Virus/Java script

N

Nevyn

New Member
G'day. I have been infected by something I am unable to find and would like some help.

When navigating in explorer I get the following popup: Attention (my name). Some dangerous Trojan horses detected in your system. Microsoft XP files corrupted. This may lead to destruction of important files in C:\Windows. Download protection software now.

It doesn't matter if you click on the no or okay button, it sends you to the following web address. hxxp://free-viruscan.com/id/4912933/4/1/ (please don't click on this link).

My firewall/virus protection program blocks the site (Trend Internet Security Pro). I have run the virus scanner over the computer several times and have not found anything. I have checked for new programs and have not found anything. The hijack this log is at the end. This popup only occurs in explorer. Any ideas on what it is and how to fix it.

Thanks
Gavin.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:01 AM, on 8/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Virtual Dimension\VirtualDimension.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\GKrellM\gkrellm.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\EVIDEN~1\ee.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {427B37EF-B6C5-4823-A97C-10B88977E398} - C:\WINDOWS\system32\wvUoNhEx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\oggwin.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OTGO11RTM] WScript.exe //Nologo //B "C:\WINDOWS\system32\OTGO11RTM.vbs"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
O4 - HKCU\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKCU\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKCU\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKCU\..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Nap\AiNap.exe
O4 - HKCU\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKCU\..\Run: [Virtual Dimension] C:\Program Files\Virtual Dimension\VirtualDimension.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GKrellM (2).lnk = C:\Program Files\GKrellM\gkrellm.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FA205E1-27C7-4523-BA22-F332BB447076}: NameServer = 203.24.100.125,202.76.170.40
O20 - Winlogon Notify: wvUoNhEx - C:\WINDOWS\SYSTEM32\wvUoNhEx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 12437 bytes
 
Last edited by a moderator:
WOW, big processes log,

Pls do the following:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
my combofix log

