Solved: Need help against Internet Speed Monitor

Kangaroo44 · Sep 27, 2008

(EDIT: Somehow when I posted it before, the line breaks all disappeared. Not sure if it was something to do with the ISM infection. I went through line by line to put the breaks back in so you can read it.)

My computer got attacked by the Internet Speed Monitor virus. It had attacked me some time before but I may not have gotten rid of it. Please help!

Hereis a HijackThis log that I just made...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:42 PM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\GetModule\GetModule23.exe
C:\Program Files\VnrBlock\VnrBlock21.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\~.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -C:\ProgramFiles\MyWaySA\SrchAsDe\deSrcAs.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655}- c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTPerformanceUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Vegas Poker 247 NET - {16D8DF77-C364-44e2-B908-11F75427A20A} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247 NET\Vegas Poker 247 NET.lnk
O9 - Extra 'Tools' menuitem: Vegas Poker 247 NET - {16D8DF77-C364-44e2-B908-11F75427A20A} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247 NET\Vegas Poker 247 NET.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrabblecubes/scrabblecubes.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://law01.shu.edu/dwa7W.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asowsewl - S3/Diamond Multimedia Systems - C:\WINDOWS\system32\drivers\riodrv.sys
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14117 bytes

cybertech · Sep 30, 2008

Hi Welcome to TSG!!

Visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Kangaroo44 · Sep 30, 2008

Thank you so much for responding! I was really worried I wouldn't be able to get my computer running again, and I use it for my school work, so I already downloaded some of the programs that you have suggested in other posts. I will post 2 combofix logs. The first log is from when I ran it a few days ago. The second log is from just now. After that I will put the HijackThis log.

Thank you again for responding I have been really worried about sending any sensitive information during this time.

-------------------------------------------------------------------------------------

ComboFix 08-09-27.03 - Michael 2008-09-28 9:41:37.1 - NTFSx86
Running from: C:\Documents and Settings\Michael\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\TEMP\salm.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 09:16 . 2008-09-28 09:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 09:16 . 2008-09-28 09:16 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-09-28 09:16 . 2008-09-28 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 09:16 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 09:16 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 08:57 . 2008-09-28 09:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-28 08:57 . 2008-09-28 08:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-27 17:51 . 2008-09-27 17:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-19 21:46 . 2008-09-19 21:46 1 --a------ C:\WINDOWS\system32\SI.bin
2008-09-19 21:44 . 2008-09-19 21:44 <DIR> d-------- C:\Program Files\Memeo
2008-09-19 21:44 . 2008-09-19 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tanagra
2008-09-19 21:43 . 2008-09-19 21:44 <DIR> d-------- C:\Program Files\Seagate
2008-09-19 21:43 . 2008-09-19 21:45 615 --a------ C:\WINDOWS\setup.iss
2008-09-19 21:39 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys
2008-09-19 21:39 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-09-16 17:51 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-09-16 17:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-09-16 17:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-09-16 17:51 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-09-16 17:51 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-09-03 12:20 . 2008-09-03 12:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 14:51 --------- d-----w C:\Documents and Settings\Michael\Application Data\WTablet
2008-09-26 01:11 --------- d-----w C:\Program Files\World of Warcraft
2008-09-20 02:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-08-17 17:06 --------- d-----w C:\Program Files\Steam
2006-05-09 00:01 625,664 ----a-w C:\Documents and Settings\Michael\vftv1147132895109.exe
2006-05-07 02:26 625,664 ----a-w C:\Documents and Settings\Michael\vftv1146968762828.exe
2006-04-13 19:50 625,664 ----a-w C:\Documents and Settings\Michael\vftv1144957805912.exe
2006-03-27 10:13 625,664 ----a-w C:\Documents and Settings\Michael\vftv1143454423890.exe
2006-02-27 12:45 625,664 ----a-w C:\Documents and Settings\Michael\vftv1141044359296.exe
2006-02-07 13:39 625,664 ----a-w C:\Documents and Settings\Michael\vftv1139319595296.exe
2006-01-30 18:01 625,664 ----a-w C:\Documents and Settings\Michael\vftv1138644082046.exe
2006-01-21 15:53 625,152 ----a-w C:\Documents and Settings\Michael\vftv1137858787281.exe
2006-01-19 03:10 625,152 ----a-w C:\Documents and Settings\Michael\vftv1137640209518.exe
2006-01-10 00:12 625,152 ----a-w C:\Documents and Settings\Michael\vftv1136851948078.exe
2006-01-03 04:25 625,152 ----a-w C:\Documents and Settings\Michael\vftv1136262308015.exe
2005-11-21 15:40 438,784 ----a-w C:\Documents and Settings\Michael\vftv1132587652750.exe
2005-11-15 02:39 438,784 ----a-w C:\Documents and Settings\Michael\vftv1132022346440.exe
2005-11-10 00:32 438,784 ----a-w C:\Documents and Settings\Michael\vftv1131582720750.exe
2005-11-07 23:27 438,784 ----a-w C:\Documents and Settings\Michael\vftv1131406055203.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-06-15 98304]
"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"SetDefaultMIDI"="MIDIDef.exe" [2004-10-06 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-14 7118848]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-26 26112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTPerformanceUtility"="C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe" [2004-09-30 86016]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"Lexmark X5100 Series"="C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-03-04 622592]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 1838592]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 147456]
"Tarantula"="C:\Program Files\Razer\Tarantula\razerhid.exe" [2006-09-30 176128]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"nwiz"="nwiz.exe" [2005-07-14 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2004-10-06 C:\WINDOWS\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2007-02-14 211992]
V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe [2007-02-17 446464]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-23 113664]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-10-26 156784]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-26 24576]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"=
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [2007-02-16 14464]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
R3 AngelUsb;Angel USB MPEG Device;C:\WINDOWS\system32\DRIVERS\AngelUsb.sys [2005-02-17 375424]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
S3 Asowsewl;Asowsewl;C:\WINDOWS\system32\drivers\riodrv.sys [2004-08-10 12032]
S3 CTMSFSYN;Creative SoundFont Synth;C:\WINDOWS\system32\drivers\ctmsfsyn.sys [2004-09-30 158080]
S3 naecd;naecd;C:\DOCUME~1\Michael\LOCALS~1\Temp\naecd.sys [ ]
S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 13225]
S3 TarFltr;Razer Tarantula USB Keyboard;C:\WINDOWS\system32\Drivers\UsbFltr.sys [2006-09-27 44800]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Start Page = hxxp://www.dell4me.com/myway
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 -: {16D8DF77-C364-44e2-B908-11F75427A20A} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247 NET\Vegas Poker 247 NET.lnk
O9 -: {16D8DF77-C364-44e2-B908-11F75427A20A} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247 NET\Vegas Poker 247 NET.lnk -

