Trojan.Zlob.G Infection

It seems that my comp has the Zlob infection. I appreciate the help!javascript:emoticonp('')

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:41 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = By DSLExtreme
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9DE01CD2-BBF6-4454-A090-B8D9F6E212D8} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Downloads - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-kazemule8-uk\index.html (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://ew2.lysator.liu.se/loth/j/p/jphillips1/satanic_herd_700ph.jpg

--
End of file - 9794 bytes

Hello.

• Download combofix from here, use the top links - combofix.exe
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 08-12-06.04 - 2008-12-06 17:11:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478 [GMT -8:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\\Application Data\Google\kjzna1562565.exe
c:\program files\INSTALL.LOG

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_$SYS$ARIES
-------\Legacy_$SYS$DRMSERVER
-------\Legacy_CD_PROXY
-------\Service_$sys$DRMServer
-------\Service_CD_Proxy


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 16:42 . 2008-12-06 16:42 d-------- c:\program files\Trend Micro
2008-12-06 06:55 . 2008-12-06 06:59 d-------- c:\program files\Perfect Defender 2009
2008-12-05 20:07 . 2008-12-05 20:07 d-------- c:\program files\SEGA
2008-11-12 18:26 . 2008-09-04 09:15 1,106,944 --------- c:\windows\SYSTEM32\dllcache\msxml3.dll
2008-11-12 18:26 . 2008-10-24 03:21 455,296 --------- c:\windows\SYSTEM32\dllcache\mrxsmb.sys
2008-11-11 17:54 . 2008-10-07 13:33 201,157 --a------ c:\windows\SYSTEM32\nvapps.nvb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 01:23 --------- d-----w c:\program files\Common Files\Akamai
2008-12-06 23:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-06 23:41 --------- d-----w c:\program files\SpywareBlaster
2008-12-06 07:43 --------- d-----w c:\program files\a-squared Free
2008-12-06 04:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 11:07 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-21 11:07 103,736 ----a-w c:\windows\SYSTEM32\PnkBstrB.exe

Last edited by Bloodredsummer on 7th December 2008, 3:34 am; edited 1 time in total

2008-11-11 03:26 --------- d-----w c:\program files\LucasArts
2008-11-09 10:47 --------- d-----w c:\documents and settings\\Application Data\Petroglyph
2008-11-09 10:26 --------- d-----w c:\program files\Sony
2008-11-09 10:20 --------- d-----w c:\program files\MTA San Andreas
2008-11-09 10:18 --------- d-----w c:\program files\Raven
2008-10-26 19:21 --------- d-s---w c:\program files\Xfire
2008-10-26 18:56 --------- d-----w c:\documents and settings\\Application Data\Xfire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\SYSTEM32\dllcache\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\SYSTEM32\dllcache\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\SYSTEM32\dllcache\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\SYSTEM32\dllcache\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\SYSTEM32\dllcache\cdm.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 22:09 51,224 ----a-w c:\windows\SYSTEM32\dllcache\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\SYSTEM32\dllcache\wups.dll
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\dllcache\netapi32.dll
2008-10-09 00:47 42,320 ----a-w c:\windows\SYSTEM32\xfcodec.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\dllcache\ieframe.dll
2008-10-02 18:07 453,152 ----a-w c:\windows\SYSTEM32\NVUNINST.EXE
2008-10-01 00:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\dllcache\srv.sys
2008-08-05 02:52 22,328 ----a-w c:\documents and settings\\Application Data\PnkBstrK.sys
2008-08-22 22:42 32,768 --sha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-06 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-01 185632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-04-13 78848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk
backup=c:\windows\pss\Color Calibration.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune3.5.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MagicTune3.5.lnk
backup=c:\windows\pss\MagicTune3.5.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^restore.bat]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\restore.bat
backup=c:\windows\pss\restore.batCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 16:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX500]
--a------ 2003-06-01 12:00 99840 c:\windows\SYSTEM32\spool\drivers\w32x86\3\E_S4I2K1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]
-----c--- 2002-03-01 21:04 732160 c:\progra~1\VOB\INSTAN~1\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2001-07-09 10:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-08-18 17:41 1832272 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-07 17:45 1410296 c:\program files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
--a------ 2007-01-18 13:20 190008 c:\program files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-01 11:29 185632 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--------- 2002-01-17 11:54 479744 c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
-r------- 2002-03-28 14:55 101611 c:\windows\GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"Seagate Sync Service"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NVSvc"=2 (0x2)
"NMSSvc"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"CD_Proxy"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"aawservice"=2 (0x2)
"$sys$DRMServer"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\half-life 2\\hl2.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Sierra\\Half-Life\\hl.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Sierra\\Half-Life\\PingTool\\PingTool.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\half-life\\hl.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\synergy\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead demo\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 fasttrak;fasttrak;c:\windows\system32\DRIVERS\fasttrak.sys [2002-05-22 73600]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2002-09-11 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobiw.sys [2002-09-11 174080]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2002-09-12 14336]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\DRIVERS\LNE100V5.sys [2007-06-04 36224]
S0 $sys$cor;$sys$cor;c:\windows\system32\Drivers\$sys$cor.sys []
S1 $sys$crater;$sys$crater;\??\c:\windows\system32\$sys$filesystem\crater.sys []
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
S1 cdrdrv;cdrdrv;c:\windows\system32\drivers\cdrdrv.sys [2002-09-11 57344]
S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys []
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\BEVERL~1\LOCALS~1\Temp\Fadpu16E.sys []
S3 XDva032;XDva032;\??\c:\windows\system32\XDva032.sys []
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe []
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
S4 Seagate Sync Service;Seagate Sync Service;"c:\program files\Seagate\Sync\SeaSyncServices.exe" [2007-01-18 24120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2204e1c7-1ac5-11d7-b466-806d6172696f}]
\Shell\AutoRun\command - D:\LaunchCD.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9DE01CD2-BBF6-4454-A090-B8D9F6E212D8} - (no file)
HKCU-Run-Smax4 - c:\documents and settings\\Application Data\Google\kjzna1562565.exe
MSConfigStartUp-AdaptecDirectCD - c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
MSConfigStartUp-AIM - c:\program files\AIM95\aim.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
MSConfigStartUp-CreateCD50 - c:\progra~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
MSConfigStartUp-HXIUL - c:\program files\BestBuy\HelpExpress\HXIUL.EXE
MSConfigStartUp-Microsoft Works Portfolio - c:\program files\Microsoft Works\WksSb.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-mmtask - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
MSConfigStartUp-Rcsh - c:\documents and settings\\Application Data\iwar.exe
MSConfigStartUp-The Twilight Zone Tower of Terror™ Game - c:\program files\The Twilight Zone Tower of Terror™ Game\The Twilight Zone Tower of Terror™ Game.exe
MSConfigStartUp-updater - c:\program files\Common files\updater\wupdater.exe
MSConfigStartUp-updmgr - c:\program files\Common files\updmgr\updmgr.exe
MSConfigStartUp-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\cdaEngine0400.dll
MSConfigStartUp-WorksFUD - c:\program files\Microsoft Works\wkfud.exe
MSConfigStartUp-ZingSpooler - c:\program files\Common Files\Zing\ZingSpooler.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/ie
mWindow Title = By DSLExtreme
uInternet Settings,ProxyOverride = ;127.0.0.1;;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-kazemule8-uk\index.html
IE: {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-kazemule8-uk\index.html -
FireFox -: Profile - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\ls42g6kg.default\
FF -: plugin - c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\ls42g6kg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Google\Google Updater\2.2.1265.1931\npCIDetect12.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npImgCtl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll

Last edited by Bloodredsummer on 7th December 2008, 3:32 am; edited 1 time in total

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 17:22:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-06 17:31:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 01:31:32

Pre-Run: 2,469,715,968 bytes free
Post-Run: 10,622,775,296 bytes free

361 --- E O F --- 2008-11-14 02:36:40

Now open a new notepad file.
Input this into the notepad file:

Driver::
$sys$cor
$sys$crater
AvgLdx86
AvgTdiX
Fadpu16E
avg8emc
avg8wd
EraserUtilRebootDrv

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 08-12-06.04 - 2008-12-06 18:09:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.472 [GMT -8:00]
Running from: c:\documents and settings\\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\\Desktop\CFscript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVG8EMC
-------\Legacy_AVG8WD
-------\Legacy_AVGLDX86
-------\Legacy_AVGTDIX
-------\Legacy_ERASERUTILREBOOTDRV
-------\Legacy_FADPU16E
-------\Service_$sys$cor
-------\Service_$sys$crater
-------\Service_avg8emc
-------\Service_avg8wd
-------\Service_AvgLdx86
-------\Service_AvgTdiX
-------\Service_EraserUtilRebootDrv
-------\Service_Fadpu16E


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 16:42 . 2008-12-06 16:42 d-------- c:\program files\Trend Micro
2008-12-06 06:55 . 2008-12-06 06:59 d-------- c:\program files\Perfect Defender 2009
2008-12-05 20:07 . 2008-12-05 20:07 d-------- c:\program files\SEGA
2008-11-12 18:26 . 2008-09-04 09:15 1,106,944 --------- c:\windows\SYSTEM32\dllcache\msxml3.dll
2008-11-12 18:26 . 2008-10-24 03:21 455,296 --------- c:\windows\SYSTEM32\dllcache\mrxsmb.sys
2008-11-11 17:54 . 2008-10-07 13:33 201,157 --a------ c:\windows\SYSTEM32\nvapps.nvb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 02:14 --------- d-----w c:\program files\Common Files\Akamai
2008-12-06 23:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-06 23:41 --------- d-----w c:\program files\SpywareBlaster
2008-12-06 07:43 --------- d-----w c:\program files\a-squared Free
2008-12-06 04:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 11:07 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-21 11:07 103,736 ----a-w c:\windows\SYSTEM32\PnkBstrB.exe
2008-11-11 03:26 --------- d-----w c:\program files\LucasArts
2008-11-09 10:47 --------- d-----w c:\documents and settings\\Application Data\Petroglyph
2008-11-09 10:26 --------- d-----w c:\program files\Sony
2008-11-09 10:20 --------- d-----w c:\program files\MTA San Andreas
2008-11-09 10:18 --------- d-----w c:\program files\Raven
2008-10-26 19:21 --------- d-s---w c:\program files\Xfire
2008-10-26 18:56 --------- d-----w c:\documents and settings\\Application Data\Xfire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\SYSTEM32\dllcache\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\SYSTEM32\dllcache\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\SYSTEM32\dllcache\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\SYSTEM32\dllcache\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\SYSTEM32\dllcache\cdm.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 22:09 51,224 ----a-w c:\windows\SYSTEM32\dllcache\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\SYSTEM32\dllcache\wups.dll
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\dllcache\netapi32.dll
2008-10-09 00:47 42,320 ----a-w c:\windows\SYSTEM32\xfcodec.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\dllcache\ieframe.dll
2008-10-02 18:07 453,152 ----a-w c:\windows\SYSTEM32\NVUNINST.EXE

2008-10-01 00:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\dllcache\srv.sys
2008-08-05 02:52 22,328 ----a-w c:\documents and settings\\Application Data\PnkBstrK.sys
2008-08-22 22:42 32,768 --sha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_17.30.39.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-07 02:13:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b4.dat

Last edited by Bloodredsummer on 7th December 2008, 3:31 am; edited 1 time in total

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-06 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-01 185632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-04-13 78848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk
backup=c:\windows\pss\Color Calibration.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune3.5.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MagicTune3.5.lnk
backup=c:\windows\pss\MagicTune3.5.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^restore.bat]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\restore.bat
backup=c:\windows\pss\restore.batCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 16:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX500]
--a------ 2003-06-01 12:00 99840 c:\windows\SYSTEM32\spool\drivers\w32x86\3\E_S4I2K1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]
-----c--- 2002-03-01 21:04 732160 c:\progra~1\VOB\INSTAN~1\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2001-07-09 10:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-08-18 17:41 1832272 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-07 17:45 1410296 c:\program files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
--a------ 2007-01-18 13:20 190008 c:\program files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-01 11:29 185632 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--------- 2002-01-17 11:54 479744 c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
-r------- 2002-03-28 14:55 101611 c:\windows\GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"Seagate Sync Service"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NVSvc"=2 (0x2)
"NMSSvc"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"CD_Proxy"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"aawservice"=2 (0x2)
"$sys$DRMServer"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\half-life 2\\hl2.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Sierra\\Half-Life\\hl.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Sierra\\Half-Life\\PingTool\\PingTool.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\half-life\\hl.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\synergy\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bloodredsummer\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead demo\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 fasttrak;fasttrak;c:\windows\system32\DRIVERS\fasttrak.sys [2002-05-22 73600]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2002-09-11 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobiw.sys [2002-09-11 174080]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2002-09-12 14336]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\DRIVERS\LNE100V5.sys [2007-06-04 36224]
S1 cdrdrv;cdrdrv;c:\windows\system32\drivers\cdrdrv.sys [2002-09-11 57344]
S3 XDva032;XDva032;\??\c:\windows\system32\XDva032.sys []
S4 Seagate Sync Service;Seagate Sync Service;"c:\program files\Seagate\Sync\SeaSyncServices.exe" [2007-01-18 24120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2204e1c7-1ac5-11d7-b466-806d6172696f}]
\Shell\AutoRun\command - D:\LaunchCD.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/ie
mWindow Title = By DSLExtreme
uInternet Settings,ProxyOverride = ;127.0.0.1;;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-kazemule8-uk\index.html
IE: {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-kazemule8-uk\index.html -
FireFox -: Profile - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\ls42g6kg.default\
FF -: plugin - c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\ls42g6kg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Google\Google Updater\2.2.1265.1931\npCIDetect12.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npImgCtl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 18:13:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-06 18:22:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 02:22:26
ComboFix2.txt 2008-12-07 01:31:40

Pre-Run: 10,590,625,792 bytes free
Post-Run: 10,574,082,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

354 --- E O F --- 2008-11-14 02:36:40

Last edited by Bloodredsummer on 7th December 2008, 3:33 am; edited 1 time in total

Looks good now, what problems remain?

This problem doesn't pertain to the Trojan virus but when I try to burn a CD on Nero Express I get a message that drive is already in use by another program.

I don't know how to fix this, can you help?

EDIT: It seems to be from a Sony rootkit problem that I had before. By the way, Thanks so very much for helping me with the virus! You guys are awesome!

Hello.
Yes, the sony rootkit is quite annoying, bin the CD that it came from, don't use it ever again.

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.