ComboFix 08-07-05.1 - Gavin 2008-07-08 13:05:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2237 [GMT 10:00]
Running from: C:\Documents and Settings\Gavin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gavin\Application Data\inst.exe
C:\WINDOWS\system32\cbXpmLbb.dll
C:\WINDOWS\system32\ctcoinst.dll
C:\WINDOWS\system32\wvUoNhEx.dll
I:\Autorun.inf
L:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-08 12:58 . 2008-07-08 12:58 7,168 --a------ C:\WINDOWS\system32\cbXoOfee.dll
2008-07-08 08:38 . 2008-07-08 08:38 <DIR> d-------- C:\Deckard
2008-07-08 07:51 . 2008-07-08 07:51 7,168 --a------ C:\WINDOWS\system32\hgGaaBsS.dll
2008-07-07 23:26 . 2008-07-07 23:26 7,168 --a------ C:\WINDOWS\system32\mlJBUMDU.dll
2008-07-07 22:26 . 2008-07-07 22:26 7,168 --a------ C:\WINDOWS\system32\ssqOGwUN.dll
2008-07-07 21:26 . 2008-07-07 21:26 7,168 --a------ C:\WINDOWS\system32\tuvVLBUn.dll
2008-07-07 20:26 . 2008-07-07 20:26 7,168 --a------ C:\WINDOWS\system32\ddcYSIXn.dll
2008-07-07 19:26 . 2008-07-07 19:26 7,168 --a------ C:\WINDOWS\system32\khfFYOge.dll
2008-07-07 18:26 . 2008-07-07 18:26 7,168 --a------ C:\WINDOWS\system32\nnnkHxWM.dll
2008-07-07 17:26 . 2008-07-07 17:26 7,168 --a------ C:\WINDOWS\system32\wvUmKCtS.dll
2008-07-07 16:26 . 2008-07-07 16:26 7,168 --a------ C:\WINDOWS\system32\xxywVlIX.dll
2008-07-07 15:26 . 2008-07-07 15:26 7,168 --a------ C:\WINDOWS\system32\ssqOICSi.dll
2008-07-07 14:26 . 2008-07-07 14:26 7,168 --a------ C:\WINDOWS\system32\ssqOGayA.dll
2008-07-07 13:26 . 2008-07-07 13:26 7,168 --a------ C:\WINDOWS\system32\ddcYsPjg.dll
2008-07-07 12:26 . 2008-07-07 12:26 7,168 --a------ C:\WINDOWS\system32\efcDUOhF.dll
2008-07-07 11:26 . 2008-07-07 11:26 7,168 --a------ C:\WINDOWS\system32\pmnmjHbc.dll
2008-07-07 10:26 . 2008-07-07 10:26 7,168 --a------ C:\WINDOWS\system32\ddcAttUN.dll
2008-07-07 09:26 . 2008-07-07 09:26 7,168 --a------ C:\WINDOWS\system32\tuvTmKAr.dll
2008-07-07 08:26 . 2008-07-07 08:26 7,168 --a------ C:\WINDOWS\system32\ljJYRKaA.dll
2008-07-06 21:33 . 2008-07-06 21:33 7,168 --a------ C:\WINDOWS\system32\iifcBtqn.dll
2008-07-06 20:33 . 2008-07-06 20:33 7,168 --a------ C:\WINDOWS\system32\khfDsqnm.dll
2008-07-06 19:33 . 2008-07-06 19:33 7,168 --a------ C:\WINDOWS\system32\tuvSjKEw.dll
2008-07-06 18:33 . 2008-07-06 18:33 7,168 --a------ C:\WINDOWS\system32\vtUlijge.dll
2008-07-06 17:33 . 2008-07-06 17:33 7,168 --a------ C:\WINDOWS\system32\hgGyyxVP.dll
2008-07-06 16:33 . 2008-07-06 16:33 7,168 --a------ C:\WINDOWS\system32\awtutsrQ.dll
2008-07-06 15:33 . 2008-07-06 15:33 7,168 --a------ C:\WINDOWS\system32\ljJCrPFx.dll
2008-07-06 14:33 . 2008-07-06 14:33 7,168 --a------ C:\WINDOWS\system32\khfEUnMG.dll
2008-07-06 13:33 . 2008-07-06 13:33 7,168 --a------ C:\WINDOWS\system32\vtUnlmnO.dll
2008-07-06 12:33 . 2008-07-06 12:33 7,168 --a------ C:\WINDOWS\system32\pmnlijii.dll
2008-07-06 11:33 . 2008-07-06 11:33 7,168 --a------ C:\WINDOWS\system32\pmnnNeCV.dll
2008-07-06 10:33 . 2008-07-06 10:33 7,168 --a------ C:\WINDOWS\system32\opnKAqRj.dll
2008-07-06 09:33 . 2008-07-06 09:33 7,168 --a------ C:\WINDOWS\system32\rqRIbyWp.dll
2008-07-06 08:33 . 2008-07-06 08:33 7,168 --a------ C:\WINDOWS\system32\opnkjJaA.dll
2008-07-06 07:33 . 2008-07-06 07:33 7,168 --a------ C:\WINDOWS\system32\xxyaxXpq.dll
2008-07-06 06:33 . 2008-07-06 06:33 7,168 --a------ C:\WINDOWS\system32\xxywWppQ.dll
2008-07-06 05:33 . 2008-07-06 05:33 7,168 --a------ C:\WINDOWS\system32\tuvVOGaw.dll
2008-07-06 04:33 . 2008-07-06 04:33 7,168 --a------ C:\WINDOWS\system32\pmnmkiiG.dll
2008-07-06 03:33 . 2008-07-06 03:33 7,168 --a------ C:\WINDOWS\system32\urqQkihf.dll
2008-07-06 02:33 . 2008-07-06 02:33 7,168 --a------ C:\WINDOWS\system32\cbXPGxvS.dll
2008-07-06 01:33 . 2008-07-06 01:33 7,168 --a------ C:\WINDOWS\system32\cbXNEUKb.dll
2008-07-06 00:33 . 2008-07-06 00:33 7,168 --a------ C:\WINDOWS\system32\jkkLCvVO.dll
2008-07-05 23:33 . 2008-07-05 23:33 7,168 --a------ C:\WINDOWS\system32\tuvVLdeb.dll
2008-07-05 22:33 . 2008-07-05 22:33 7,168 --a------ C:\WINDOWS\system32\efcBUoMe.dll
2008-07-05 21:33 . 2008-07-05 21:33 7,168 --a------ C:\WINDOWS\system32\yaYsponM.dll
2008-07-05 20:33 . 2008-07-05 20:33 7,168 --a------ C:\WINDOWS\system32\efcbyWmJ.dll
2008-07-05 19:33 . 2008-07-05 19:33 7,168 --a------ C:\WINDOWS\system32\iifGXnkJ.dll
2008-07-05 18:33 . 2008-07-05 18:33 7,168 --a------ C:\WINDOWS\system32\rqrpMEvS.dll
2008-07-05 17:33 . 2008-07-05 17:33 7,168 --a------ C:\WINDOWS\system32\efcdbYRk.dll
2008-07-05 16:33 . 2008-07-05 16:33 7,168 --a------ C:\WINDOWS\system32\wvUOHWqp.dll
2008-07-05 15:33 . 2008-07-05 15:33 7,168 --a------ C:\WINDOWS\system32\mlJywtuR.dll
2008-07-05 14:33 . 2008-07-05 14:33 7,168 --a------ C:\WINDOWS\system32\tUlMGAPg.dll
2008-07-05 13:33 . 2008-07-05 13:33 7,168 --a------ C:\WINDOWS\system32\rqRHXoPg.dll
2008-07-05 12:33 . 2008-07-05 12:33 7,168 --a------ C:\WINDOWS\system32\wvUnOhec.dll
2008-07-05 11:33 . 2008-07-05 11:33 7,168 --a------ C:\WINDOWS\system32\qoMeFxXp.dll
2008-07-05 10:33 . 2008-07-05 10:33 7,168 --a------ C:\WINDOWS\system32\qoMdCTJb.dll
2008-07-05 09:33 . 2008-07-05 09:33 7,168 --a------ C:\WINDOWS\system32\opnkjGXN.dll
2008-07-05 08:33 . 2008-07-05 08:33 7,168 --a------ C:\WINDOWS\system32\iifebxwV.dll
2008-07-04 22:42 . 2008-07-04 22:56 <DIR> d-------- C:\Documents and Settings\Gavin\.limewire
2008-07-04 22:41 . 2008-07-04 22:42 <DIR> d-------- C:\Program Files\LimeWire
2008-07-04 22:11 . 2008-07-04 22:11 7,168 --a------ C:\WINDOWS\system32\ljJCssqQ.dll
2008-07-04 22:09 . 2008-07-04 22:09 26,624 --a------ C:\WINDOWS\system32\oggwin.dll
2008-07-01 20:56 . 2008-07-01 20:56 <DIR> d-------- C:\Program Files\BitTorrent
2008-07-01 20:56 . 2008-07-05 08:42 <DIR> d-------- C:\Documents and Settings\Gavin\Application Data\BitTorrent
2008-06-30 18:30 . 2008-06-30 18:30 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-30 18:30 . 2008-06-30 18:30 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-30 18:30 . 2008-06-30 18:30 <DIR> d-------- C:\Program Files\MSBuild
2008-06-30 18:29 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-25 12:24 . 2008-06-25 12:30 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-24 12:16 . 2008-06-25 08:18 <DIR> d-------- C:\Program Files\caws
2008-06-23 17:33 . 2008-06-23 17:34 <DIR> d-------- C:\Program Files\TVUPlayer
2008-06-23 17:33 . 2008-06-23 17:34 <DIR> d-------- C:\Documents and Settings\Gavin\Application Data\TVU networks
2008-06-23 17:33 . 2008-06-23 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-06-22 02:07 . 2008-07-08 12:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\VMware
2008-06-21 17:18 . 2008-07-06 22:23 <DIR> d-------- C:\Documents and Settings\Gavin\Application Data\VMware
2008-06-21 17:17 . 2008-07-08 13:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-21 17:17 . 2008-07-08 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-06-21 17:17 . 2008-05-09 21:05 135,168 --a------ C:\WINDOWS\system32\vmnat.exe
2008-06-21 17:17 . 2008-05-09 21:05 106,496 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2008-06-21 17:17 . 2008-05-09 21:05 15,744 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-06-21 17:17 . 2008-05-09 21:05 9,600 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-06-21 17:17 . 2008-05-09 21:05 5,120 -ra------ C:\WINDOWS\system32\vnetinst.dll
2008-06-21 17:16 . 2008-05-09 21:05 364,631 --a------ C:\WINDOWS\system32\vnetlib.dll
2008-06-21 17:16 . 2008-05-09 21:05 10,240 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2008-06-21 17:16 . 2008-06-21 17:16 1,024 --a------ C:\.rnd
2008-06-21 17:12 . 2008-06-21 17:12 <DIR> d-------- C:\Virtual Machines
2008-06-21 17:12 . 2008-06-21 17:12 <DIR> d-------- C:\Program Files\Common Files\VMware
2008-06-21 17:11 . 2008-06-21 17:11 <DIR> d-------- C:\Program Files\VMware
2008-06-17 16:33 . 2008-06-17 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-12 18:09 . 2008-06-12 18:09 <DIR> d-------- C:\Program Files\Axon Data
2008-06-12 17:34 . 2008-06-12 17:34 <DIR> d-------- C:\Program Files\Encrypt Files
2008-06-12 16:53 . 2008-06-12 16:58 <DIR> d-------- C:\Documents and Settings\Gavin\Application Data\U3
2008-06-11 17:06 . 2008-06-13 23:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 17:06 . 2008-06-13 23:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 03:16 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Vidalia
2008-07-08 03:16 --------- d-----w C:\Documents and Settings\Gavin\Application Data\tor
2008-07-08 03:14 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-07-07 22:19 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-07 22:05 --------- d-----w C:\Program Files\Trend Micro
2008-07-05 01:09 --------- d-----w C:\Documents and Settings\Gavin\Application Data\OpenOffice.org2
2008-07-04 23:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 23:06 --------- d-----w C:\Program Files\ASUS
2008-07-04 12:41 --------- d-----w C:\Documents and Settings\Gavin\Application Data\LimeWire
2008-06-30 08:46 --------- d-----w C:\Program Files\KeePass Password Safe
2008-06-29 10:59 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Azureus
2008-06-17 06:34 --------- d-----w C:\Program Files\QuickTime
2008-06-14 05:23 --------- d-----w C:\Program Files\World of Warcraft
2008-06-05 04:52 --------- d-----w C:\Program Files\Vidalia Bundle
2008-06-03 21:25 --------- d-----w C:\Program Files\Apple Software Update
2008-06-03 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-28 22:51 --------- d-----w C:\Documents and Settings\Gavin\Application Data\gtk-2.0
2008-05-28 03:24 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Acreon
2008-05-20 04:47 47,360 ----a-w C:\Documents and Settings\Gavin\Application Data\pcouffin.sys
2008-05-20 04:47 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Vso
2008-05-20 04:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2008-05-20 04:43 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-16 22:26 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Printer Info Cache
2008-05-16 22:26 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Image Zone Express
2008-05-15 10:00 --------- d-----w C:\Program Files\CCleaner
2008-05-09 11:05 97,152 ----a-w C:\WINDOWS\system32\drivers\vmx86.sys
2008-05-09 11:05 9,216 ----a-w C:\WINDOWS\system32\drivers\vmparport.sys
2008-05-09 11:05 23,296 ----a-w C:\WINDOWS\system32\drivers\vmnetbridge.sys
2008-05-09 11:05 22,016 ----a-w C:\WINDOWS\system32\drivers\hcmon.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2007-05-10 07:46 92,064 ------w C:\Documents and Settings\Gavin\mqdmmdm.sys
2007-05-10 07:46 9,232 ------w C:\Documents and Settings\Gavin\mqdmmdfl.sys
2007-05-10 07:46 79,328 ------w C:\Documents and Settings\Gavin\mqdmserd.sys
2007-05-10 07:46 66,656 ------w C:\Documents and Settings\Gavin\mqdmbus.sys
2007-05-10 07:46 6,208 ------w C:\Documents and Settings\Gavin\mqdmcmnt.sys
2007-05-10 07:46 5,936 ------w C:\Documents and Settings\Gavin\mqdmwhnt.sys
2007-05-10 07:46 4,048 ------w C:\Documents and Settings\Gavin\mqdmcr.sys
2007-05-10 07:46 25,600 ------w C:\Documents and Settings\Gavin\usbsermptxp.sys
2007-05-10 07:46 22,768 ------w C:\Documents and Settings\Gavin\usbsermpt.sys
2004-08-04 12:00 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [2008-02-15 19:38 103760]

