ComboFix 08-08-09.02 - Gus 2008-08-09 16:48:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1486 [GMT -7:00]
Running from: C:\Documents and Settings\Gus\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gus\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active
.
ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Gus\Application Data\macromedia\Flash Player\#SharedObjects\RGMW3SH3\interclick.com
C:\Documents and Settings\Gus\Application Data\macromedia\Flash Player\#SharedObjects\RGMW3SH3\interclick.com\ud.sol
C:\Documents and Settings\Gus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Gus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\BM9b02e8f0.txt
C:\WINDOWS\BM9b02e8f0.xml
C:\WINDOWS\system32\drivers\beep.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ngluuqsv.ini
C:\WINDOWS\system32\vsquulgn.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.
2008-12-21 21:59 . 2007-08-07 04:52 443,104 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
2008-12-21 21:59 . 2007-08-07 04:51 324,320 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2008-12-21 21:59 . 2007-08-07 04:52 25,312 --a------ C:\WINDOWS\system32\SamsungVfWCodec.dll
2008-12-21 21:59 . 2007-08-07 04:52 25,312 --a------ C:\WINDOWS\system32\DivXVfWCodec.dll
2008-12-21 21:58 . 2007-08-07 04:51 1,139,488 --a------ C:\WINDOWS\system32\3ivx.dll
2008-12-21 21:52 . 2007-08-07 04:52 66,272 --a------ C:\WINDOWS\system32\libfaac.dll
2008-08-09 16:10 . 2008-08-09 16:10 431 --a------ C:\WINDOWS\wininit.ini
2008-08-09 15:12 . 2008-08-09 15:38 <DIR> d-------- C:\VundoFix Backups
2008-08-08 14:36 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 14:43 . 2008-08-07 14:44 477,696 --a------ C:\WINDOWS\ada_spytec_thankyou.exe
2008-08-07 14:43 . 2008-08-07 14:44 348,426 --a------ C:\WINDOWS\adamax_install_thankyou.exe
2008-08-07 14:43 . 2008-08-07 14:44 110,060 --a------ C:\WINDOWS\spytector_server_thankyou.exe
2008-08-06 18:26 . 2008-08-06 18:26 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-05 12:58 . 2008-08-05 12:58 <DIR> d-------- C:\Documents and Settings\Gus\Application Data\LEAPS
2008-08-05 12:13 . 2008-08-05 12:13 <DIR> d-------- C:\Documents and Settings\Gus\Application Data\Pegasys Inc
2008-08-03 17:43 . 2008-08-03 17:43 <DIR> d-------- C:\Program Files\iTunes
2008-08-03 17:43 . 2008-08-03 17:43 <DIR> d-------- C:\Program Files\iPod
2008-08-01 12:28 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-01 12:28 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-01 06:27 . 2008-08-01 06:27 99,648 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-07-31 01:45 . 2008-08-07 14:51 <DIR> d-------- C:\DVDTemp
2008-07-31 01:45 . 2008-08-08 17:32 <DIR> d-------- C:\CloneDVDTemp
2008-07-26 11:43 . 2008-07-26 11:43 <DIR> d-------- C:\Program Files\Bodrag
2008-07-26 11:38 . 2008-07-26 11:48 <DIR> d-------- C:\Program Files\RAM Booster Pro
2008-07-26 11:38 . 2000-05-22 16:58 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-07-24 13:42 . 2008-07-30 12:23 <DIR> d-------- C:\Program Files\QPST
2008-07-21 05:11 . 2008-07-21 05:11 24,392 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-07-14 03:37 . 2008-07-09 07:34 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-07-12 12:47 . 2008-07-12 12:47 <DIR> d-------- C:\WINDOWS\Easy Rapidshare Points 4.0
2008-07-12 12:47 . 2008-07-12 12:47 <DIR> d-------- C:\Program Files\Easy Rapidshare Points 4.0
2008-07-11 14:34 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-07-11 02:48 . 2008-07-13 02:52 <DIR> d-------- C:\Torrent Switch
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 23:45 --------- d-----w C:\Documents and Settings\Gus\Application Data\DMCache
2008-08-09 21:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-09 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-09 20:29 --------- d-----w C:\Documents and Settings\Gus\Application Data\uTorrent
2008-08-09 01:11 --------- d-----w C:\Documents and Settings\Gus\Application Data\Vso
2008-08-08 22:14 --------- d-----w C:\Program Files\ESET
2008-08-08 21:48 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 03:20 --------- d-----w C:\Documents and Settings\Gus\Application Data\dvdcss
2008-08-05 19:23 --------- d-----w C:\Program Files\Custom Technology
2008-08-05 19:13 --------- d-----w C:\Program Files\Pegasys Inc
2008-08-04 07:22 --------- d-----w C:\Program Files\mIRC
2008-08-04 07:22 --------- d-----w C:\Documents and Settings\Gus\Application Data\mIRC
2008-08-02 19:57 --------- d-----w C:\Program Files\Avidemux 2.4
2008-08-02 19:52 --------- d-----w C:\Documents and Settings\Gus\Application Data\gtk-2.0
2008-07-31 03:07 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 19:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-30 19:13 --------- d-----w C:\Program Files\BitPim
2008-07-19 01:41 --------- d-----w C:\Program Files\QuickTime
2008-07-19 01:41 --------- d-----w C:\Program Files\Bonjour
2008-07-18 01:53 --------- d-----w C:\Program Files\Internet Download Manager
2008-07-18 01:38 --------- d-----w C:\Documents and Settings\Gus\Application Data\IDM
2008-07-13 00:32 --------- d-----w C:\Program Files\DivX
2008-07-11 23:23 --------- d-----w C:\Documents and Settings\Gus\Application Data\U3
2008-07-10 16:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-07 23:39 --------- d-----w C:\Program Files\AviSynth 2.5
2008-06-30 20:08 --------- d-----w C:\Program Files\AVI2ISO
2008-06-30 20:05 --------- d-----w C:\Program Files\Innovatools
2008-06-28 21:12 --------- d-----w C:\Program Files\Power Shutdown
2008-06-26 19:09 --------- d-----w C:\Program Files\Tierra
2008-06-26 18:51 --------- d-----w C:\Program Files\PC Auto Shutdown
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-25 00:25 --------- d-----w C:\Program Files\SpeedFan
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 03:14 --------- d-----w C:\Program Files\Proxyrama
2008-06-20 00:19 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-18 19:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-18 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-18 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-16 22:55 --------- d-----w C:\Program Files\LG Electronics
2008-06-16 22:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-16 22:54 --------- d-----w C:\Program Files\Verizon Wireless
2008-06-16 20:11 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-06-16 18:48 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-16 18:48 249,856 ------w C:\WINDOWS\Setup1.exe
2008-06-16 18:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 02:11 --------- d-----w C:\Program Files\Java
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-11 01:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-11 01:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-07 21:28 47,360 ----a-w C:\Documents and Settings\Gus\Application Data\pcouffin.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 17:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-07 22:01 1115728]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43 7630848]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.SEDG"= SamsungVfWCodec.dll
"vidc.DX50"= DivXVfWCodec.dll
"vidc.dvsd"= pdvcodec.dll
"vidc.i420"= i420vfw.dll
"msacm.avis"= ff_acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Gus^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Gus\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 18:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 17:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-03-08 21:30 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 22:43 7630848 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 22:43 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2005-10-23 23:45 90112 C:\WINDOWS\soundman.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Alias\\Maya8.0\\bin\\maya.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47386:TCP"= 47386:TCP:uTorrent
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 14:38]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
S3 mam4410c;mam4410c;C:\WINDOWS\system32\Drivers\mam4410c.sys [2005-06-16 18:11]
S3 mam4410m;mam4410m;C:\WINDOWS\system32\Drivers\mam4410m.sys [2005-06-16 18:13]
S3 mam4410u;mam4410u;C:\WINDOWS\system32\Drivers\mam4410u.sys [2006-12-22 11:59]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-30 20:07]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-01-29 12:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f9b5a3-8dbc-11dc-90a9-0019210fa716}]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{246b0387-8ae7-11dc-a815-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1ac7848-ac3d-11dc-90cd-0019210fa716}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e37386a3-5fff-11dd-925d-0019210fa716}]
\Shell\AutoRun\command - H:\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5534c4e-8b81-11dc-909f-0019210fa716}]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{bgbhitnh-umly-aihm-jbes-yrjfgjlgbihh}]
C:\WINDOWS\aejlu.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0ba3a364-a2df-4651-947b-e13e455a35d9} - C:\WINDOWS\system32\tpirqn.dll
BHO-{0EA0BBB3-AFD2-4035-B2B4-D2B70EA564DB} - C:\WINDOWS\system32\jkkLFxyX.dll
BHO-{A651AD5D-66EF-440A-B6A1-BD5C36D234D6} - C:\WINDOWS\system32\rqRLDurr.dll
BHO-{E525B124-28E1-4D57-B784-B2AABFBBFA66} - C:\WINDOWS\system32\hgGxUoom.dll
HKLM-Run-RAMBoosterPro - C:\Program Files\RAM Booster Pro\RAMBoosterPro.exe
HKLM-Run-9831db6c - C:\WINDOWS\system32\vsquulgn.dll
HKLM-Run-BM9b02e8f0 - C:\WINDOWS\system32\xkuqpwbh.dll
ShellExecuteHooks-{E525B124-28E1-4D57-B784-B2AABFBBFA66} - C:\WINDOWS\system32\hgGxUoom.dll
MSConfigStartUp-a-squared - C:\Program Files\a-squared Anti-Malware\a2guard.exe
MSConfigStartUp-PC Auto Shutdown - C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Gus\Application Data\Mozilla\Firefox\Profiles\hmfnv7n5.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-09 16:51:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2008-08-09 16:55:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-09 23:54:57
Pre-Run: 25,543,614,464 bytes free
Post-Run: 25,591,042,048 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
269 --- E O F --- 2008-07-09 06:34:36
That is my Latest ComboFix...and this is my Latest Hijackthis...Am I Clean Finally??Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:02 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1194639717687O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.on...e/en/crlocx.ocxO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 7195 bytes