INI
    2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Uniblue
    2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d--h-c--- C:\Users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d--h-c--- C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-10-05 18:03 . 2008-10-08 01:28 <DIR> d-------- C:\Program Files\BHODemon 2
    2008-10-05 17:41 . 2008-10-05 17:41 <DIR> d-------- C:\VundoFix Backups
    2008-10-05 17:08 . 2008-10-05 17:08 <DIR> d-------- C:\WTablet
    2008-10-04 20:19 . 2008-10-04 20:19 <DIR> d-------- C:\Program Files\Elaborate Bytes
    2008-10-04 00:08 . 2008-10-04 00:08 <DIR> d-------- C:\Program Files\Alcohol Soft
    2008-10-03 19:44 . 2008-10-03 19:44 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
    2008-10-01 00:05 . 2008-10-09 16:33 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\OpenOffice.org2
    2008-10-01 00:01 . 2008-10-01 00:01 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-09-30 17:56 . 2008-10-08 01:28 <DIR> d-------- C:\Program Files\Rapidown
    2008-09-30 05:52 . 2008-09-30 05:52 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\WildTangent
    2008-09-29 21:30 . 2008-09-29 21:30 <DIR> d-------- C:\Program Files\Common Files\Java
    2008-09-29 21:09 . 2008-09-29 21:09 <DIR> d-------- C:\_OTMoveIt
    2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\DivX
    2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Program Files\DivX
    2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
    2008-09-27 02:47 . 2008-10-09 16:32 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\WTablet
    2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\Users\All Users\AppData
    2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\ProgramData\AppData
    2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\Program Files\TabletPen
    2008-09-27 02:47 . 2007-09-07 19:07 2,684,200 --------- C:\Windows\System32\PenTablet.cpl
    2008-09-27 02:47 . 2007-09-07 19:04 1,380,680 --------- C:\Windows\System32\PenTablet.znc
    2008-09-27 02:46 . 2007-02-16 01:11 11,440 --a------ C:\Windows\System32\drivers\WacomVKHid.sys
    2008-09-27 02:44 . 2008-09-27 02:44 <DIR> d-------- C:\Windows\System32\WTablet
    2008-09-27 02:44 . 2008-09-27 02:46 <DIR> d-------- C:\Program Files\Tablet
    2008-09-27 02:44 . 2007-09-07 19:16 1,373,480 --------- C:\Windows\System32\Pen_Tablet.exe
    2008-09-27 02:44 . 2007-09-07 18:55 181,544 --------- C:\Windows\System32\Wintab32.dll
    2008-09-27 02:44 . 2007-09-07 19:09 128,296 --------- C:\Windows\System32\Pen_Tablet.dll
    2008-09-27 02:44 . 2007-02-16 19:30 12,848 --a------ C:\Windows\System32\drivers\wacomvhid.sys
    2008-09-27 02:44 . 2007-02-16 20:12 11,312 --a------ C:\Windows\System32\drivers\wacommousefilter.sys
    2008-09-27 01:07 . 2008-09-27 01:07 <DIR> d-------- C:\Program Files\Activision
    2008-09-27 00:41 . 2008-09-27 00:41 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Ulead Systems
    2008-09-27 00:39 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Searches
    2008-09-27 00:39 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Contacts
    2008-09-27 00:39 . 2008-09-27 00:39 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Symantec
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Videos
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Saved Games
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Pictures
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Music
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Links
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Downloads
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Documents
    2008-09-27 00:38 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Media Center Programs
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> d--h----- C:\Users\Guest\AppData
    2008-09-27 00:38 . 2008-10-08 01:28 <DIR> d-------- C:\Users\Guest
    2008-09-26 17:30 . 2008-09-27 00:41 <DIR> d-------- C:\Program Files\World of Warcraft
    2008-09-26 17:30 . 2008-09-26 17:31 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2008-09-26 03:20 . 2008-09-26 03:20 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Malwarebytes
    2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\Users\All Users\Malwarebytes
    2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\ProgramData\Malwarebytes
    2008-09-26 02:47 . 2008-09-29 02:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-26 02:47 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
    2008-09-26 02:47 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-09-26 02:31 . 2008-09-26 02:31 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
    2008-09-26 02:31 . 2008-09-26 02:31 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
    2008-09-26 02:30 . 2008-09-26 16:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-09-26 02:19 . 2008-09-26 02:22 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-09-26 02:19 . 2008-09-26 02:22 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-09-26 02:19 . 2008-09-26 02:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-09-26 01:13 . 2008-10-09 16:57 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-09-26 01:13 . 2008-06-10 21:22 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