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19 204800]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 13:20 190008]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21 147456]
"Dimondback"="C:\Program Files\Razer\Diamondback\razerhid.exe" [2007-01-18 09:48 147456]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2006-11-24 18:41 61440]
"Ai Nap"="C:\Program Files\ASUS\Ai Nap\AiNap.exe" [2006-06-02 14:19 1078272]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2006-05-05 15:28 3680256]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32 81920]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 14:11 122880]
"Virtual Dimension"="C:\Program Files\Virtual Dimension\VirtualDimension.exe" [2005-07-09 19:22 446976]
"TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2008-02-15 19:53 423248]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 14:12 1688872]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-23 07:49 12889088]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-12-17 05:50 492808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-07 20:59 2595480]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-07 21:04 905056]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-07 21:00 140568]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"OTGO11RTM"="WScript.exe" [2004-08-04 22:00 114688 C:\WINDOWS\system32\wscript.exe]
"WD Button Manager"="WDBtnMgr.exe" [2007-11-09 13:26 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-09 10:28:04 113664]
GKrellM (2).lnk - C:\Program Files\GKrellM\gkrellm.exe [2007-08-01 08:03:16 656384]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-21 00:30:54 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-03-24 17:32]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-09-07 21:46]
R2 vmserverdWin32;VMware Registration Service;C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2008-05-09 21:05]
R3 Alpham;Ideazon Fang Composite Keyboard Driver;C:\WINDOWS\system32\DRIVERS\Alpham.sys [2006-03-12 12:11]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-27 17:26]
S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 17:30]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 04:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 06:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - (no file)
ShellExecuteHooks-{88485281-8b4b-4f8d-9ede-82e29a064277} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 13:15:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\Gavin\LOCALS~1\Temp\EFValdation.INI 219 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
.
**************************************************************************
.
Completion time: 2008-07-08 13:19:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-08 03:19:10

Pre-Run: 51,428,007,936 bytes free
Post-Run: 51,407,290,368 bytes free

319 --- E O F --- 2008-06-30 21:42:46
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:49 PM, on 8/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Virtual Dimension\VirtualDimension.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\GKrellM\gkrellm.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OTGO11RTM] WScript.exe //Nologo //B "C:\WINDOWS\system32\OTGO11RTM.vbs"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
O4 - HKCU\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKCU\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKCU\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKCU\..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Nap\AiNap.exe
O4 - HKCU\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKCU\..\Run: [Virtual Dimension] C:\Program Files\Virtual Dimension\VirtualDimension.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GKrellM (2).lnk = C:\Program Files\GKrellM\gkrellm.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FA205E1-27C7-4523-BA22-F332BB447076}: NameServer = 203.24.100.125,202.76.170.40
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 12029 bytes
 
Pls do the following:

First please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a RiskTool; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between good and malicious use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

: Download and Run DSS :

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
 
SmitFraudFix v2.329

Scan done at 14:25:18.92, Tue 08/07/2008
Run from C:\Documents and Settings\Gavin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Virtual Dimension\VirtualDimension.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\GKrellM\gkrellm.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\EVIDEN~1\ee.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gavin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gavin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Gavin\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VMware Virtual Ethernet Adapter for VMnet1
DNS Server Search Order: 192.168.1.254

Description: VMware Virtual Ethernet Adapter for VMnet8
DNS Server Search Order: 192.168.1.254

Description: NVIDIA nForce Networking Controller #3 - Packet Scheduler Miniport
Removed by me as showed ip info.


