Nasty Bug ... Need A Bit Of Help [Archive] - The PC Guide Discussion Forums

View Full Version : Nasty Bug ... Need A Bit Of Help

binary_10essee

03-05-2008, 02:07 PM

Well, I've been having a problem with my computer for a while now. I haven't been able to do anything about it until now. I believe I'm getting rid of it slowly, but it's still giving me problems.

First, my computer started acting strange. I was seeing sluggish performance, the CPU was almost constantly at 100% usage, I had several strange processes running, and several (seemingly) randomly-named files on my system.

Just a few days ago, my anti-virus (Panda Titanium Anti-Virus + Firewall 2008) started showing "Recommendation: Reinstall the communications library (LSP)". When I click on it, it does nothing. It also has automatic protection errored out, as well as a few other things.

Also, my Windows Taskbar will not show up. It's at the bottom of the screen, but I cannot drag it up to see it, even with auto-hide turned off. If I press the Windows Logo key on the keyboard the Start Menu does not show up.

When I go to Control Panel, and try to view "Network Connections", it shows an empty list. I'm supposed to have one dial-up connection as well as the Local Area Connection. I'm on DSL. I can get online, but I cannot view the connection whatsoever.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:47:31 AM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [url]http://lads.myspace.com/upload/MySpaceUploader1005.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181931415677[/url]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

--
End of file - 6593 bytes

Any help is appreciated. Thanks in advance,
Matt U.

P.S.
I am using Windows XP Professional SP2 with 1GB RAM and a 80GB HDD.

binary_10essee

03-05-2008, 02:09 PM

ComboFix 08-03-05.1 - Effektz 2008-03-05 11:22:28.1 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
C:\Program Files\Ares\Ares .exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE
C:\temp\tn3
C:\WINDOWS\BM6fe9cba0.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abassflo.dll
C:\WINDOWS\system32\ajcvhxir.ini
C:\WINDOWS\system32\bhcjnwto.ini
C:\WINDOWS\system32\bmcymhfw.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ckbhpkrm.ini
C:\WINDOWS\system32\dgxntiwe.dll
C:\WINDOWS\system32\dqadeupd.dll
C:\WINDOWS\system32\dqpnxira.dll
C:\WINDOWS\system32\drivers\nwlnkipxx.sys
C:\WINDOWS\system32\elnuqjnx.ini
C:\WINDOWS\system32\evrsyclw.ini
C:\WINDOWS\system32\eyenbtem.dll
C:\WINDOWS\system32\fsoddwyw.ini
C:\WINDOWS\system32\fydhyyeq.dll
C:\WINDOWS\system32\gkijxkhq.dll
C:\WINDOWS\system32\gumgynca.ini
C:\WINDOWS\system32\guwbpbyh.dll
C:\WINDOWS\system32\hbtnxoln.ini
C:\WINDOWS\system32\hhgvhdmq.dll
C:\WINDOWS\system32\hvbvtrdi.dll
C:\WINDOWS\system32\ibqytqwa.ini
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijkmp.ini2
C:\WINDOWS\system32\irppsmdm.dll
C:\WINDOWS\system32\jpesoatt.dll
C:\WINDOWS\system32\klcjemtu.ini
C:\WINDOWS\system32\ldhbmxhd.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mffmqvgy.ini
C:\WINDOWS\system32\mghnrttx.dll
C:\WINDOWS\system32\nbigwoqr.dll
C:\WINDOWS\system32\ncpauuuk.ini
C:\WINDOWS\system32\nptdbyne.ini
C:\WINDOWS\system32\ntavyjdk.ini
C:\WINDOWS\system32\nwaixnjy.ini
C:\WINDOWS\system32\nxmqduuf.dll
C:\WINDOWS\system32\obqepikr.dll
C:\WINDOWS\system32\olfssaba.ini
C:\WINDOWS\system32\onkcqrmy.dll
C:\WINDOWS\system32\oyrxckur.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pbusbjml.ini
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmkji.exe
C:\WINDOWS\system32\poeeeipc.dll
C:\WINDOWS\system32\pohimdho.dll
C:\WINDOWS\system32\qhkxjikg.ini
C:\WINDOWS\system32\qmdhvghh.ini
C:\WINDOWS\system32\qqvxuxp.dll
C:\WINDOWS\system32\quarrloe.ini
C:\WINDOWS\system32\sbrexkys.dll
C:\WINDOWS\system32\seubpyqq.ini
C:\WINDOWS\system32\ucgclhhf.ini
C:\WINDOWS\system32\udegqtlt.ini
C:\WINDOWS\system32\ujdodulc.dll
C:\WINDOWS\system32\umhudftv.dll
C:\WINDOWS\system32\vhjjxwpt.dll
C:\WINDOWS\system32\vtqphupq.ini
C:\WINDOWS\system32\wgkaqusr.ini
C:\WINDOWS\system32\wpokqywn.ini
C:\WINDOWS\system32\xgxjuech.dll
C:\WINDOWS\system32\xhedsiyn.ini
C:\WINDOWS\system32\xnjqunle.dll
C:\WINDOWS\system32\xuwlvgku.dll
C:\WINDOWS\system32\xvjaispr.dll
C:\WINDOWS\system32\yludrxcy.dll
C:\WINDOWS\system32\yvbvoqqw.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NWLNKIPXX
-------\nwlnkipxx