    2008-09-26 01:13 . 2008-06-02 15:19 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
    2008-09-26 01:13 . 2008-06-02 15:19 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
    2008-09-26 01:13 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
    2008-09-26 01:05 . 2008-10-09 18:08 <DIR> d-------- C:\Users\All Users\Google Updater
    2008-09-26 01:05 . 2008-10-09 18:08 <DIR> d-------- C:\ProgramData\Google Updater
    2008-09-26 01:05 . 2008-09-26 01:05 <DIR> d-------- C:\Program Files\Google
    2008-09-26 00:48 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
    2008-09-26 00:27 . 2008-09-26 00:27 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\PC Tools
    2008-09-26 00:27 . 2008-10-10 01:01 <DIR> d-a------ C:\Users\All Users\TEMP
    2008-09-26 00:27 . 2008-10-10 01:01 <DIR> d-a------ C:\ProgramData\TEMP
    2008-09-25 23:32 . 2008-09-25 23:53 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Ulead Systems
    2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\Users\All Users\InterVideo
    2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\ProgramData\InterVideo
    2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\Program Files\Common Files\InterVideo
    2008-09-25 23:30 . 2007-03-06 11:58 210,456 --a------ C:\Windows\System32\IVIresizeW7.dll
    2008-09-25 23:30 . 2007-03-06 11:58 206,360 --a------ C:\Windows\System32\IVIresizeA6.dll
    2008-09-25 23:30 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeP6.dll
    2008-09-25 23:30 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeM6.dll
    2008-09-25 23:30 . 2007-03-06 11:58 194,072 --a------ C:\Windows\System32\IVIresizePX.dll
    2008-09-25 23:30 . 2007-03-06 11:58 26,136 --a------ C:\Windows\System32\IVIresize.dll
    2008-09-25 23:29 . 2008-09-25 23:29 <DIR> d-------- C:\Program Files\Windows Media Components
    2008-09-25 23:27 . 2008-10-08 01:28 <DIR> d-------- C:\Users\All Users\Ulead Systems
    2008-09-25 23:27 . 2008-10-08 01:28 <DIR> d-------- C:\ProgramData\Ulead Systems
    2008-09-25 23:27 . 2008-09-25 23:29 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
    2008-09-25 23:25 . 2008-10-08 19:33 <DIR> d-------- C:\Program Files\Ulead Systems
    2008-09-25 23:09 . 2005-11-24 12:51 245,248 --a------ C:\Windows\System32\drivers\rt73.sys
    2008-09-25 23:08 . 2008-09-25 23:08 <DIR> d-------- C:\Program Files\Belkin
    2008-09-25 23:08 . 2004-04-30 15:12 40,960 --a------ C:\Windows\System32\F5D9050.dll
    2008-09-25 19:08 . 2008-09-25 19:08 <DIR> d-------- C:\Users\All Users\Windows Genuine Advantage
    2008-09-25 02:13 . 2008-09-25 02:13 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
    2008-09-25 02:13 . 2008-09-25 02:13 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
    2008-09-24 23:50 . 2008-10-03 17:36 <DIR> d-------- C:\Users\Natalie\dwhelper
    2008-09-24 22:36 . 2008-09-24 22:36 <DIR> d-------- C:\Program Files\Common Files\LightScribe
    2008-09-24 22:30 . 2008-09-24 22:30 <DIR> d-------- C:\Users\All Users\LightScribe
    2008-09-24 22:30 . 2008-09-24 22:30 <DIR> d-------- C:\ProgramData\LightScribe
    2008-09-24 21:27 . 2008-09-24 21:56 <DIR> d-------- C:\Temp
    2008-09-24 20:37 . 2008-07-12 13:30 47 --a------ C:\Windows\System32\readme.bat
    2008-09-24 19:31 . 2008-09-24 19:33 <DIR> d-------- C:\Users\All Users\Lavasoft
    2008-09-24 19:31 . 2008-09-24 19:33 <DIR> d-------- C:\ProgramData\Lavasoft
    2008-09-24 19:31 . 2008-09-24 19:31 <DIR> d-------- C:\Program Files\Lavasoft
    2008-09-24 19:30 . 2008-09-26 16:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-24 19:27 . 2008-09-24 19:27 <DIR> d-------- C:\Users\All Users\Adobe Systems
    2008-09-24 19:27 . 2008-09-24 19:27 <DIR> d-------- C:\ProgramData\Adobe Systems
    2008-09-24 19:23 . 2008-09-24 19:23 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2008-09-24 02:44 . 2008-09-24 02:44 <DIR> d-------- C:\Users\All Users\FLEXnet
    2008-09-24 02:44 . 2008-09-24 02:44 <DIR> d-------- C:\ProgramData\FLEXnet
    2008-09-24 02:06 . 2008-09-24 02:06 <DIR> d-------- C:\Users\All Users\Messenger Plus!
    2008-09-24 02:06 . 2008-09-24 02:06 <DIR> d-------- C:\ProgramData\Messenger Plus!
    2008-09-24 00:52 . 2008-09-24 00:52 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Template
    2008-09-24 00:52 . 2008-10-02 00:19 702 --a------ C:\Users\Natalie\AppData\Roaming\wklnhst.dat
    2008-09-23 23:34 . 2008-09-23 23:34 <DIR> d-------- C:\Program Files\Veoh Networks
    2008-09-23 21:05 . 2008-09-24 00:48 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Azureus
    2008-09-23 21:05 . 2008-09-23 21:05 <DIR> d-------- C:\Users\All Users\Azureus
    2008-09-23 21:05 . 2008-09-23 21:05 <DIR> d-------- C:\ProgramData\Azureus
    2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\SystemRequirementsLab
    2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\Program Files\SystemRequirementsLab
    2008-09-23 20:35 . 2008-09-23 20:35 <DIR> d-------- C:\Windows\Sun
    2008-09-23 19:49 . 2008-09-23 20:13 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\CyberLink
    2008-09-23 19:44 . 2008-09-23 19:44 <DIR> d----c--- C:\Windows\System32\DRVSTORE