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Deckard's System Scanner v20071014.68
Run by Gavin on 2008-07-08 14:29:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gavin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:48 PM, on 8/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Virtual Dimension\VirtualDimension.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\GKrellM\gkrellm.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\EVIDEN~1\ee.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gavin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gavin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OTGO11RTM] WScript.exe //Nologo //B "C:\WINDOWS\system32\OTGO11RTM.vbs"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
O4 - HKCU\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKCU\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKCU\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKCU\..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Nap\AiNap.exe
O4 - HKCU\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKCU\..\Run: [Virtual Dimension] C:\Program Files\Virtual Dimension\VirtualDimension.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GKrellM (2).lnk = C:\Program Files\GKrellM\gkrellm.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FA205E1-27C7-4523-BA22-F332BB447076}: NameServer = 203.24.100.125,202.76.170.40
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 12117 bytes

-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-08 14:25:24 3560 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-08 13:04:32 68096 --a------ C:\WINDOWS\zip.exe
2008-07-08 13:04:32 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-08 13:04:32 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-08 13:04:32 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-08 13:04:32 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-08 13:04:32 98816 --a------ C:\WINDOWS\sed.exe
2008-07-08 13:04:32 80412 --a------ C:\WINDOWS\grep.exe
2008-07-08 13:04:32 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-08 12:58:46 7168 --a------ C:\WINDOWS\system32\cbXoOfee.dll
2008-07-08 07:51:12 7168 --a------ C:\WINDOWS\system32\hgGaaBsS.dll
2008-07-07 23:26:44 7168 --a------ C:\WINDOWS\system32\mlJBUMDU.dll
2008-07-07 22:26:44 7168 --a------ C:\WINDOWS\system32\ssqOGwUN.dll
2008-07-07 21:26:43 7168 --a------ C:\WINDOWS\system32\tuvVLBUn.dll
2008-07-07 20:26:42 7168 --a------ C:\WINDOWS\system32\ddcYSIXn.dll
2008-07-07 19:26:40 7168 --a------ C:\WINDOWS\system32\khfFYOge.dll
2008-07-07 18:26:40 7168 --a------ C:\WINDOWS\system32\nnnkHxWM.dll
2008-07-07 17:26:38 7168 --a------ C:\WINDOWS\system32\wvUmKCtS.dll
2008-07-07 16:26:37 7168 --a------ C:\WINDOWS\system32\xxywVlIX.dll
2008-07-07 15:26:51 7168 --a------ C:\WINDOWS\system32\ssqOICSi.dll
2008-07-07 14:26:35 7168 --a------ C:\WINDOWS\system32\ssqOGayA.dll
2008-07-07 13:26:35 7168 --a------ C:\WINDOWS\system32\ddcYsPjg.dll
2008-07-07 12:26:34 7168 --a------ C:\WINDOWS\system32\efcDUOhF.dll
2008-07-07 11:26:33 7168 --a------ C:\WINDOWS\system32\pmnmjHbc.dll
2008-07-07 10:26:32 7168 --a------ C:\WINDOWS\system32\ddcAttUN.dll
2008-07-07 09:26:30 7168 --a------ C:\WINDOWS\system32\tuvTmKAr.dll
2008-07-07 08:26:31 7168 --a------ C:\WINDOWS\system32\ljJYRKaA.dll
2008-07-06 21:33:42 7168 --a------ C:\WINDOWS\system32\iifcBtqn.dll
2008-07-06 20:33:40 7168 --a------ C:\WINDOWS\system32\khfDsqnm.dll
2008-07-06 19:33:40 7168 --a------ C:\WINDOWS\system32\tuvSjKEw.dll
2008-07-06 18:33:39 7168 --a------ C:\WINDOWS\system32\vtUlijge.dll
2008-07-06 17:33:50 7168 --a------ C:\WINDOWS\system32\hgGyyxVP.dll
2008-07-06 16:33:36 7168 --a------ C:\WINDOWS\system32\awtutsrQ.dll
2008-07-06 15:33:39 7168 --a------ C:\WINDOWS\system32\ljJCrPFx.dll
2008-07-06 14:33:34 7168 --a------ C:\WINDOWS\system32\khfEUnMG.dll
2008-07-06 13:33:34 7168 --a------ C:\WINDOWS\system32\vtUnlmnO.dll
2008-07-06 12:33:44 7168 --a------ C:\WINDOWS\system32\pmnlijii.dll
2008-07-06 11:33:39 7168 --a------ C:\WINDOWS\system32\pmnnNeCV.dll
2008-07-06 10:33:29 7168 --a------ C:\WINDOWS\system32\opnKAqRj.dll
2008-07-06 09:33:35 7168 --a------ C:\WINDOWS\system32\rqRIbyWp.dll
2008-07-06 08:33:35 7168 --a------ C:\WINDOWS\system32\opnkjJaA.dll
2008-07-06 07:33:28 7168 --a------ C:\WINDOWS\system32\xxyaxXpq.dll
2008-07-06 06:33:28 7168 --a------ C:\WINDOWS\system32\xxywWppQ.dll
2008-07-06 05:33:26 7168 --a------ C:\WINDOWS\system32\tuvVOGaw.dll
2008-07-06 04:33:25 7168 --a------ C:\WINDOWS\system32\pmnmkiiG.dll
2008-07-06 03:33:24 7168 --a------ C:\WINDOWS\system32\urqQkihf.dll
2008-07-06 02:33:22 7168 --a------ C:\WINDOWS\system32\cbXPGxvS.dll
2008-07-06 01:33:22 7168 --a------ C:\WINDOWS\system32\cbXNEUKb.dll
2008-07-06 00:33:21 7168 --a------ C:\WINDOWS\system32\jkkLCvVO.dll
2008-07-05 23:33:20 7168 --a------ C:\WINDOWS\system32\tuvVLdeb.dll
2008-07-05 22:33:18 7168 --a------ C:\WINDOWS\system32\efcBUoMe.dll
2008-07-05 21:33:18 7168 --a------ C:\WINDOWS\system32\yaYsponM.dll
2008-07-05 20:33:18 7168 --a------ C:\WINDOWS\system32\efcbyWmJ.dll
2008-07-05 19:33:16 7168 --a------ C:\WINDOWS\system32\iifGXnkJ.dll
2008-07-05 18:33:18 7168 --a------ C:\WINDOWS\system32\rqrpMEvS.dll
2008-07-05 17:33:14 7168 --a------ C:\WINDOWS\system32\efcdbYRk.dll
2008-07-05 16:33:13 7168 --a------ C:\WINDOWS\system32\wvUOHWqp.dll
2008-07-05 15:33:12 7168 --a------ C:\WINDOWS\system32\mlJywtuR.dll
2008-07-05 14:33:11 7168 --a------ C:\WINDOWS\system32\tUlMGAPg.dll
2008-07-05 13:33:09 7168 --a------ C:\WINDOWS\system32\rqRHXoPg.dll
2008-07-05 12:33:08 7168 --a------ C:\WINDOWS\system32\wvUnOhec.dll
2008-07-05 11:33:08 7168 --a------ C:\WINDOWS\system32\qoMeFxXp.dll
2008-07-05 10:33:10 7168 --a------ C:\WINDOWS\system32\qoMdCTJb.dll
2008-07-05 09:33:06 7168 --a------ C:\WINDOWS\system32\opnkjGXN.dll
2008-07-05 09:09:55 0 dr-h----- C:\Documents and Settings\Gavin\Recent
2008-07-05 08:33:11 7168 --a------ C:\WINDOWS\system32\iifebxwV.dll
2008-07-04 22:42:04 0 d-------- C:\Documents and Settings\Gavin\.limewire
2008-07-04 22:41:57 0 d-------- C:\Program Files\LimeWire
2008-07-04 22:11:41 7168 --a------ C:\WINDOWS\system32\ljJCssqQ.dll
2008-07-04 22:09:01 26624 --a------ C:\WINDOWS\system32\oggwin.dll
2008-07-01 20:56:28 0 d-------- C:\Documents and Settings\Gavin\Application Data\BitTorrent
2008-07-01 20:56:17 0 d-------- C:\Program Files\BitTorrent
2008-06-30 18:30:25 0 d-------- C:\Program Files\MSBuild
2008-06-30 18:30:21 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-06-30 18:30:17 0 d-------- C:\Program Files\Reference Assemblies
2008-06-25 12:24:55 0 d-------- C:\Program Files\Common Files\Real
2008-06-25 12:24:53 0 d-------- C:\Documents and Settings\Gavin\Application Data\Real
2008-06-24 12:16:22 0 d-------- C:\Program Files\caws
2008-06-23 17:33:50 0 d-------- C:\Documents and Settings\Gavin\Application Data\TVU networks
2008-06-23 17:33:50 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-06-23 17:33:44 0 d-------- C:\Program Files\TVUPlayer
2008-06-21 17:18:59 0 d-------- C:\Documents and Settings\Gavin\Application Data\VMware
2008-06-21 17:17:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-21 17:17:08 106496 --a------ C:\WINDOWS\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Server>
2008-06-21 17:17:05 0 d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-06-21 17:17:04 135168 --a------ C:\WINDOWS\system32\vmnat.exe <Not Verified; VMware, Inc.; VMware Server>
2008-06-21 17:17:04 15744 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys <Not Verified; VMware, Inc.; VMware network application interface driver (32-bit)>
2008-06-21 17:16:55 364631 --a------ C:\WINDOWS\system32\vnetlib.dll <Not Verified; VMware, Inc.; VMware Server>
2008-06-21 17:12:15 0 d-------- C:\Virtual Machines
2008-06-21 17:12:15 0 d-------- C:\Program Files\Common Files\VMware
2008-06-21 17:11:34 0 d-------- C:\Program Files\VMware
2008-06-17 16:33:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-17 07:46:36 0 d-------- C:\Documents and Settings\Gavin\Application Data\WinRAR
2008-06-12 18:09:16 0 d-------- C:\Program Files\Axon Data
2008-06-12 17:34:43 0 d-------- C:\Program Files\Encrypt Files
2008-06-12 16:53:40 0 d-------- C:\Documents and Settings\Gavin\Application Data\U3