((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-03-05 02:29 . 2004-08-03 22:56 388,608 --a------ C:\CF1572.exe
2008-03-05 02:10 . 2008-03-05 02:10 <DIR> d-------- C:\Program Files\IMVU
2008-03-05 02:10 . 2008-03-05 02:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\IMVU
2008-03-02 14:49 . 2008-03-02 14:49 3,584 --a------ C:\WINDOWS\system32\pmkji_exe.vir4
2008-03-02 11:55 . 2008-03-02 11:55 0 --a------ C:\WINDOWS\system32\edqyahog.dll
2008-03-01 21:46 . 2008-03-01 21:46 3,584 --a------ C:\WINDOWS\system32\pmkji_exe.vir3
2008-03-01 21:38 . 2008-03-01 21:38 3,584 --a------ C:\WINDOWS\system32\pmkji_exe.vir2
2008-03-01 11:56 . 2008-03-01 11:56 0 --a------ C:\WINDOWS\system32\bfpfallq.dll
2008-02-29 23:59 . 2008-02-29 23:59 3,584 --a------ C:\WINDOWS\system32\pmkji_exe.vir1
2008-02-29 13:04 . 2008-02-29 13:04 338,944 --a------ C:\WINDOWS\system32\pmkji_exe.vir0
2008-02-29 11:57 . 2008-02-29 11:57 399,360 --a------ C:\WINDOWS\SOUNDMAN_EXE.vir
2008-02-29 11:44 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-02-29 11:44 . 2006-04-07 14:40 184,320 --a------ C:\WINDOWS\system32\aIPH.dll
2008-02-29 11:44 . 2005-10-19 18:19 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-02-29 11:44 . 2005-10-27 08:55 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2008-02-29 11:44 . 2005-10-19 18:19 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-02-29 11:43 . 2005-12-13 10:38 48,128 --a------ C:\WINDOWS\system32\ANIO64.sys
2008-02-29 11:43 . 2005-12-11 11:55 28,195 --a------ C:\WINDOWS\system32\ANIO.sys
2008-02-29 11:43 . 2004-10-14 10:29 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2008-02-29 11:43 . 2004-10-14 10:29 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2008-02-29 11:36 . 2008-02-29 11:36 338,944 --a------ C:\WINDOWS\system32\RCX63.tmp
2008-02-29 01:19 . 2008-02-29 01:19 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-29 01:18 . 2008-02-29 01:18 <DIR> d-------- C:\WINDOWS\system32\GARLOPA
2008-02-29 01:18 . 2008-02-29 01:18 <DIR> d-------- C:\Extracted
2008-02-28 11:37 . 2008-02-28 11:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-02-27 15:59 . 2008-02-27 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-27 15:31 . 2008-02-27 15:31 0 --a------ C:\LOG87C.tmp
2008-02-27 15:15 . 2008-02-27 15:15 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-27 13:08 . 2008-02-29 01:21 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-02-27 12:53 . 2008-02-27 12:53 0 --a------ C:\LOG825.tmp
2008-02-27 11:53 . 2008-02-27 11:53 <DIR> d-------- C:\Program Files\Summitsoft
2008-02-27 11:08 . 2008-02-27 11:08 <DIR> d-------- C:\Program Files\AF Uninstalls
2008-02-27 11:00 . 2008-02-27 11:07 <DIR> d-------- C:\Program Files\RAR Password Cracker
2008-02-25 00:53 . 2008-02-25 00:53 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-25 00:33 . 2008-02-25 00:33 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-02-25 00:33 . 2008-02-25 00:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-24 13:46 . 2008-02-28 19:30 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2008-02-24 10:44 . 2008-02-29 11:38 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-02-24 10:43 . 2008-02-29 01:25 338,944 --a------ C:\WINDOWS\system32\pmkji_exe.vir