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-09 15:32 56,957 ----a-w C:\Users\All Users\nvModes.dat
    2008-10-09 15:32 56,957 ----a-w C:\ProgramData\nvModes.dat
    2008-10-08 18:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-30 23:00 --------- d-----w C:\Program Files\Java
    2008-09-30 17:11 --------- d-----w C:\ProgramData\Microsoft Help
    2008-09-30 04:54 --------- d-----w C:\ProgramData\WildTangent
    2008-09-26 16:43 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-09-26 16:43 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
    2008-09-26 16:43 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-09-26 16:43 --------- d-----w C:\Program Files\Symantec
    2008-09-26 16:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-09-26 15:30 --------- d-----w C:\ProgramData\Symantec
    2008-09-24 18:23 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-09-23 17:28 --------- d-----w C:\ProgramData\CyberLink
    2008-09-23 15:35 --------- d-----w C:\Program Files\Windows Mail
    2008-09-16 00:12 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-09-16 00:12 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-09-16 00:12 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-09-16 00:12 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-09-16 00:12 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-09-16 00:12 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-09-16 00:12 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2008-09-16 00:12 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-08-29 09:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
    2008-08-29 08:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 13535776]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 92704]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-04-02 468264]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-07 51048]
    "QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

    C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
    BHODemon 2.0.lnk - C:\Program Files\BHODemon 2\BHODemon.exe [2005-06-19 946176]
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
    Rapidown.lnk - C:\Program Files\Rapidown\rapidown.exe [2008-09-30 1044992]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-09-11 525664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codecp"= l3codecp.acm
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{73DCAADE-7627-4A60-8086-FF24BB17F1EB}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
    "{2F027587-83B6-45B1-BB62-3CA8EF66ABBA}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{D0C40AC4-6AEC-4CB1-8E4D-BB41A513DE82}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{8D7A5FAD-4221-4887-8932-355D9ED791D9}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{3137D307-CCAE-4112-94B6-5641398A88CB}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{42B90F95-FF38-4ACE-ABDC-64E89E5BEAFF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{902A2ADF-D21B-403B-AD1B-BE1839E3A278}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{40307A1A-8E93-426F-BA00-99DD6600A1D4}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{6AB25FE0-88B1-4987-97FA-C54343C65C94}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{9A7ADBC0-94A4-4929-B78F-E9C5FD8E7195}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R0 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081003.001\IDSvix86.sys [2008-09-12 270384]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe [2008-01-21 21504]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-07 149864]
    R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
    R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
    R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-04-17 203776]
    R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-05-03 42528]
    R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\system32\drivers\RTSTOR.SYS [2008-04-22 62976]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
    S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
    S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    *Newly Created Service* - PROCEXP90