-- Find3M Report ---------------------------------------------------------------

2008-07-08 13:40:35 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-08 13:29:26 0 d-------- C:\Documents and Settings\Gavin\Application Data\tor
2008-07-08 13:16:06 0 d-------- C:\Documents and Settings\Gavin\Application Data\Vidalia
2008-07-08 08:05:49 0 d-------- C:\Program Files\Trend Micro
2008-07-05 11:09:46 0 d-------- C:\Documents and Settings\Gavin\Application Data\OpenOffice.org2
2008-07-05 09:06:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-05 09:06:24 0 d-------- C:\Program Files\ASUS
2008-07-04 22:41:26 0 d-------- C:\Documents and Settings\Gavin\Application Data\LimeWire
2008-06-30 18:46:45 0 d-------- C:\Program Files\KeePass Password Safe
2008-06-30 17:33:52 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>
2008-06-30 17:33:52 53248 --a------ C:\WINDOWS\system32\Kdfhok.dll <Not Verified; Kings Information & Network; Kings kdfhok>
2008-06-30 17:33:52 77824 --a------ C:\WINDOWS\system32\kdfapi.dll <Not Verified; Kings Information & Network; lab kdfapi>
2008-06-29 20:59:40 0 d-------- C:\Documents and Settings\Gavin\Application Data\Azureus
2008-06-25 12:30:08 0 d-------- C:\Program Files\Common Files
2008-06-18 07:41:02 0 d-------- C:\Documents and Settings\Gavin\Application Data\Mozilla
2008-06-17 16:34:03 0 d-------- C:\Program Files\QuickTime
2008-06-14 15:23:30 0 d-------- C:\Program Files\World of Warcraft
2008-06-05 14:52:35 0 d-------- C:\Program Files\Vidalia Bundle
2008-06-04 07:25:28 0 d-------- C:\Program Files\Apple Software Update
2008-05-29 08:51:52 0 d-------- C:\Documents and Settings\Gavin\Application Data\gtk-2.0
2008-05-28 13:24:01 0 d-------- C:\Documents and Settings\Gavin\Application Data\Acreon
2008-05-20 14:47:38 0 d-------- C:\Documents and Settings\Gavin\Application Data\Vso
2008-05-20 14:47:37 47360 --a------ C:\Documents and Settings\Gavin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-20 14:47:37 55 --a------ C:\Documents and Settings\Gavin\Application Data\pcouffin.log
2008-05-20 14:47:37 1144 --a------ C:\Documents and Settings\Gavin\Application Data\pcouffin.inf
2008-05-20 14:47:37 7887 --a------ C:\Documents and Settings\Gavin\Application Data\pcouffin.cat
2008-05-17 08:26:54 0 d-------- C:\Documents and Settings\Gavin\Application Data\Printer Info Cache
2008-05-17 08:26:53 0 d-------- C:\Documents and Settings\Gavin\Application Data\Image Zone Express
2008-05-15 20:00:00 0 d-------- C:\Program Files\CCleaner
2008-05-09 21:05:40 37888 --a------ C:\WINDOWS\system32\vmnetbridge.dll <Not Verified; VMware, Inc.; VMware Network Driver>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
15/02/2008 07:38 PM 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [05/12/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"OTGO11RTM"="WScript.exe" [04/08/2004 10:00 PM C:\WINDOWS\system32\wscript.exe]
"WD Button Manager"="WDBtnMgr.exe" [09/11/2007 01:26 PM C:\WINDOWS\system32\WDBtnMgr.exe]
"CTHelper"="CTHELPER.EXE" [17/08/2006 11:32 AM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [17/08/2006 11:32 AM C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11/05/2000 01:00 AM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/07/2007 04:02 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41 AM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [16/02/2008 12:56 AM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [07/09/2007 08:59 PM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [07/09/2007 09:04 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [07/09/2007 09:00 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 02:21 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/07/2007 04:06 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [09/11/2006 10:19 AM]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [18/01/2007 01:20 PM]
"razer"="C:\Program Files\Razer\razerhid.exe" [17/05/2005 06:21 PM]
"Dimondback"="C:\Program Files\Razer\Diamondback\razerhid.exe" [18/01/2007 09:48 AM]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [24/11/2006 06:41 PM]
"Ai Nap"="C:\Program Files\ASUS\Ai Nap\AiNap.exe" [02/06/2006 02:19 PM]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [05/05/2006 03:28 PM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [03/07/2007 12:32 PM]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [13/07/2006 02:11 PM]
"Virtual Dimension"="C:\Program Files\Virtual Dimension\VirtualDimension.exe" [09/07/2005 07:22 PM]
"TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [15/02/2008 07:53 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [14/01/2008 02:12 PM]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [23/11/2007 07:49 AM]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [17/12/2007 05:50 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/03/2008 10:28:04 AM]
GKrellM (2).lnk - C:\Program Files\GKrellM\gkrellm.exe [1/08/2007 8:03:16 AM]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [21/11/2006 12:30:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-08 14:30:16 ------------
 
Cohen.