2008-02-24 10:35 . 2008-02-24 10:35 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-02-24 10:35 . 2008-02-24 10:35 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache(2).dsk
2008-02-24 02:25 . 2008-02-24 10:33 23,328 --ahs---- C:\WINDOWS\system32\hfpwynpx.dllbox
2008-02-24 01:23 . 2008-02-24 01:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy
2008-02-24 01:23 . 2008-02-24 01:23 <DIR> d-------- C:\Digidesign Databases
2008-02-24 01:03 . 2008-02-24 01:13 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{EDC31D9D-5A22-4D1C-926E-5F709040E93E}
2008-02-23 20:27 . 2008-02-23 20:27 338,944 --a------ C:\WINDOWS\system32\RCX5D.tmp
2008-02-23 13:18 . 2008-02-23 14:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitDownload
2008-02-23 12:55 . 2008-02-28 20:07 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitDownload
2008-02-23 12:53 . 2008-02-23 12:53 <DIR> d-------- C:\Program Files\Phone Surf Dart
2008-02-23 12:53 . 2008-02-29 11:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Phone Surf Dart
2008-02-23 12:53 . 2008-02-29 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mapi Meta Book Bits
2008-02-23 12:52 . 2008-02-29 23:53 <DIR> d-------- C:\Program Files\BitDownload
2008-02-22 23:15 . 2008-02-22 23:16 <DIR> d-------- C:\Program Files\Waves
2008-02-22 22:57 . 2008-03-01 12:25 <DIR> d-------- C:\Documents and Settings\Owner\Shared
2008-02-22 22:57 . 2008-03-01 20:12 <DIR> d-------- C:\Documents and Settings\Owner\Incomplete
2008-02-22 22:56 . 2008-02-22 22:56 <DIR> d-------- C:\Program Files\LimeWire Acceleration Patch
2008-02-22 22:51 . 2008-03-01 11:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-22 22:48 . 2008-02-22 22:51 <DIR> d-------- C:\Program Files\LimeWire
2008-02-22 21:19 . 2008-02-29 01:21 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-22 21:19 . 2008-02-22 21:19 <DIR> d-------- C:\Program Files\InterLok
2008-02-22 21:19 . 2006-11-13 21:38 16,384 --a------ C:\WINDOWS\system32\drivers\DigiFilt.sys
2008-02-22 21:18 . 2008-02-22 21:18 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-02-22 21:18 . 2008-02-22 21:18 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy
2008-02-22 21:18 . 2008-02-22 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-02-22 21:18 . 2006-11-14 00:05 126,976 --a------ C:\WINDOWS\system32\Digi32.dll
2008-02-22 21:16 . 2008-02-22 23:15 <DIR> d-------- C:\Program Files\Digidesign
2008-02-22 21:16 . 2008-02-22 21:16 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-02-22 21:16 . 2006-11-14 05:12 3,638,655 --a------ C:\WINDOWS\system32\DirectIO.dll
2008-02-22 21:16 . 2006-11-13 21:35 1,900,132 --a------ C:\WINDOWS\system32\ExpansionHD_Firmware.bin
2008-02-22 21:16 . 2006-11-13 21:37 483,328 --a------ C:\WINDOWS\system32\DSI.dll