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder

    2008-09-23 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Natalie.job
    - c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 13:05]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\fcgbzlxs.default\
    FF -: plugin - C:\Program Files\Google\Google Updater\2.3.1334.1308\npCIDetect13.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-10 01:10:20
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-10-10 1:12:37
    ComboFix-quarantined-files.txt 2008-10-10 00:12:28
    ComboFix2.txt 2008-10-09 23:58:58

    Pre-Run: 118,462,205,952 bytes free
    Post-Run: 118,431,547,392 bytes free

    293 --- E O F --- 2008-10-02 16:55:37
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,247
    Would you also please post the log from the first run of ComboFix. It will be named ComboFix2.txt.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,247
    Go to Control Panel - Add/Remove programs and remove:

    Java(TM) 6 Update 4
    Viewpoint Media Player



    Read here about Rapidown. I recommend uninstalling it but it's up to you:

    Rapidown
    http://www.systemlookup.com/CLSID/488-rapi310_dll.html

    Delete these two folders:

    Folder::
    C:\Users\Natalie\AppData\Roaming\WildTangent
    C:\ProgramData\WildTangent


    After doing the above, reboot and post a new HijackThis log please.
     
  11. Dantesgirl

    Dantesgirl Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    89
    Thanks for the reply.

    I did everything you said, but I already uninstalled Rapidown yesterday as it was quite a nuisance. I have my desktop icons set up in a particular order and upon start-up, Rapidown would automatically run and create a new desktop icon, something that annoyed me. Also, when I went to uninstall it via Control Panel, it would just start up again. It took me around a week to figure out how to uninstall it - through the program's own 'options' menu.

    I've searched my computer and I can't find the second ComboFix log, sorry. I thought it just brought up a list of items on your computer like HijackThis, I didn't think it automatically fixed some things.

    Here's the fresh HJT log as requested:

    --
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:47:39, on 13/10/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\Geek.exe
    c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13223 bytes
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,247
    I'm sorry, I should have been more specific. You should find the ComboFix log in this location:

    C:\qoobox\ComboFix2.txt
     
  13. Dantesgirl

    Dantesgirl Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    89
    Found it, I just checked in C:\

    Here's the first ComboFix log:

    --
    ComboFix 08-10-08.05 - Natalie 2008-10-10 0:48:01.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.918 [GMT 1:00]
    Running from: C:\Users\Natalie\Downloads\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
    .