I think the original problem is fixed. I have removed all the stuff I downloaded around the time I started to have problems. After rebooting I can now use explorer without the pop up appearing and trying to open a web page. I am going to have to find out what half of the windows files do (why can't windows be simple like linux) to see if I need them or not and to see if they need to be started at the start. Thanks for your help. I'll file all these utilities programs for just incase.
 
OK, well i tried all the things i can think of, i'll forward this on to one of the higher pros in this and get them to help you.

But at least it is fixed for now,
 
There are a large number of infected files remaining.
  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\system32\cbXoOfee.dll
C:\WINDOWS\system32\hgGaaBsS.dll
C:\WINDOWS\system32\mlJBUMDU.dll
C:\WINDOWS\system32\ssqOGwUN.dll
C:\WINDOWS\system32\tuvVLBUn.dll
C:\WINDOWS\system32\ddcYSIXn.dll
C:\WINDOWS\system32\khfFYOge.dll
C:\WINDOWS\system32\nnnkHxWM.dll
C:\WINDOWS\system32\wvUmKCtS.dll
C:\WINDOWS\system32\xxywVlIX.dll
C:\WINDOWS\system32\ssqOICSi.dll
C:\WINDOWS\system32\ssqOGayA.dll
C:\WINDOWS\system32\ddcYsPjg.dll
C:\WINDOWS\system32\efcDUOhF.dll
C:\WINDOWS\system32\pmnmjHbc.dll
C:\WINDOWS\system32\ddcAttUN.dll
C:\WINDOWS\system32\tuvTmKAr.dll
C:\WINDOWS\system32\ljJYRKaA.dll
C:\WINDOWS\system32\iifcBtqn.dll
C:\WINDOWS\system32\khfDsqnm.dll
C:\WINDOWS\system32\tuvSjKEw.dll
C:\WINDOWS\system32\vtUlijge.dll
C:\WINDOWS\system32\hgGyyxVP.dll
C:\WINDOWS\system32\awtutsrQ.dll
C:\WINDOWS\system32\ljJCrPFx.dll
C:\WINDOWS\system32\khfEUnMG.dll
C:\WINDOWS\system32\vtUnlmnO.dll
C:\WINDOWS\system32\pmnlijii.dll
C:\WINDOWS\system32\pmnnNeCV.dll
C:\WINDOWS\system32\opnKAqRj.dll
C:\WINDOWS\system32\rqRIbyWp.dll
C:\WINDOWS\system32\opnkjJaA.dll
C:\WINDOWS\system32\xxyaxXpq.dll
C:\WINDOWS\system32\xxywWppQ.dll
C:\WINDOWS\system32\tuvVOGaw.dll
C:\WINDOWS\system32\pmnmkiiG.dll
C:\WINDOWS\system32\urqQkihf.dll
C:\WINDOWS\system32\cbXPGxvS.dll
C:\WINDOWS\system32\cbXNEUKb.dll
C:\WINDOWS\system32\jkkLCvVO.dll
C:\WINDOWS\system32\tuvVLdeb.dll
C:\WINDOWS\system32\efcBUoMe.dll
C:\WINDOWS\system32\yaYsponM.dll
C:\WINDOWS\system32\efcbyWmJ.dll
C:\WINDOWS\system32\iifGXnkJ.dll
C:\WINDOWS\system32\rqrpMEvS.dll
C:\WINDOWS\system32\efcdbYRk.dll
C:\WINDOWS\system32\wvUOHWqp.dll
C:\WINDOWS\system32\mlJywtuR.dll
C:\WINDOWS\system32\tUlMGAPg.dll
C:\WINDOWS\system32\rqRHXoPg.dll
C:\WINDOWS\system32\wvUnOhec.dll
C:\WINDOWS\system32\qoMeFxXp.dll
C:\WINDOWS\system32\qoMdCTJb.dll
C:\WINDOWS\system32\opnkjGXN.dll
C:\WINDOWS\system32\iifebxwV.dll
C:\WINDOWS\system32\ljJCssqQ.dll
C:\WINDOWS\system32\oggwin.dll
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

C:\WINDOWS\system32\OTGO11RTM.vbs

Then click Send File. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If that scanner is busy, please use this one: http://virusscan.jotti.org

Please post
  • The ComboFix log
  • A new HijackThis log
  • The VirusTotal or Jotti results
 