binary_10essee

03-05-2008, 02:09 PM

2008-02-22 21:16 . 2006-11-13 21:35 192,512 --a------ C:\WINDOWS\system32\DigiPlatformSupport.dll
2008-02-22 21:16 . 2006-11-13 21:37 118,784 --a------ C:\WINDOWS\system32\Diomidi.DLL
2008-02-22 21:16 . 2006-11-13 22:07 90,112 --a------ C:\WINDOWS\system32\WinMMFix.dll
2008-02-22 21:16 . 2006-11-13 21:38 17,408 --a------ C:\WINDOWS\system32\drivers\dgfwboot.sys
2008-02-22 21:16 . 2006-11-13 21:38 15,872 --a------ C:\WINDOWS\system32\digicoin.dll
2008-02-22 21:16 . 2006-11-13 21:38 11,776 --a------ C:\WINDOWS\system32\drivers\diginet.sys
2008-02-22 21:15 . 2008-02-22 21:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-02-22 19:19 . 2008-02-29 11:37 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-02-22 19:15 . 2008-02-29 01:30 8 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{EDC31D9D-5A22-4D1C-926E-5F709040E93E}
2008-02-22 18:57 . 2006-07-05 16:23 663,552 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-02-22 18:57 . 2006-07-11 17:10 241,664 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-02-22 18:57 . 2006-07-21 15:14 196,608 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-02-22 18:56 . 2008-02-29 11:43 <DIR> d-------- C:\Program Files\ANI
2008-02-22 18:56 . 2005-10-21 15:56 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2008-02-22 18:54 . 2008-02-22 18:54 <DIR> d-------- C:\Program Files\D-Link
2008-02-22 18:46 . 2008-02-24 10:30 381 --a------ C:\WINDOWS\wininit.ini
2008-02-22 11:05 . 2008-02-29 23:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-22 11:05 . 2008-02-22 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 11:37 . 2008-02-18 11:37 0 --a------ C:\LOG64.tmp
2008-02-17 14:36 . 2008-02-17 14:36 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2008-02-17 00:10 . 2005-05-19 14:06 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2008-02-17 00:09 . 2008-02-17 00:09 <DIR> d-------- C:\Program Files\Webroot
2008-02-17 00:09 . 2008-02-17 00:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-02-17 00:09 . 2005-07-06 16:16 428,032 --a------ C:\WINDOWS\WRServices.dll
2008-02-16 01:21 . 2008-02-16 01:22 102 --a------ C:\a.html
2008-02-14 02:29 . 2008-02-14 02:29 51 --a------ C:\autorun.inf
2008-02-13 13:58 . 2007-12-26 15:22 2,616,808 --a------ C:\1.mp3
2008-02-08 23:23 . 2008-02-08 23:23 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-08 23:15 . 2008-02-08 23:15 <DIR> d-------- C:\VundoFix Backups
2008-02-06 17:36 . 2008-02-06 17:36 0 --a------ C:\LOG24.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-05 17:30 --------- d-----w C:\Program Files\Ares
2008-03-01 16:08 285,644 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-03-01 16:08 285,644 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-03-01 05:55 1,284 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-03-01 05:55 1,284 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-02-29 17:56 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-02-29 17:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 17:36 55,296 ----a-w C:\WINDOWS\SOUNDMAN .EXE
2008-02-29 07:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-02-28 06:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-27 19:08 --------- d-----w C:\Program Files\VstPlugins
2008-02-23 04:51 --------- d-----w C:\Program Files\Java
2008-02-03 17:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-30 23:20 --------- d-----w C:\Program Files\Panda Security
2008-01-30 23:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-30 23:15 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-01-18 17:12 --------- d-----w C:\Program Files\Panda Software
2008-01-14 18:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-14 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-12 09:46 --------- d-----w C:\Program Files\Lavasoft
2008-01-12 00:20 --------- d-----w C:\Program Files\Antares
2008-01-09 08:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-01-09 08:17 --------- d-----w C:\Program Files\Viewpoint
2008-01-09 08:17 --------- d-----w C:\Program Files\AWS
2008-01-09 08:17 --------- d-----w C:\Program Files\AOD
2008-01-09 08:17 --------- d-----w C:\Program Files\AIM
2008-01-09 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-08 08:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-07 21:00 --------- d-----w C:\Program Files\MSDN
2008-01-06 03:21 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-05 23:40 --------- d-----w C:\Program Files\FL Studio 4
2008-01-05 23:39 --------- d-----w C:\Program Files\Trash bin
2008-01-05 23:39 --------- d-----w C:\Program Files\System
2008-01-05 23:39 --------- d-----w C:\Program Files\Plugins
.
<pre>
----a-w 2,328,064 2008-02-29 17:28:05 C:\Documents and Settings\All Users\Application Data\Mapi Meta Book Bits\SENDCI~1 .EXE
----a-w 390,144 2008-02-29 09:00:24 C:\Documents and Settings\Owner\Application Data\Phone Surf Dart\Anteless .exe
----a-w 61,440 2008-01-17 19:57:00 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy .exe
----a-w 49,152 2008-02-29 17:37:09 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2 .exe
----a-w 961,536 2008-02-28 16:25:47 C:\Program Files\Ares\Ares .exe
----a-w 961,536 2008-02-24 17:54:55 C:\Program Files\Ares\Ares .exe
----a-w 1,103,360 2008-02-24 18:57:03 C:\Program Files\BitDownload\BitDownload .exe
----a-w 1,446,400 2008-02-24 18:53:30 C:\Program Files\BitDownload\BitDownload .exe
----a-w 1,446,400 2008-02-24 17:53:36 C:\Program Files\BitDownload\BitDownload .exe
----a-w 1,103,360 2008-02-29 17:37:54 C:\Program Files\BitDownload\BitDownload .exe
----a-w 1,880,064 2008-02-29 17:37:13 C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG .exe
----a-w 61,440 2008-02-29 17:30:37 C:\Program Files\Digidesign\Drivers\MMERefresh .exe
----a-w 32,881 2008-02-23 01:57:45 C:\Program Files\Java\j2re1.4.2_10\bin\jusched .exe
----a-w 36,975 2008-02-29 17:36:52 C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
----a-w 396,288 2008-02-03 00:08:51 C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch .exe
----a-w 1,694,208 2008-02-07 08:09:08 C:\Program Files\Messenger\msmsgs .exe
----a-w 842,584 2008-02-29 17:36:59 C:\Program Files\Microsoft IntelliPoint\ipoint .exe
----a-w 8,720,384 2008-02-15 07:53:11 C:\Program Files\MySpace\IM\MySpaceIM .exe
----a-w 455,984 2008-02-24 07:17:21 C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\Apvxdwin .exe
----a-w 315,392 2008-01-19 18:01:13 C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Apvxdwin .exe
----a-w 106,496 2008-01-19 18:01:16 C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LUpgConf .exe
----a-w 2,097,488 2008-02-29 17:37:45 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 2,972,672 2008-02-23 01:58:15 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 4,670,704 2008-03-04 18:04:50 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w 5,036,032 2008-03-04 07:52:37 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w 55,296 2008-02-29 17:36:38 C:\WINDOWS\SOUNDMAN .EXE
----a-w 158,208 2008-03-04 07:48:57 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 114,688 2008-02-06 23:26:15 C:\WINDOWS\system32\hkcmd .exe
----a-w 155,648 2008-02-06 23:26:18 C:\WINDOWS\system32\igfxtray .exe
----a-w 155,648 2008-02-29 17:36:47 C:\WINDOWS\system32\NeroCheck .exe
</pre>