    2008-10-08 19:33 . 2008-10-08 19:33 <DIR> d-------- C:\Windows\Noslip
    2008-10-08 19:33 . 2008-10-08 19:34 296 --a------ C:\Windows\ULEAD32.INI
    2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Uniblue
    2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d--h-c--- C:\Users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-10-07 21:54 . 2008-10-07 21:54 <DIR> d--h-c--- C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-10-05 18:03 . 2008-10-08 01:28 <DIR> d-------- C:\Program Files\BHODemon 2
    2008-10-05 17:41 . 2008-10-05 17:41 <DIR> d-------- C:\VundoFix Backups
    2008-10-05 17:08 . 2008-10-05 17:08 <DIR> d-------- C:\WTablet
    2008-10-04 20:19 . 2008-10-04 20:19 <DIR> d-------- C:\Program Files\Elaborate Bytes
    2008-10-04 00:08 . 2008-10-04 00:08 <DIR> d-------- C:\Program Files\Alcohol Soft
    2008-10-03 19:44 . 2008-10-03 19:44 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
    2008-10-01 00:05 . 2008-10-09 16:33 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\OpenOffice.org2
    2008-10-01 00:01 . 2008-10-01 00:01 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-09-30 17:56 . 2008-10-08 01:28 <DIR> d-------- C:\Program Files\Rapidown
    2008-09-30 05:52 . 2008-09-30 05:52 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\WildTangent
    2008-09-29 21:30 . 2008-09-29 21:30 <DIR> d-------- C:\Program Files\Common Files\Java
    2008-09-29 21:09 . 2008-09-29 21:09 <DIR> d-------- C:\_OTMoveIt
    2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\DivX
    2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Program Files\DivX
    2008-09-27 22:13 . 2008-09-27 22:13 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
    2008-09-27 02:47 . 2008-10-09 16:32 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\WTablet
    2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\Users\All Users\AppData
    2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\ProgramData\AppData
    2008-09-27 02:47 . 2008-09-27 02:47 <DIR> d-------- C:\Program Files\TabletPen
    2008-09-27 02:47 . 2007-09-07 19:07 2,684,200 --------- C:\Windows\System32\PenTablet.cpl
    2008-09-27 02:47 . 2007-09-07 19:04 1,380,680 --------- C:\Windows\System32\PenTablet.znc
    2008-09-27 02:46 . 2007-02-16 01:11 11,440 --a------ C:\Windows\System32\drivers\WacomVKHid.sys
    2008-09-27 02:44 . 2008-09-27 02:44 <DIR> d-------- C:\Windows\System32\WTablet
    2008-09-27 02:44 . 2008-09-27 02:46 <DIR> d-------- C:\Program Files\Tablet
    2008-09-27 02:44 . 2007-09-07 19:16 1,373,480 --------- C:\Windows\System32\Pen_Tablet.exe
    2008-09-27 02:44 . 2007-09-07 18:55 181,544 --------- C:\Windows\System32\Wintab32.dll
    2008-09-27 02:44 . 2007-09-07 19:09 128,296 --------- C:\Windows\System32\Pen_Tablet.dll
    2008-09-27 02:44 . 2007-02-16 19:30 12,848 --a------ C:\Windows\System32\drivers\wacomvhid.sys
    2008-09-27 02:44 . 2007-02-16 20:12 11,312 --a------ C:\Windows\System32\drivers\wacommousefilter.sys
    2008-09-27 01:07 . 2008-09-27 01:07 <DIR> d-------- C:\Program Files\Activision
    2008-09-27 00:41 . 2008-09-27 00:41 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Ulead Systems
    2008-09-27 00:39 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Searches
    2008-09-27 00:39 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Contacts
    2008-09-27 00:39 . 2008-09-27 00:39 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Symantec
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Videos
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Saved Games
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Pictures
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Music
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Links
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Downloads
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> dr------- C:\Users\Guest\Documents
    2008-09-27 00:38 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Media Center Programs
    2008-09-27 00:38 . 2008-09-27 00:39 <DIR> d--h----- C:\Users\Guest\AppData
    2008-09-27 00:38 . 2008-10-08 01:28 <DIR> d-------- C:\Users\Guest
    2008-09-26 17:30 . 2008-09-27 00:41 <DIR> d-------- C:\Program Files\World of Warcraft
    2008-09-26 17:30 . 2008-09-26 17:31 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2008-09-26 03:20 . 2008-09-26 03:20 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Malwarebytes
    2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\Users\All Users\Malwarebytes
    2008-09-26 02:47 . 2008-09-26 02:47 <DIR> d-------- C:\ProgramData\Malwarebytes
    2008-09-26 02:47 . 2008-09-29 02:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-26 02:47 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
    2008-09-26 02:47 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-09-26 02:31 . 2008-09-26 02:31 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
    2008-09-26 02:31 . 2008-09-26 02:31 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
    2008-09-26 02:30 . 2008-09-26 16:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-09-26 02:19 . 2008-09-26 02:22 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-09-26 02:19 . 2008-09-26 02:22 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-09-26 02:19 . 2008-09-26 02:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-09-26 01:13 . 2008-10-09 16:57 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-09-26 01:13 . 2008-06-10 21:22 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