ComboFix 08-07-05.1 - Gavin 2008-07-08 19:47:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2172 [GMT 10:00]
Running from: C:\Documents and Settings\Gavin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gavin\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\awtutsrQ.dll
C:\WINDOWS\system32\cbXNEUKb.dll
C:\WINDOWS\system32\cbXoOfee.dll
C:\WINDOWS\system32\cbXPGxvS.dll
C:\WINDOWS\system32\ddcAttUN.dll
C:\WINDOWS\system32\ddcYSIXn.dll
C:\WINDOWS\system32\ddcYsPjg.dll
C:\WINDOWS\system32\efcBUoMe.dll
C:\WINDOWS\system32\efcbyWmJ.dll
C:\WINDOWS\system32\efcdbYRk.dll
C:\WINDOWS\system32\efcDUOhF.dll
C:\WINDOWS\system32\hgGaaBsS.dll
C:\WINDOWS\system32\hgGyyxVP.dll
C:\WINDOWS\system32\iifcBtqn.dll
C:\WINDOWS\system32\iifebxwV.dll
C:\WINDOWS\system32\iifGXnkJ.dll
C:\WINDOWS\system32\jkkLCvVO.dll
C:\WINDOWS\system32\khfDsqnm.dll
C:\WINDOWS\system32\khfEUnMG.dll
C:\WINDOWS\system32\khfFYOge.dll
C:\WINDOWS\system32\ljJCrPFx.dll
C:\WINDOWS\system32\ljJCssqQ.dll
C:\WINDOWS\system32\ljJYRKaA.dll
C:\WINDOWS\system32\mlJBUMDU.dll
C:\WINDOWS\system32\mlJywtuR.dll
C:\WINDOWS\system32\nnnkHxWM.dll
C:\WINDOWS\system32\oggwin.dll
C:\WINDOWS\system32\opnKAqRj.dll
C:\WINDOWS\system32\opnkjGXN.dll
C:\WINDOWS\system32\opnkjJaA.dll
C:\WINDOWS\system32\pmnlijii.dll
C:\WINDOWS\system32\pmnmjHbc.dll
C:\WINDOWS\system32\pmnmkiiG.dll
C:\WINDOWS\system32\pmnnNeCV.dll
C:\WINDOWS\system32\qoMdCTJb.dll
C:\WINDOWS\system32\qoMeFxXp.dll
C:\WINDOWS\system32\rqRHXoPg.dll
C:\WINDOWS\system32\rqRIbyWp.dll
C:\WINDOWS\system32\rqrpMEvS.dll
C:\WINDOWS\system32\ssqOGayA.dll
C:\WINDOWS\system32\ssqOGwUN.dll
C:\WINDOWS\system32\ssqOICSi.dll
C:\WINDOWS\system32\tUlMGAPg.dll
C:\WINDOWS\system32\tuvSjKEw.dll
C:\WINDOWS\system32\tuvTmKAr.dll
C:\WINDOWS\system32\tuvVLBUn.dll
C:\WINDOWS\system32\tuvVLdeb.dll
C:\WINDOWS\system32\tuvVOGaw.dll
C:\WINDOWS\system32\urqQkihf.dll
C:\WINDOWS\system32\vtUlijge.dll
C:\WINDOWS\system32\vtUnlmnO.dll
C:\WINDOWS\system32\wvUmKCtS.dll
C:\WINDOWS\system32\wvUnOhec.dll
C:\WINDOWS\system32\wvUOHWqp.dll
C:\WINDOWS\system32\xxyaxXpq.dll
C:\WINDOWS\system32\xxywVlIX.dll
C:\WINDOWS\system32\xxywWppQ.dll
C:\WINDOWS\system32\yaYsponM.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtutsrQ.dll
C:\WINDOWS\system32\cbXNEUKb.dll
C:\WINDOWS\system32\cbXoOfee.dll
C:\WINDOWS\system32\cbXPGxvS.dll
C:\WINDOWS\system32\ddcAttUN.dll
C:\WINDOWS\system32\ddcYSIXn.dll
C:\WINDOWS\system32\ddcYsPjg.dll
C:\WINDOWS\system32\efcBUoMe.dll
C:\WINDOWS\system32\efcbyWmJ.dll
C:\WINDOWS\system32\efcdbYRk.dll
C:\WINDOWS\system32\efcDUOhF.dll
C:\WINDOWS\system32\hgGaaBsS.dll
C:\WINDOWS\system32\hgGyyxVP.dll
C:\WINDOWS\system32\iifcBtqn.dll
C:\WINDOWS\system32\iifebxwV.dll
C:\WINDOWS\system32\iifGXnkJ.dll
C:\WINDOWS\system32\jkkLCvVO.dll
C:\WINDOWS\system32\khfDsqnm.dll
C:\WINDOWS\system32\khfEUnMG.dll
C:\WINDOWS\system32\khfFYOge.dll
C:\WINDOWS\system32\ljJCrPFx.dll
C:\WINDOWS\system32\ljJCssqQ.dll
C:\WINDOWS\system32\ljJYRKaA.dll
C:\WINDOWS\system32\mlJBUMDU.dll
C:\WINDOWS\system32\mlJywtuR.dll
C:\WINDOWS\system32\nnnkHxWM.dll
C:\WINDOWS\system32\oggwin.dll
C:\WINDOWS\system32\opnKAqRj.dll
C:\WINDOWS\system32\opnkjGXN.dll
C:\WINDOWS\system32\opnkjJaA.dll
C:\WINDOWS\system32\pmnlijii.dll
C:\WINDOWS\system32\pmnmjHbc.dll
C:\WINDOWS\system32\pmnmkiiG.dll
C:\WINDOWS\system32\pmnnNeCV.dll
C:\WINDOWS\system32\qoMdCTJb.dll
C:\WINDOWS\system32\qoMeFxXp.dll
C:\WINDOWS\system32\rqRHXoPg.dll
C:\WINDOWS\system32\rqRIbyWp.dll
C:\WINDOWS\system32\rqrpMEvS.dll
C:\WINDOWS\system32\ssqOGayA.dll
C:\WINDOWS\system32\ssqOGwUN.dll
C:\WINDOWS\system32\ssqOICSi.dll
C:\WINDOWS\system32\tUlMGAPg.dll
C:\WINDOWS\system32\tuvSjKEw.dll
C:\WINDOWS\system32\tuvTmKAr.dll
C:\WINDOWS\system32\tuvVLBUn.dll
C:\WINDOWS\system32\tuvVLdeb.dll
C:\WINDOWS\system32\tuvVOGaw.dll
C:\WINDOWS\system32\urqQkihf.dll
C:\WINDOWS\system32\vtUlijge.dll
C:\WINDOWS\system32\vtUnlmnO.dll
C:\WINDOWS\system32\wvUmKCtS.dll
C:\WINDOWS\system32\wvUnOhec.dll
C:\WINDOWS\system32\wvUOHWqp.dll
C:\WINDOWS\system32\xxyaxXpq.dll
C:\WINDOWS\system32\xxywVlIX.dll
C:\WINDOWS\system32\xxywWppQ.dll
C:\WINDOWS\system32\yaYsponM.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-08 14:25 . 2008-07-08 14:25 3,560 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-08 08:38 . 2008-07-08 08:38 <DIR> d-------- C:\Deckard
2008-07-04 22:42 . 2008-07-04 22:56 <DIR> d-------- C:\Documents and Settings\Gavin\.limewire
2008-07-04 22:41 . 2008-07-04 22:42 <DIR> d-------- C:\Program Files\LimeWire
2008-07-01 20:56 . 2008-07-01 20:56 <DIR> d-------- C:\Program Files\BitTorrent
2008-07-01 20:56 . 2008-07-05 08:42 <DIR> d-------- C:\Documents and Settings\Gavin\Application Data\BitTorrent
2008-06-30 18:30 . 2008-06-30 18:30 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-30 18:30 . 2008-06-30 18:30 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-30 18:30 . 2008-06-30 18:30 <DIR> d-------- C:\Program Files\MSBuild
2008-06-30 18:29 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-25 12:24 . 2008-06-25 12:30 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-24 12:16 . 2008-06-25 08:18 <DIR> d-------- C:\Program Files\caws
2008-06-23 17:33 . 2008-06-23 17:34 <DIR> d-------- C:\Program Files\TVUPlayer
2008-06-23 17:33 . 2008-06-23 17:34 <DIR> d-------- C:\Documents and Settings\Gavin\Application Data\TVU networks
2008-06-23 17:33 . 2008-06-23 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-06-22 02:07 . 2008-07-08 19:56 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\VMware
2008-06-21 17:18 . 2008-07-06 22:23 <DIR> d-------- C:\Documents and Settings\Gavin\Application Data\VMware
2008-06-21 17:17 . 2008-07-08 19:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-21 17:17 . 2008-07-08 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-06-21 17:17 . 2008-05-09 21:05 135,168 --a------ C:\WINDOWS\system32\vmnat.exe
2008-06-21 17:17 . 2008-05-09 21:05 106,496 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2008-06-21 17:17 . 2008-05-09 21:05 15,744 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-06-21 17:17 . 2008-05-09 21:05 9,600 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-06-21 17:17 . 2008-05-09 21:05 5,120 -ra------ C:\WINDOWS\system32\vnetinst.dll
2008-06-21 17:16 . 2008-05-09 21:05 364,631 --a------ C:\WINDOWS\system32\vnetlib.dll
2008-06-21 17:16 . 2008-05-09 21:05 10,240 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2008-06-21 17:16 . 2008-06-21 17:16 1,024 --a------ C:\.rnd
2008-06-21 17:12 . 2008-06-21 17:12 <DIR> d-------- C:\Virtual Machines
2008-06-21 17:12 . 2008-06-21 17:12 <DIR> d-------- C:\Program Files\Common Files\VMware
2008-06-21 17:11 . 2008-06-21 17:11 <DIR> d-------- C:\Program Files\VMware
2008-06-17 16:33 . 2008-06-17 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-12 18:09 . 2008-06-12 18:09 <DIR> d-------- C:\Program Files\Axon Data
2008-06-12 17:34 . 2008-06-12 17:34 <DIR> d-------- C:\Program Files\Encrypt Files
2008-06-12 16:53 . 2008-06-12 16:58 <DIR> d-------- C:\Documents and Settings\Gavin\Application Data\U3
2008-06-11 17:06 . 2008-06-13 23:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 17:06 . 2008-06-13 23:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 09:54 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-07-08 09:51 --------- d-----w C:\Documents and Settings\Gavin\Application Data\tor
2008-07-08 08:48 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-08 08:08 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Vidalia
2008-07-07 22:05 --------- d-----w C:\Program Files\Trend Micro
2008-07-05 01:09 --------- d-----w C:\Documents and Settings\Gavin\Application Data\OpenOffice.org2
2008-07-04 23:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 23:06 --------- d-----w C:\Program Files\ASUS
2008-07-04 12:41 --------- d-----w C:\Documents and Settings\Gavin\Application Data\LimeWire
2008-06-30 08:46 --------- d-----w C:\Program Files\KeePass Password Safe
2008-06-30 07:33 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll
2008-06-30 07:33 722,472 ----a-w C:\WINDOWS\system32\kdfmgr.exe
2008-06-30 07:33 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll
2008-06-30 07:33 192,512 ----a-w C:\WINDOWS\system32\kdfvmgr.exe
2008-06-29 10:59 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Azureus
2008-06-17 06:34 --------- d-----w C:\Program Files\QuickTime
2008-06-14 05:23 --------- d-----w C:\Program Files\World of Warcraft
2008-06-05 04:52 --------- d-----w C:\Program Files\Vidalia Bundle
2008-06-03 21:25 --------- d-----w C:\Program Files\Apple Software Update
2008-06-03 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-28 22:51 --------- d-----w C:\Documents and Settings\Gavin\Application Data\gtk-2.0
2008-05-28 03:24 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Acreon
2008-05-20 04:47 47,360 ----a-w C:\Documents and Settings\Gavin\Application Data\pcouffin.sys
2008-05-20 04:47 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Vso
2008-05-20 04:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2008-05-20 04:43 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-16 22:26 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Printer Info Cache
2008-05-16 22:26 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Image Zone Express
2008-05-15 10:00 --------- d-----w C:\Program Files\CCleaner
2008-05-09 11:05 97,152 ----a-w C:\WINDOWS\system32\drivers\vmx86.sys
2008-05-09 11:05 9,216 ----a-w C:\WINDOWS\system32\drivers\vmparport.sys
2008-05-09 11:05 37,888 ----a-w C:\WINDOWS\system32\vmnetbridge.dll
2008-05-09 11:05 23,296 ----a-w C:\WINDOWS\system32\drivers\vmnetbridge.sys
2008-05-09 11:05 22,016 ----a-w C:\WINDOWS\system32\drivers\hcmon.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-05-10 07:46 92,064 ------w C:\Documents and Settings\Gavin\mqdmmdm.sys
2007-05-10 07:46 9,232 ------w C:\Documents and Settings\Gavin\mqdmmdfl.sys
2007-05-10 07:46 79,328 ------w C:\Documents and Settings\Gavin\mqdmserd.sys
2007-05-10 07:46 66,656 ------w C:\Documents and Settings\Gavin\mqdmbus.sys
2007-05-10 07:46 6,208 ------w C:\Documents and Settings\Gavin\mqdmcmnt.sys
2007-05-10 07:46 5,936 ------w C:\Documents and Settings\Gavin\mqdmwhnt.sys
2007-05-10 07:46 4,048 ------w C:\Documents and Settings\Gavin\mqdmcr.sys
2007-05-10 07:46 25,600 ------w C:\Documents and Settings\Gavin\usbsermptxp.sys
2007-05-10 07:46 22,768 ------w C:\Documents and Settings\Gavin\usbsermpt.sys
2004-08-04 12:00 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-08_13.18.53.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 03:14:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 09:54:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 09:55:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_930.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [2008-02-15 19:38 103760]