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

O16 -: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://law01.shu.edu/dwa7W.cab
C:\WINDOWS\Downloaded Program Files\dwa7W.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\Downloaded Program Files\dwa7W.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 09:52:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-28 10:00:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 15:00:39

Pre-Run: 5,286,359,040 bytes free
Post-Run: 6,565,048,320 bytes free

284 --- E O F --- 2008-09-26 06:18:38

Kangaroo44 · Sep 30, 2008

ComboFix 08-09-28.05 - Michael 2008-09-30 9:39:19.2 - NTFSx86
Running from: C:\Documents and Settings\Michael\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.

2008-09-28 13:36 . 2008-09-28 13:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-28 13:36 . 2008-09-28 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-28 13:05 . 2008-09-28 13:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-28 13:05 . 2008-09-28 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-28 12:36 . 2008-09-28 12:36 <DIR> d-------- C:\_OTMoveIt
2008-09-28 09:16 . 2008-09-28 09:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 09:16 . 2008-09-28 09:16 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-09-28 09:16 . 2008-09-28 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 09:16 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 09:16 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 08:57 . 2008-09-28 12:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-28 08:57 . 2008-09-28 08:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-27 17:51 . 2008-09-27 17:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-19 21:46 . 2008-09-19 21:46 1 --a------ C:\WINDOWS\system32\SI.bin
2008-09-19 21:44 . 2008-09-19 21:44 <DIR> d-------- C:\Program Files\Memeo
2008-09-19 21:44 . 2008-09-19 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tanagra
2008-09-19 21:43 . 2008-09-19 21:44 <DIR> d-------- C:\Program Files\Seagate
2008-09-19 21:43 . 2008-09-19 21:45 615 --a------ C:\WINDOWS\setup.iss
2008-09-19 21:39 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys
2008-09-19 21:39 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-09-16 17:51 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-09-16 17:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-09-16 17:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-09-16 17:51 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-09-16 17:51 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-09-03 12:20 . 2008-09-03 12:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-13 17:41 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 00:59 --------- d-----w C:\Program Files\World of Warcraft
2008-09-28 19:08 --------- d-----w C:\Program Files\Java
2008-09-28 17:40 --------- d-----w C:\Documents and Settings\Michael\Application Data\WTablet
2008-09-20 02:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-08-17 17:06 --------- d-----w C:\Program Files\Steam
2008-08-01 05:21 4,756 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-23 22:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-16 14:23 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 16:12 667,136 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 16:12 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-23 16:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2008-06-23 16:12 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-06-23 16:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-06-23 16:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-06-23 16:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2008-06-23 16:12 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-23 16:11 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2008-06-23 16:11 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-06-23 16:11 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-06-23 16:11 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 16:11 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-06-23 16:11 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-06-23 16:11 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-06-23 16:11 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 16:11 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-06-23 16:11 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:53 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2006-05-09 00:01 625,664 ----a-w C:\Documents and Settings\Michael\vftv1147132895109.exe
2006-05-07 02:26 625,664 ----a-w C:\Documents and Settings\Michael\vftv1146968762828.exe
2006-04-13 19:50 625,664 ----a-w C:\Documents and Settings\Michael\vftv1144957805912.exe
2006-03-27 10:13 625,664 ----a-w C:\Documents and Settings\Michael\vftv1143454423890.exe
2006-02-27 12:45 625,664 ----a-w C:\Documents and Settings\Michael\vftv1141044359296.exe
2006-02-07 13:39 625,664 ----a-w C:\Documents and Settings\Michael\vftv1139319595296.exe
2006-01-30 18:01 625,664 ----a-w C:\Documents and Settings\Michael\vftv1138644082046.exe
2006-01-21 15:53 625,152 ----a-w C:\Documents and Settings\Michael\vftv1137858787281.exe
2006-01-19 03:10 625,152 ----a-w C:\Documents and Settings\Michael\vftv1137640209518.exe
2006-01-10 00:12 625,152 ----a-w C:\Documents and Settings\Michael\vftv1136851948078.exe
2006-01-03 04:25 625,152 ----a-w C:\Documents and Settings\Michael\vftv1136262308015.exe
2005-11-21 15:40 438,784 ----a-w C:\Documents and Settings\Michael\vftv1132587652750.exe
2005-11-15 02:39 438,784 ----a-w C:\Documents and Settings\Michael\vftv1132022346440.exe
2005-11-10 00:32 438,784 ----a-w C:\Documents and Settings\Michael\vftv1131582720750.exe
2005-11-07 23:27 438,784 ----a-w C:\Documents and Settings\Michael\vftv1131406055203.exe
.

((((((((((((((((((((((((((((( [email protected]_10.00.19.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-22 06:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 06:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 07:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-06-15 98304]
"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"SetDefaultMIDI"="MIDIDef.exe" [2004-10-06 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-14 7118848]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-26 26112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTPerformanceUtility"="C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe" [2004-09-30 86016]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"Lexmark X5100 Series"="C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-03-04 622592]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 1838592]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 147456]
"Tarantula"="C:\Program Files\Razer\Tarantula\razerhid.exe" [2006-09-30 176128]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"nwiz"="nwiz.exe" [2005-07-14 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2004-10-06 C:\WINDOWS\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2007-02-14 211992]
V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe [2007-02-17 446464]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-23 113664]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-10-26 156784]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-26 24576]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"=
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [2007-02-16 14464]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
R3 AngelUsb;Angel USB MPEG Device;C:\WINDOWS\system32\DRIVERS\AngelUsb.sys [2005-02-17 375424]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
S3 Asowsewl;Asowsewl;C:\WINDOWS\system32\drivers\riodrv.sys [2004-08-10 12032]
S3 CTMSFSYN;Creative SoundFont Synth;C:\WINDOWS\system32\drivers\ctmsfsyn.sys [2004-09-30 158080]
S3 naecd;naecd;C:\DOCUME~1\Michael\LOCALS~1\Temp\naecd.sys [ ]
S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 13225]
S3 TarFltr;Razer Tarantula USB Keyboard;C:\WINDOWS\system32\Drivers\UsbFltr.sys [2006-09-27 44800]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Start Page = hxxp://www.dell4me.com/myway
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 -: {16D8DF77-C364-44e2-B908-11F75427A20A} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247 NET\Vegas Poker 247 NET.lnk
O9 -: {16D8DF77-C364-44e2-B908-11F75427A20A} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247 NET\Vegas Poker 247 NET.lnk -

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 09:43:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-30 9:46:42
ComboFix-quarantined-files.txt 2008-09-30 14:46:37
ComboFix2.txt 2008-09-28 15:00:45

Pre-Run: 5,895,020,544 bytes free
Post-Run: 5,889,617,920 bytes free

278 --- E O F --- 2008-09-26 06:18:38

Kangaroo44 · Sep 30, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:26 AM, on 9/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTPerformanceUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Vegas Poker 247 NET - {16D8DF77-C364-44e2-B908-11F75427A20A} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247 NET\Vegas Poker 247 NET.lnk
O9 - Extra 'Tools' menuitem: Vegas Poker 247 NET - {16D8DF77-C364-44e2-B908-11F75427A20A} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247 NET\Vegas Poker 247 NET.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrabblecubes/scrabblecubes.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://law01.shu.edu/dwa7W.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asowsewl - S3/Diamond Multimedia Systems - C:\WINDOWS\system32\drivers\riodrv.sys
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14199 bytes

cybertech · Sep 30, 2008

Looks fine. How is it running? Any problems?

Kangaroo44 · Sep 30, 2008

It seems to be running fine now. As you probably noticed, I also downloaded and used Malwarebyte's Anti-Malware program (I think prior to the first combofix scan) and that also got rid of some stuff. However, I did a Kapersky scan after those two and it still showed 3 items. I will post that for you.

The first item, which was described as a "trojan downloader" I was most worried about and I used OTMoveit on it. I thought that would be the correct thing to do based on what I was reading at the time. The other two I wasn't sure about. Do I need to do something further with those?

Thank you.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 28, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 28, 2008 15:14:58
Records in database: 1268089
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 135918
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:52:55

File name / Threat name / Threats count
C:\Documents and Settings\Michael\Desktop\32c92248.exe Infected: Trojan-Downloader.Win32.PurityScan.gb 1
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

The selected area was scanned.

--------------------------------------------------------

Explorer killed successfully
C:\Documents and Settings\Michael\Desktop\32c92248.exe moved successfully.
< EMPTYTEMP >
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\hsperfdata_Michael\296 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\MailMsg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09282008_123620

Files moved on Reboot...
File C:\DOCUME~1\Michael\LOCALS~1\Temp\hsperfdata_Michael\296 not found!
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\Arj.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\avlib.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\Avp1.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\AvpMgr.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\btimages.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\CAB.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\dmap.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\dtreg.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\FSSync.dll
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\FSSync.dll NOT unregistered.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\FSSync.dll moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\HashCont.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\HashMD5.PPL moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\HCCMP.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\ichk2.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\iChkSA.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\Inflate.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\kave.dll
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\kave.dll NOT unregistered.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\kosglue-7.0.25.0.dll
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\kosglue-7.0.25.0.dll NOT unregistered.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\kosglue-7.0.25.0.dll moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\lha.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\L_llio.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\MailMsg.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\mdb.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\MDMAP.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\MemModSc.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\MemScan.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\minizip.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\MKavIO.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\msoe.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\nfio.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\NTFSstrm.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\prLoader.dll
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\prLoader.dll NOT unregistered.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\prLoader.dll moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\prseqio.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\PrUtil.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\rar.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\ScanningProcess.exe moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\sfdb.PPL moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\TempFile.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\thpimpl.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\UniArc.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\UnLZX.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\UnStored.ppl moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\jkos-Michael\binaries\WDiskIO.ppl moved successfully.

cybertech · Sep 30, 2008

Can you delete this file: 32c92248.exe from your desktop?

Kangaroo44 · Sep 30, 2008

Ok I was able to delete that file successfully. Thank you very much. Is that the last thing you think I should do?

cybertech · Oct 1, 2008

I think you are ok.

Watch this folder: C:\DOCUME~1\Michael\LOCALS~1\Temp and empty it in your daily/weekly cleanup along with your temporary internet files and empty your recyle bin.

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN

Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place.

Secunia software inspector & update checker

Good free tools and advice on how to tighten your security settings.

Security Help Tools

Kangaroo44 · Oct 1, 2008

Thank you again you are all very nice people here

cybertech · Oct 2, 2008

Thank you! We try.

It was my pleasure to assist you!

Log in or Sign up

Solved: Need help against Internet Speed Monitor

Kangaroo44 Thread Starter

cybertech Retired Moderator

Kangaroo44 Thread Starter

Kangaroo44 Thread Starter

Kangaroo44 Thread Starter

cybertech Retired Moderator

Kangaroo44 Thread Starter

cybertech Retired Moderator

Kangaroo44 Thread Starter

cybertech Retired Moderator

Kangaroo44 Thread Starter

cybertech Retired Moderator

Sponsor

Welcome to Tech Support Guy!

Solved You need permission to make changes

New Need help

In Progress Help needed for transferring files from old pc securely

Solved Help Needed about Add-Ons (Moved from Windows 8 forum)

New I need help identifying this string of text

Log in or Sign up

Solved: Need help against Internet Speed Monitor

Kangaroo44 Thread Starter

cybertech Retired Moderator

Kangaroo44 Thread Starter

Kangaroo44 Thread Starter

Kangaroo44 Thread Starter

cybertech Retired Moderator

Kangaroo44 Thread Starter

cybertech Retired Moderator

Kangaroo44 Thread Starter

cybertech Retired Moderator

Kangaroo44 Thread Starter

cybertech Retired Moderator

Sponsor

Welcome to Tech Support Guy!

Solved You need permission to make changes

New Need help

In Progress Help needed for transferring files from old pc securely

Solved Help Needed about Add-Ons (Moved from Windows 8 forum)

New I need help identifying this string of text

Useful Searches