    2008-09-26 01:13 . 2008-06-02 15:19 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
    2008-09-26 01:13 . 2008-06-02 15:19 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
    2008-09-26 01:13 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
    2008-09-26 01:05 . 2008-10-09 18:08 <DIR> d-------- C:\Users\All Users\Google Updater
    2008-09-26 01:05 . 2008-10-09 18:08 <DIR> d-------- C:\ProgramData\Google Updater
    2008-09-26 01:05 . 2008-09-26 01:05 <DIR> d-------- C:\Program Files\Google
    2008-09-26 00:48 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
    2008-09-26 00:27 . 2008-09-26 00:27 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\PC Tools
    2008-09-26 00:27 . 2008-10-10 00:44 <DIR> d-a------ C:\Users\All Users\TEMP
    2008-09-26 00:27 . 2008-10-10 00:44 <DIR> d-a------ C:\ProgramData\TEMP
    2008-09-25 23:32 . 2008-09-25 23:53 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Ulead Systems
    2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\Users\All Users\InterVideo
    2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\ProgramData\InterVideo
    2008-09-25 23:30 . 2008-09-25 23:30 <DIR> d-------- C:\Program Files\Common Files\InterVideo
    2008-09-25 23:30 . 2007-03-06 11:58 210,456 --a------ C:\Windows\System32\IVIresizeW7.dll
    2008-09-25 23:30 . 2007-03-06 11:58 206,360 --a------ C:\Windows\System32\IVIresizeA6.dll
    2008-09-25 23:30 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeP6.dll
    2008-09-25 23:30 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeM6.dll
    2008-09-25 23:30 . 2007-03-06 11:58 194,072 --a------ C:\Windows\System32\IVIresizePX.dll
    2008-09-25 23:30 . 2007-03-06 11:58 26,136 --a------ C:\Windows\System32\IVIresize.dll
    2008-09-25 23:29 . 2008-09-25 23:29 <DIR> d-------- C:\Program Files\Windows Media Components
    2008-09-25 23:27 . 2008-10-08 01:28 <DIR> d-------- C:\Users\All Users\Ulead Systems
    2008-09-25 23:27 . 2008-10-08 01:28 <DIR> d-------- C:\ProgramData\Ulead Systems
    2008-09-25 23:27 . 2008-09-25 23:29 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
    2008-09-25 23:25 . 2008-10-08 19:33 <DIR> d-------- C:\Program Files\Ulead Systems
    2008-09-25 23:09 . 2005-11-24 12:51 245,248 --a------ C:\Windows\System32\drivers\rt73.sys
    2008-09-25 23:08 . 2008-09-25 23:08 <DIR> d-------- C:\Program Files\Belkin
    2008-09-25 23:08 . 2004-04-30 15:12 40,960 --a------ C:\Windows\System32\F5D9050.dll
    2008-09-25 19:08 . 2008-09-25 19:08 <DIR> d-------- C:\Users\All Users\Windows Genuine Advantage
    2008-09-25 02:13 . 2008-09-25 02:13 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
    2008-09-25 02:13 . 2008-09-25 02:13 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
    2008-09-24 23:50 . 2008-10-03 17:36 <DIR> d-------- C:\Users\Natalie\dwhelper
    2008-09-24 22:36 . 2008-09-24 22:36 <DIR> d-------- C:\Program Files\Common Files\LightScribe
    2008-09-24 22:30 . 2008-09-24 22:30 <DIR> d-------- C:\Users\All Users\LightScribe
    2008-09-24 22:30 . 2008-09-24 22:30 <DIR> d-------- C:\ProgramData\LightScribe
    2008-09-24 21:27 . 2008-09-24 21:56 <DIR> d-------- C:\Temp
    2008-09-24 20:37 . 2008-07-12 13:30 47 --a------ C:\Windows\System32\readme.bat
    2008-09-24 19:31 . 2008-09-24 19:33 <DIR> d-------- C:\Users\All Users\Lavasoft
    2008-09-24 19:31 . 2008-09-24 19:33 <DIR> d-------- C:\ProgramData\Lavasoft
    2008-09-24 19:31 . 2008-09-24 19:31 <DIR> d-------- C:\Program Files\Lavasoft
    2008-09-24 19:30 . 2008-09-26 16:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-24 19:27 . 2008-09-24 19:27 <DIR> d-------- C:\Users\All Users\Adobe Systems
    2008-09-24 19:27 . 2008-09-24 19:27 <DIR> d-------- C:\ProgramData\Adobe Systems
    2008-09-24 19:23 . 2008-09-24 19:23 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2008-09-24 02:44 . 2008-09-24 02:44 <DIR> d-------- C:\Users\All Users\FLEXnet
    2008-09-24 02:44 . 2008-09-24 02:44 <DIR> d-------- C:\ProgramData\FLEXnet
    2008-09-24 02:06 . 2008-09-24 02:06 <DIR> d-------- C:\Users\All Users\Messenger Plus!
    2008-09-24 02:06 . 2008-09-24 02:06 <DIR> d-------- C:\ProgramData\Messenger Plus!
    2008-09-24 00:52 . 2008-09-24 00:52 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Template
    2008-09-24 00:52 . 2008-10-02 00:19 702 --a------ C:\Users\Natalie\AppData\Roaming\wklnhst.dat
    2008-09-23 23:34 . 2008-09-23 23:34 <DIR> d-------- C:\Program Files\Veoh Networks
    2008-09-23 21:05 . 2008-09-24 00:48 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\Azureus
    2008-09-23 21:05 . 2008-09-23 21:05 <DIR> d-------- C:\Users\All Users\Azureus
    2008-09-23 21:05 . 2008-09-23 21:05 <DIR> d-------- C:\ProgramData\Azureus
    2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\SystemRequirementsLab
    2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\Program Files\SystemRequirementsLab
    2008-09-23 20:35 . 2008-09-23 20:35 <DIR> d-------- C:\Windows\Sun
    2008-09-23 19:49 . 2008-09-23 20:13 <DIR> d-------- C:\Users\Natalie\AppData\Roaming\CyberLink
    2008-09-23 19:44 . 2008-09-23 19:44 <DIR> d----c--- C:\Windows\System32\DRVSTORE