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19 204800]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 13:20 190008]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21 147456]
"Dimondback"="C:\Program Files\Razer\Diamondback\razerhid.exe" [2007-01-18 09:48 147456]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2006-11-24 18:41 61440]
"Ai Nap"="C:\Program Files\ASUS\Ai Nap\AiNap.exe" [2006-06-02 14:19 1078272]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2006-05-05 15:28 3680256]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32 81920]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 14:11 122880]
"Virtual Dimension"="C:\Program Files\Virtual Dimension\VirtualDimension.exe" [2005-07-09 19:22 446976]
"TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2008-02-15 19:53 423248]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 14:12 1688872]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-23 07:49 12889088]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-12-17 05:50 492808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-07 20:59 2595480]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-07 21:04 905056]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-07 21:00 140568]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"OTGO11RTM"="WScript.exe" [2004-08-04 22:00 114688 C:\WINDOWS\system32\wscript.exe]
"WD Button Manager"="WDBtnMgr.exe" [2007-11-09 13:26 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-09 10:28:04 113664]
GKrellM (2).lnk - C:\Program Files\GKrellM\gkrellm.exe [2007-08-01 08:03:16 656384]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-21 00:30:54 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-03-24 17:32]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-09-07 21:46]
R2 vmserverdWin32;VMware Registration Service;C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2008-05-09 21:05]
R3 Alpham;Ideazon Fang Composite Keyboard Driver;C:\WINDOWS\system32\DRIVERS\Alpham.sys [2006-03-12 12:11]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-27 17:26]
S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 17:30]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 04:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-07-08 06:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 19:56:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
.
**************************************************************************
.
Completion time: 2008-07-08 19:59:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-08 09:59:39
ComboFix2.txt 2008-07-08 03:19:19

Pre-Run: 51,412,041,728 bytes free
Post-Run: 51,424,845,824 bytes free

384 --- E O F --- 2008-06-30 21:42:46
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:08 PM, on 8/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Virtual Dimension\VirtualDimension.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\GKrellM\gkrellm.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OTGO11RTM] WScript.exe //Nologo //B "C:\WINDOWS\system32\OTGO11RTM.vbs"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
O4 - HKCU\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKCU\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKCU\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKCU\..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Nap\AiNap.exe
O4 - HKCU\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKCU\..\Run: [Virtual Dimension] C:\Program Files\Virtual Dimension\VirtualDimension.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GKrellM (2).lnk = C:\Program Files\GKrellM\gkrellm.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FA205E1-27C7-4523-BA22-F332BB447076}: NameServer = 203.24.100.125,202.76.170.40
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 12051 bytes
 
File: OTGO11RTM.vbs
Status:
OK
MD5: 5afdda73cb256e5a45b5dfb0905dd4f6
Packers detected:
-
Scanner results
Scan taken on 08 Jul 2008 10:07:24 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
 
You must log in or register to reply here.
Back
Top