binary_10essee

03-05-2008, 02:10 PM

------- Sigcheck -------

8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
----a-w 14,336 2004-08-04 04:56:58 C:\WINDOWS\system32\svchost.exe
-c--a-w 14,336 2004-08-04 04:56:58 C:\WINDOWS\system32\dllcache\svchost.exe

b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
----a-w 577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
----a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
-c----w 577,024 2004-08-04 04:56:48 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
----a-w 577,024 2005-03-02 18:09:30 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb01 1c281dea1cb7a45f880da78\sp2gdr\user32.dll
----a-w 577,024 2005-03-02 18:19:56 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb01 1c281dea1cb7a45f880da78\sp2qfe\user32.dll
----a-w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\user32.dll
-c--a-w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\dllcache\user32.dll

2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
----a-w 82,944 2004-08-04 04:56:48 C:\WINDOWS\system32\ws2_32.dll
-c--a-w 82,944 2004-08-04 04:56:48 C:\WINDOWS\system32\dllcache\ws2_32.dll

57d1b5150cf6331fac6b3e04c1fcb966 C:\WINDOWS\system32\wininet.dll
----a-w 666,112 2007-10-11 05:57:41 C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
----a-w 666,112 2007-12-07 00:44:39 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
-c----w 656,384 2004-08-04 04:56:48 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
-c----w 659,456 2007-10-11 06:13:45 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
----a-w 659,456 2007-10-11 06:13:45 C:\WINDOWS\SoftwareDistribution\Download\fa5824322 2bcfe35e5467668df396003\sp2gdr\wininet.dll
----a-w 666,112 2007-10-11 05:57:41 C:\WINDOWS\SoftwareDistribution\Download\fa5824322 2bcfe35e5467668df396003\sp2qfe\wininet.dll
----a-w 659,456 2007-12-07 01:07:14 C:\WINDOWS\system32\wininet.dll
-c--a-w 659,456 2007-12-07 01:07:14 C:\WINDOWS\system32\dllcache\wininet.dll

90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 359,040 2004-08-03 23:14:42 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c----w 359,808 2006-04-20 11:51:50 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
-c--a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\drivers\tcpip.sys

01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
----a-w 502,272 2004-08-04 04:56:58 C:\WINDOWS\system32\winlogon.exe
-c--a-w 502,272 2004-08-04 04:56:58 C:\WINDOWS\system32\dllcache\winlogon.exe

558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
-c--a-w 182,912 2004-08-03 23:14:30 C:\WINDOWS\system32\dllcache\ndis.sys
----a-w 182,912 2004-08-03 23:14:30 C:\WINDOWS\system32\drivers\ndis.sys

4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
-c--a-w 29,056 2004-08-03 23:00:08 C:\WINDOWS\system32\dllcache\ip6fw.sys
----a-w 29,056 2004-08-03 23:00:08 C:\WINDOWS\system32\drivers\ip6fw.sys

515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,056,832 2005-03-02 00:36:40 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
----a-w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
-c----w 2,056,832 2004-08-04 05:05:44 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
-c----w 2,056,832 2005-03-02 00:34:40 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
----a-w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
----a-w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
----a-w 2,056,832 2005-03-02 00:34:40 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb01 1c281dea1cb7a45f880da78\sp2gdr\ntkrnlpa.exe
----a-w 2,056,832 2005-03-02 00:36:40 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb01 1c281dea1cb7a45f880da78\sp2qfe\ntkrnlpa.exe
----a-w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\ntkrnlpa.exe
-c----w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,179,456 2005-03-02 01:04:22 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
-c----w 2,180,992 2004-08-03 23:20:00 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
-c----w 2,179,328 2005-03-02 00:59:53 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
----a-w 2,179,328 2005-03-02 00:59:53 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb01 1c281dea1cb7a45f880da78\sp2gdr\ntoskrnl.exe
----a-w 2,179,456 2005-03-02 01:04:22 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb01 1c281dea1cb7a45f880da78\sp2qfe\ntoskrnl.exe
----a-w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\ntoskrnl.exe
-c----w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
----a-w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\explorer.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,032,192 2004-08-04 04:56:50 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c--a-w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\system32\dllcache\explorer.exe
.
-- Snapshot reset to current date --

binary_10essee

03-05-2008, 02:11 PM

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90222D75-E88E-4A7E-6684-6241E546D6A4}]
C:\Program Files\Windows NT\qukavo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6497803-F468-42FA-8FB5-13F2335ED6D3}]
C:\Program Files\MSN Gaming Zone\mexo4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF22DC31-369F-4242-9C74-34F86E99656D}]
C:\Program Files\MSN Gaming Zone\mexo83122.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ares"="C:\Program Files\Ares\Ares .exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMan"="SOUNDMAN.EXE" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-08-25 15:14 4554752]
"nwiz"="nwiz.exe" [2004-08-25 15:14 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-08-25 15:14 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [ ]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [ ]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.exe" [ ]
"D-Link RangeBooster G WUA-2340"="C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [ ]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ahkjorzs]
ahkjorzs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hfpwynpx]
hfpwynpx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtsrp]
tuvtsrp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ C:\WINDOWS\system32\pmkji

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6cdaf83c]
C:\WINDOWS\system32\rixhvcja.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-watch]
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\TEMP\us0105.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1000106.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.6\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe" /startintray

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Ares\\Ares .exe"=
"C:\\Program Files\\Ares\\Ares .exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM .exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitDownload\\BitDownload .exe"=
"C:\\Program Files\\BitDownload\\BitDownload .exe"=
"C:\\Program Files\\BitDownload\\BitDownload .exe"=
"C:\\Program Files\\BitDownload\\BitDownload .exe"=

.
Contents of the 'Scheduled Tasks' folder
"2008-03-02 21:00:00 C:\WINDOWS\Tasks\B6B0E4CA92278BBA.job"
- c:\docume~1\owner\applic~1\phones~1\book blue meow.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-03-05 11:38:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2008-03-05 11:41:13 - machine was rebooted [Effektz]
ComboFix-quarantined-files.txt 2008-03-05 17:41:09
.
2008-02-21 02:06:40 --- E O F ---

classicsoftware

03-06-2008, 12:02 AM

So how is the system running after COMBOFIX????

binary_10essee

03-06-2008, 04:09 AM

LoL, sorry. The system is running faster. But I still have no sound, the taskbar still doesn't show properly, I still can't access "Network Connections" from Control Panel or anywhere else, my windows still minimize to a small box at the bottom-left of the screen above the taskbar instead of IN the taskbar, I still can't connect to Yahoo! Messenger (but I can connect to MySpace IM and AIM). But the virus itself is gone. It was either Virtumonde or W32/Trats.B (file 'pmkji.dll') -- ComboFix got rid of that. Any ideas? I thought about doing a repair installation of Windows, but I don't know if that'd be necessary.

classicsoftware

03-06-2008, 09:27 AM

I'm at work until late tonight. I'll reply then.

classicsoftware

03-07-2008, 12:18 AM

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)]

binary_10essee

03-07-2008, 03:29 AM

SmitfraudFix Log:

SmitFraudFix v2.300

Scan done at 1:26:15.15, Fri 03/07/2008
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

classicsoftware

03-07-2008, 09:04 PM

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.