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-09 15:32 56,957 ----a-w C:\Users\All Users\nvModes.dat
    2008-10-09 15:32 56,957 ----a-w C:\ProgramData\nvModes.dat
    2008-10-08 18:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-30 23:00 --------- d-----w C:\Program Files\Java
    2008-09-30 17:11 --------- d-----w C:\ProgramData\Microsoft Help
    2008-09-30 04:54 --------- d-----w C:\ProgramData\WildTangent
    2008-09-26 16:43 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-09-26 16:43 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
    2008-09-26 16:43 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-09-26 16:43 --------- d-----w C:\Program Files\Symantec
    2008-09-26 16:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-09-26 15:30 --------- d-----w C:\ProgramData\Symantec
    2008-09-24 18:23 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-09-23 17:28 --------- d-----w C:\ProgramData\CyberLink
    2008-09-23 15:35 --------- d-----w C:\Program Files\Windows Mail
    2008-09-16 00:12 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-09-16 00:12 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-09-16 00:12 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-09-16 00:12 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-09-16 00:12 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-09-16 00:12 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-09-16 00:12 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2008-09-16 00:12 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-08-29 09:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
    2008-08-29 08:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 13535776]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 92704]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-04-02 468264]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-07 51048]
    "QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

    C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
    BHODemon 2.0.lnk - C:\Program Files\BHODemon 2\BHODemon.exe [2005-06-19 946176]
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
    Rapidown.lnk - C:\Program Files\Rapidown\rapidown.exe [2008-09-30 1044992]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-09-11 525664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codecp"= l3codecp.acm
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{73DCAADE-7627-4A60-8086-FF24BB17F1EB}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
    "{2F027587-83B6-45B1-BB62-3CA8EF66ABBA}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{D0C40AC4-6AEC-4CB1-8E4D-BB41A513DE82}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{8D7A5FAD-4221-4887-8932-355D9ED791D9}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{3137D307-CCAE-4112-94B6-5641398A88CB}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{42B90F95-FF38-4ACE-ABDC-64E89E5BEAFF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{902A2ADF-D21B-403B-AD1B-BE1839E3A278}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{40307A1A-8E93-426F-BA00-99DD6600A1D4}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{6AB25FE0-88B1-4987-97FA-C54343C65C94}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{9A7ADBC0-94A4-4929-B78F-E9C5FD8E7195}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R0 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081003.001\IDSvix86.sys [2008-09-12 270384]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe [2008-01-21 21504]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-07 149864]
    R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
    R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
    R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-04-17 203776]
    R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-05-03 42528]
    R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\system32\drivers\RTSTOR.SYS [2008-04-22 62976]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
    S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
    S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    *Newly Created Service* - PROCEXP90

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder

    2008-09-23 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Natalie.job
    - c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 13:05]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
    HKLM-Run-F5D9050 - C:\Program Files\Belkin\F5D9050\Belkinwcui.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\fcgbzlxs.default\
    FF -: plugin - C:\Program Files\Google\Google Updater\2.3.1334.1308\npCIDetect13.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-10 00:56:24
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-10-10 0:58:56
    ComboFix-quarantined-files.txt 2008-10-09 23:58:47

    Pre-Run: 119,182,000,128 bytes free
    Post-Run: 118,844,477,440 bytes free

    295 --- E O F --- 2008-10-02 16:55:37
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,247
    OK, thanks.

    Please do an online scan with Kaspersky WebScanner

    Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version (it's the fifith one down the list :

    Java Runtime Environment (JRE) 6 Update 7


    Instructions for Kaspersky scan:

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure the following is checked.
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.
     
  15. Dantesgirl

    Dantesgirl Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    89
    I've been doing the scan for over an hour and a half and so far it's only at 18%.

    Would there be an alternative to this scan or will I have to leave the laptop on overnight? I'm very tired.

    EDIT: Scan went from 33% to finished immediately, confusing.

    Anyway, here is the log:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Tuesday, October 14, 2008
    Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, October 14, 2008 00:28:33
    Records in database: 1309715
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\

    Scan statistics:
    Files scanned: 150447
    Threat name: 1
    Infected objects: 1
    Suspicious objects: 0
    Duration of the scan: 02:25:11


    File name / Threat name / Threats count
    C:\Users\Natalie\Downloads\setupxv.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.hx 1

    The selected area was scanned.

    ANOTHER EDIT: I just got two consecutive emails which I deleted immediately and refused to open. Here are the titles:

    'Figght foreclosure'
    'Don t let your lender forecclose'

    Fair enough, whatever this thing is, it certainly has my details. What I want to know is that if I get rid of it, will I stop receiving these emails? Also, I've used my sister's PayPal account on this laptop, is there anyway this could compromise the account's security?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/757062

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice