[IraqiGeek]

Hi,

I'm running Windows XP SP3 RC1. I'm a software developer and an advanced windows user. Usually I am able to clean infections manually without needing any tool, but this is really baffling me.

I went to the "You must read this first" thread, but I'm not able to run any of the antivirus/antimalware tools, AVG. Some run for a second or so before automatically terminating, others show a message box saying the .exe is not a valid Win32 application. Ccleaner and Spybot S&D run for a second. AVG antivirus, and hijackthis give me error 193 invalid win32 application. Trying to rename/delete/run some of the executables for the above mentioned tools manually causes explorer to freeze (I kill it and restart it manually with the task manager).

Running prcview.exe I cannot see any abnormal processes running (I'm familiar with all the drivers running on my PC). The svchost instances run the following options (all preceeded by -k):

DcomLaunch
HTTPFilter
rpcss
netsvcs
NetworkService
LocalService
bthsvs


Further more, I cannot enter into safe mode.

I'm able to run Kaspersky's online scan, and its running currently under IE (I'm using Firefox to write this, and for all other open pages). So far it hasn't found any infections.

Any help fixing/cleaning my PC is greatly appreciated.

Edited by IraqiGeek, 28 February 2008 - 09:01 AM.

[Advertisements]

Hello IraqiGeek

Welcome to G2Go.
=====================
You have a bagle infection.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[kahdah]

Hello IraqiGeek

Welcome to G2Go.
=====================
You have a bagle infection.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[IraqiGeek]

Hi,

Thanks for the prompt reply. I run combofix, then run hijackthis afterwards.

Here is the ComboFix log:

/* ********** BEGIN COMBOFIX LOG ********** */

ComboFix 08-02-25.3 - Administrator 2008-02-28 16:32:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.947 [GMT 1:00]
Running from: D:\New Folder\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\144127.exe
C:\WINDOWS\system32\drivers\down\154201.exe
C:\WINDOWS\system32\drivers\down\154832.exe
C:\WINDOWS\system32\drivers\down\158618.exe
C:\WINDOWS\system32\drivers\down\162022.exe
C:\WINDOWS\system32\drivers\down\162223.exe
C:\WINDOWS\system32\drivers\down\163765.exe
C:\WINDOWS\system32\drivers\down\163995.exe
C:\WINDOWS\system32\drivers\down\166439.exe
C:\WINDOWS\system32\drivers\down\167000.exe
C:\WINDOWS\system32\drivers\down\169613.exe
C:\WINDOWS\system32\drivers\down\171656.exe
C:\WINDOWS\system32\drivers\down\171937.exe
C:\WINDOWS\system32\drivers\down\174490.exe
C:\WINDOWS\system32\drivers\down\176593.exe
C:\WINDOWS\system32\drivers\down\179047.exe
C:\WINDOWS\system32\drivers\down\180349.exe
C:\WINDOWS\system32\drivers\down\183644.exe
C:\WINDOWS\system32\drivers\down\184965.exe
C:\WINDOWS\system32\drivers\down\186858.exe
C:\WINDOWS\system32\drivers\down\190323.exe
C:\WINDOWS\system32\drivers\down\190904.exe
C:\WINDOWS\system32\drivers\down\192426.exe
C:\WINDOWS\system32\drivers\down\196562.exe
C:\WINDOWS\system32\drivers\down\198705.exe
C:\WINDOWS\system32\drivers\down\202711.exe
C:\WINDOWS\system32\drivers\down\203522.exe
C:\WINDOWS\system32\drivers\down\204283.exe
C:\WINDOWS\system32\drivers\down\205325.exe
C:\WINDOWS\system32\drivers\down\205966.exe
C:\WINDOWS\system32\drivers\down\206446.exe
C:\WINDOWS\system32\drivers\down\207127.exe
C:\WINDOWS\system32\drivers\down\209771.exe
C:\WINDOWS\system32\drivers\down\211544.exe
C:\WINDOWS\system32\drivers\down\213106.exe
C:\WINDOWS\system32\drivers\down\213356.exe
C:\WINDOWS\system32\drivers\down\213376.exe
C:\WINDOWS\system32\drivers\down\216951.exe
C:\WINDOWS\system32\drivers\down\219225.exe
C:\WINDOWS\system32\drivers\down\219786.exe
C:\WINDOWS\system32\drivers\down\221308.exe
C:\WINDOWS\system32\drivers\down\222650.exe
C:\WINDOWS\system32\drivers\down\222920.exe
C:\WINDOWS\system32\drivers\down\223421.exe
C:\WINDOWS\system32\drivers\down\225013.exe
C:\WINDOWS\system32\drivers\down\225313.exe
C:\WINDOWS\system32\drivers\down\229129.exe
C:\WINDOWS\system32\drivers\down\229489.exe
C:\WINDOWS\system32\drivers\down\229760.exe
C:\WINDOWS\system32\drivers\down\232163.exe
C:\WINDOWS\system32\drivers\down\232414.exe
C:\WINDOWS\system32\drivers\down\233535.exe
C:\WINDOWS\system32\drivers\down\233625.exe
C:\WINDOWS\system32\drivers\down\235518.exe
C:\WINDOWS\system32\drivers\down\235648.exe
C:\WINDOWS\system32\drivers\down\236039.exe
C:\WINDOWS\system32\drivers\down\236049.exe
C:\WINDOWS\system32\drivers\down\236470.exe
C:\WINDOWS\system32\drivers\down\237691.exe
C:\WINDOWS\system32\drivers\down\238082.exe
C:\WINDOWS\system32\drivers\down\238633.exe
C:\WINDOWS\system32\drivers\down\241667.exe
C:\WINDOWS\system32\drivers\down\243550.exe
C:\WINDOWS\system32\drivers\down\244461.exe
C:\WINDOWS\system32\drivers\down\244591.exe
C:\WINDOWS\system32\drivers\down\245102.exe
C:\WINDOWS\system32\drivers\down\245973.exe
C:\WINDOWS\system32\drivers\down\246194.exe
C:\WINDOWS\system32\drivers\down\246254.exe
C:\WINDOWS\system32\drivers\down\246514.exe
C:\WINDOWS\system32\drivers\down\247065.exe
C:\WINDOWS\system32\drivers\down\247395.exe
C:\WINDOWS\system32\drivers\down\247686.exe
C:\WINDOWS\system32\drivers\down\249799.exe
C:\WINDOWS\system32\drivers\down\251161.exe
C:\WINDOWS\system32\drivers\down\251461.exe
C:\WINDOWS\system32\drivers\down\251501.exe
C:\WINDOWS\system32\drivers\down\252763.exe
C:\WINDOWS\system32\drivers\down\253194.exe
C:\WINDOWS\system32\drivers\down\283117.exe
C:\WINDOWS\system32\drivers\down\293912.exe
C:\WINDOWS\system32\drivers\down\302044.exe
C:\WINDOWS\system32\drivers\down\321402.exe
C:\WINDOWS\system32\drivers\down\37655295.exe
C:\WINDOWS\system32\drivers\down\37662235.exe
C:\WINDOWS\system32\drivers\down\37663517.exe
C:\WINDOWS\system32\drivers\down\37666040.exe
C:\WINDOWS\system32\drivers\down\37668764.exe
C:\WINDOWS\system32\drivers\down\37728470.exe
C:\WINDOWS\system32\drivers\down\37745685.exe
C:\WINDOWS\system32\drivers\down\37748108.exe
C:\WINDOWS\system32\drivers\down\37751323.exe
C:\WINDOWS\system32\drivers\down\37755088.exe
C:\WINDOWS\system32\drivers\down\37773365.exe
C:\WINDOWS\system32\drivers\down\37778512.exe
C:\WINDOWS\system32\drivers\down\37779674.exe
C:\WINDOWS\system32\drivers\down\37780355.exe
C:\WINDOWS\system32\drivers\down\37783579.exe
C:\WINDOWS\system32\drivers\down\37787445.exe
C:\WINDOWS\system32\drivers\down\37831168.exe
C:\WINDOWS\system32\drivers\down\579252.exe
C:\WINDOWS\system32\drivers\down\584270.exe
C:\WINDOWS\system32\drivers\down\585672.exe
C:\WINDOWS\system32\drivers\down\587374.exe
C:\WINDOWS\system32\drivers\down\591089.exe
C:\WINDOWS\system32\drivers\down\613542.exe
C:\WINDOWS\system32\drivers\down\642974.exe
C:\WINDOWS\system32\drivers\down\645297.exe
C:\WINDOWS\system32\drivers\down\667800.exe
C:\WINDOWS\system32\drivers\down\672356.exe
C:\WINDOWS\system32\drivers\down\678195.exe
C:\WINDOWS\system32\drivers\down\685365.exe
C:\WINDOWS\system32\drivers\down\685665.exe
C:\WINDOWS\system32\drivers\down\688950.exe
C:\WINDOWS\system32\drivers\down\691364.exe
C:\WINDOWS\system32\drivers\down\693016.exe
C:\WINDOWS\system32\drivers\down\722809.exe
C:\WINDOWS\system32\drivers\down\88688086.exe
C:\WINDOWS\system32\drivers\down\88689999.exe
C:\WINDOWS\system32\drivers\down\88692763.exe
C:\WINDOWS\system32\drivers\down\88695587.exe
C:\WINDOWS\system32\drivers\down\88722095.exe
C:\WINDOWS\system32\drivers\down\88735705.exe
C:\WINDOWS\system32\drivers\down\88738389.exe
C:\WINDOWS\system32\drivers\down\88740682.exe
C:\WINDOWS\system32\drivers\down\88765287.exe
C:\WINDOWS\system32\drivers\down\88773118.exe
C:\WINDOWS\system32\drivers\down\88777224.exe
C:\WINDOWS\system32\drivers\down\88777545.exe
C:\WINDOWS\system32\drivers\down\88777975.exe
C:\WINDOWS\system32\drivers\down\88781661.exe
C:\WINDOWS\system32\drivers\down\88784495.exe
C:\WINDOWS\system32\drivers\down\88853885.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-28 15:38 . 2008-02-28 15:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-28 15:34 . 2008-02-28 15:34 <DIR> d-------- C:\Deckard
2008-02-28 15:23 . 2008-02-28 15:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-28 15:23 . 2008-02-28 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-28 15:08 . 2008-02-28 16:31 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-02-28 14:29 . 2008-02-28 15:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-28 14:08 . 2008-02-28 14:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IBM
2008-02-28 13:53 . 2008-02-28 13:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Notepad++
2008-02-28 01:14 . 2008-02-28 01:23 <DIR> d-------- C:\Program Files\CHM To PDF Converter PRO
2008-02-28 00:48 . 2008-02-28 00:48 <DIR> d-------- C:\Program Files\Two Pilots
2008-02-28 00:42 . 2008-02-28 01:11 <DIR> d-------- C:\Program Files\ABC Amber CHM Converter
2008-02-28 00:33 . 2008-02-28 00:33 <DIR> d-------- C:\Program Files\WINDDK
2008-02-27 15:48 . 2008-02-27 15:48 <DIR> d-------- C:\Program Files\Frontline Test System II
2008-02-27 15:48 . 2008-02-27 15:48 <DIR> d-------- C:\Program Files\Common Files\FTE
2008-02-27 15:48 . 2008-02-27 15:48 108 --a------ C:\WINDOWS\system32\116016.lrd
2008-02-27 01:09 . 2008-02-27 01:09 <DIR> d-------- C:\Documents and Settings\Ali Mualla\Bluetooth Software
2008-02-27 00:43 . 2007-11-30 17:23 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-27 00:43 . 2007-11-30 17:23 14,592 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-27 00:42 . 2007-12-01 00:27 380,416 --a------ C:\WINDOWS\system32\irprops.cpl
2008-02-27 00:42 . 2007-12-01 00:27 380,416 --a------ C:\WINDOWS\system32\dllcache\irprops.cpl
2008-02-27 00:40 . 2008-02-28 14:23 <DIR> d-------- C:\Program Files\WIDCOMM
2008-02-21 04:06 . 2008-02-21 04:06 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-20 16:54 . 2008-02-20 16:55 <DIR> d-------- C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2
2008-02-20 16:22 . 2008-02-20 16:32 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-20 16:22 . 2008-02-20 16:49 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-02-20 05:22 . 2008-02-20 05:22 122 --a------ C:\WINDOWS\Winchat.ini
2008-02-20 00:20 . 2008-02-20 00:20 <DIR> d-------- C:\Program Files\WinSIXAXIS
2008-02-19 00:40 . 2008-02-19 00:40 <DIR> d-------- C:\Program Files\Inno Setup 5
2008-02-18 02:38 . 2008-02-18 02:38 <DIR> d-------- C:\Documents and Settings\Ali Mualla\Application Data\Caphyon
2008-02-18 02:25 . 2008-02-18 02:25 <DIR> d-------- C:\Program Files\RegSpy
2008-02-16 16:41 . 2008-02-16 16:41 <DIR> d-------- C:\Program Files\Auslogics
2008-02-16 16:41 . 2008-02-16 16:41 <DIR> d-------- C:\Documents and Settings\Ali Mualla\Application Data\Auslogics
2008-02-16 02:08 . 2008-02-16 02:11 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-02-15 04:48 . 2008-02-15 04:48 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-02-15 04:47 . 2008-02-20 15:57 <DIR> d-------- C:\Program Files\MSECACHE
2008-02-15 03:44 . 2008-02-15 03:44 <DIR> d-------- C:\Program Files\LibUSB-Win32
2008-02-15 00:09 . 2008-02-15 00:09 268 --ah----- C:\sqmdata00.sqm
2008-02-15 00:09 . 2008-02-15 00:09 244 --ah----- C:\sqmnoopt00.sqm
2008-02-11 16:59 . 2003-01-28 10:42 92,380 --a------ C:\WINDOWS\system32\drivers\USBSnpys.sys
2008-02-11 16:59 . 2003-01-28 10:42 23,948 --a------ C:\WINDOWS\system32\drivers\UsbSnoop.sys
2008-02-11 13:50 . 2008-02-27 21:46 <DIR> d--h----- C:\Documents and Settings\Ali Mualla\.mxu-f40b
2008-02-11 13:50 . 2008-02-27 21:46 <DIR> d-------- C:\Documents and Settings\Ali Mualla\.borland
2008-02-11 13:46 . 2008-02-11 13:46 <DIR> d-------- C:\Program Files\Borland
2008-02-11 13:31 . 2008-02-11 13:31 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-02-11 03:45 . 2008-02-11 03:45 <DIR> d-------- C:\Program Files\SixaxisDriver
2008-02-11 03:45 . 2006-12-24 05:15 27,904 --a------ C:\WINDOWS\system32\drivers\xPADFL02.sys
2008-02-11 02:52 . 2008-02-24 17:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 02:52 . 2008-02-11 02:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-10 20:37 . 2008-02-10 20:37 <DIR> d-------- C:\Program Files\Parallel Port Joystick
2008-02-10 20:37 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-02-10 20:35 . 2008-02-10 20:36 <DIR> d-------- C:\Documents and Settings\Ali Mualla\Application Data\GetRightToGo
2008-02-10 19:38 . 2008-02-10 19:38 544 --a------ C:\WINDOWS\_delis32.ini
2008-02-10 19:14 . 2008-02-10 19:14 <DIR> d-------- C:\Program Files\Call of Duty 2 for Pocket PC
2008-02-06 00:17 . 2008-02-06 00:17 <DIR> d-------- C:\Program Files\RapidMind Platform v2.1
2008-02-05 19:19 . 2008-02-20 14:06 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-02-05 18:27 . 2008-02-05 18:27 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 13:28 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-02-28 13:20 --------- d-----w C:\Program Files\activePDF
2008-02-28 12:28 --------- d-----w C:\Program Files\ViStart
2008-02-28 00:48 --------- d-----w C:\Program Files\eMule
2008-02-27 23:53 --------- d-----w C:\Program Files\LogMeIn
2008-02-27 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 16:56 --------- d-----w C:\Program Files\Google
2008-02-26 23:38 --------- d-----w C:\Program Files\IBM
2008-02-21 03:05 --------- d-----w C:\Program Files\Common Files\Real
2008-02-20 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-16 15:50 --------- d-----w C:\Program Files\WinFlip
2008-02-16 00:42 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\BitTorrent
2008-02-15 03:49 --------- d-----w C:\Program Files\TortoiseSVN
2008-02-12 01:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 12:37 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-10 18:19 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-09 21:32 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\Skype
2008-02-05 17:02 --------- d-----w C:\Program Files\Simple Backup
2008-02-05 16:51 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2008-02-05 16:40 --------- d-----w C:\Program Files\Yahoo!
2008-02-05 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-01-29 06:30 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-01-22 21:42 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\gtk-2.0
2008-01-22 21:39 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-16 23:08 --------- d-----w C:\Program Files\TightVNC
2008-01-16 12:52 --------- d-----w C:\Program Files\BitTorrent
2008-01-13 19:08 --------- d-----w C:\Program Files\VisualTooltip
2008-01-13 18:20 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\VMware
2008-01-13 17:51 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\OtakuSoftware
2008-01-13 17:50 --------- d-----w C:\Program Files\DeskSpace
2008-01-13 17:17 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\ViStart
2008-01-13 17:15 --------- d-----w C:\Program Files\Vista Sidebar
2008-01-13 17:08 --------- d-----w C:\Program Files\ViOrb
2008-01-13 17:08 --------- d-----w C:\Program Files\TrueTransparency
2008-01-13 17:08 --------- d-----w C:\Program Files\Styler
2008-01-13 17:08 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\Styler
2008-01-13 02:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Subversion
2008-01-13 02:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VMware
2008-01-11 02:19 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-01-11 02:19 --------- d-----w C:\Program Files\Shock Utility
2008-01-10 22:15 --------- d-----w C:\Program Files\Microsoft Games
2008-01-08 03:07 --------- d-----w C:\Program Files\QLiner
2008-01-05 21:30 --------- d-----w C:\Program Files\XP Codec Pack
2008-01-04 23:36 --------- d-----w C:\Program Files\Pocket Informant
2008-01-04 14:20 --------- d-----w C:\Program Files\VirtuaWin
2008-01-04 14:17 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\.purple
2007-12-31 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-29 21:16 --------- d-----w C:\Program Files\JetAudio
2007-11-30 23:26 69,120 ----a-w C:\WINDOWS\notepad.exe
2007-11-30 23:26 50,688 ----a-w C:\WINDOWS\twain_32.dll
2007-11-30 23:26 32,866 ----a-w C:\WINDOWS\slrundll.exe
2007-11-30 23:26 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2007-11-30 23:26 224,256 ----a-w C:\WINDOWS\regedit.exe
2007-11-30 23:26 10,752 ----a-w C:\WINDOWS\hh.exe
2007-11-30 23:26 1,423,872 ----a-w C:\WINDOWS\explorer.exe
2007-11-30 23:25 450,048 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2007-11-30 23:25 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2007-11-30 23:25 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2007-11-30 23:25 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2007-11-30 23:25 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2007-11-30 23:25 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.

------- Sigcheck -------

30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\system32\wininet.dll
-c--a-w 658,944 2007-01-04 13:37:08 C:\WINDOWS\ie7\wininet.dll
-c----w 818,688 2006-11-08 01:03:36 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
-c----w 822,784 2007-01-12 13:27:42 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
-c----w 822,784 2007-04-25 08:41:17 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 824,832 2007-08-20 10:04:43 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
------w 666,112 2007-11-30 23:26:08 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
----a-w 824,832 2007-10-10 23:56:00 C:\WINDOWS\system32\wininet.dll
----a-w 824,832 2007-10-10 23:56:00 C:\WINDOWS\system32\dllcache\wininet.dll

38396a87501b0a18c87db131d6b3ce25 C:\WINDOWS\system32\ntkrnlpa.exe
------w 2,065,792 2007-11-30 16:25:06 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
----a-w 2,077,696 2007-11-30 16:25:06 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,065,792 2007-11-30 16:25:06 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

b2f036a2fb43a8e91867de0d6092554a C:\WINDOWS\system32\ntoskrnl.exe
------w 2,188,928 2007-11-30 17:25:32 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
----a-w 2,200,832 2007-11-30 17:25:32 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,188,928 2007-11-30 17:25:32 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

8834c481d4a06f0cf970ac4eac2def12 C:\WINDOWS\explorer.exe
----a-w 1,423,872 2007-11-30 23:26:26 C:\WINDOWS\explorer.exe
------w 1,033,728 2007-11-30 23:26:26 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
----a-w 1,033,728 2007-11-30 23:26:26 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-01 00:26 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-01 00:26 1695232]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [ ]
"IBM RecordNow!"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-02-28 16:34 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 16:28 868352]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 15:19 94208]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 19:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 19:07 512000]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 14:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 17:41 860160]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 21:08 86016]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 01:33 2629632]
"frymxins"="C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [ ]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 07:33 243248]
"BTStackServer"="C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe" [ ]
"BlueSoleil"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 21:00 344064]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-12-01 00:27 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"C:\Program Files\qliner\quotes\quotes.exe"="C:\Program Files\qliner\quotes\quotes.exe" [2007-05-25 11:47 335872]

C:\Documents and Settings\Ali Mualla\Start Menu\Programs\Startup\
Google Desktop.lnk - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-09 23:08:20 1836544]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-06 04:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-12-01 01:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\IBMTOOLS\\Updater\\ucsmb.exe"=
"C:\\IBMTOOLS\\Updater\\jre\\bin\\java.exe"=
"C:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\VoiceStick\\VoiceStick.exe"=
"C:\\Program Files\\VoiceStick\\autorun.exe"=
"C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"C:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\TightVNC\\WinVNC.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\VCExpress.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2005-04-20 06:38]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 SVNService;SVNService;C:\Program Files\Subversion\bin\svnservice.exe [2007-07-17 22:25]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]
R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]
S3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe []
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;C:\WINDOWS\system32\Drivers\FTD2XX.sys []
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\WINDOWS\system32\drivers\libusb0.sys [2007-03-20 11:33]
S3 usbsnoop;USB Snoopy Filter Driver Service;C:\WINDOWS\system32\drivers\usbsnoop.sys [2003-01-28 10:42]
S3 usbsnpys;USB Snoopy Driver Exposer Service;C:\WINDOWS\system32\drivers\usbsnpys.sys [2003-01-28 10:42]
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys [2006-12-24 05:15]

.
Contents of the 'Scheduled Tasks' folder
"2007-07-22 12:32:54 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 16:39:00
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Subversion\bin\svnserve.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2008-02-28 16:42:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-28 15:42:29
.
2008-02-14 02:02:08 --- E O F ---


/* ********** END COMBOFIX LOG ********** */


And here is the HijackThis log:


/* ********** BEGIN HIJACKTHIS LOG ********** */

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:53 PM, on 2/28/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Subversion\bin\svnservice.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Subversion\bin\svnserve.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BTStackServer] C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
O4 - HKLM\..\Run: [BlueSoleil] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [C:\Program Files\qliner\quotes\quotes.exe] C:\Program Files\qliner\quotes\quotes.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [C:\Program Files\qliner\quotes\quotes.exe] C:\Program Files\qliner\quotes\quotes.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - Unknown owner - C:\Program Files\LogMeIn\x86\LogMeIn.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: SVNService - Clansoft - C:\Program Files\Subversion\bin\svnservice.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 10363 bytes


/* ********** END HIJACKTHIS LOG ********** */

[kahdah]

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in one at a time)

C:\WINDOWS\system32\116016.lrd

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.

[IraqiGeek]

That file is just a small text file that is 108 bytes. It contains the following string:

0000000001000000004750879585746bc699aed62b6fa3161126e91139;ed82487f0000000031116
0-fte-m369099872-mx249164428

I still run it through VirusTotal, its still scanning and it didnt find anything.

[kahdah]

1. Please open Notepad

• Click Start , then Run
• type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\unvise32.exe
C:\WINDOWS\_delis32.ini
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\116016.lrd

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Combofix.txt
====================
After running Combofix do the following:
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
==========================================================
Then after that :
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

=========================================================

[IraqiGeek]

Here is the log from the last run of combofix:



/* ********** BEGIN COMBOFIX LOG ********** */

ComboFix 08-02-25.3 - Ali Mualla 2008-02-28 19:00:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.622 [GMT 1:00]
Running from: D:\AntiVirus\Combo-Fix.exe
Command switches used :: D:\AntiVirus\cfscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-28 17:48 . 2008-02-28 17:50 <DIR> d-------- C:\Documents and Settings\Ali Mualla\Application Data\AVG7
2008-02-28 17:47 . 2008-02-28 17:47 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-28 17:47 . 2008-02-28 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-28 17:47 . 2008-02-28 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-28 16:56 . 2008-02-28 16:56 <DIR> d-------- C:\Program Files\CCleaner
2008-02-28 15:38 . 2008-02-28 15:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-28 15:34 . 2008-02-28 15:34 <DIR> d-------- C:\Deckard
2008-02-28 15:23 . 2008-02-28 15:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-28 15:23 . 2008-02-28 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-28 15:08 . 2008-02-28 16:31 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-02-28 14:29 . 2008-02-28 16:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-28 14:08 . 2008-02-28 14:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IBM
2008-02-28 13:53 . 2008-02-28 13:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Notepad++
2008-02-28 01:14 . 2008-02-28 01:23 <DIR> d-------- C:\Program Files\CHM To PDF Converter PRO
2008-02-28 00:48 . 2008-02-28 00:48 <DIR> d-------- C:\Program Files\Two Pilots
2008-02-28 00:42 . 2008-02-28 01:11 <DIR> d-------- C:\Program Files\ABC Amber CHM Converter
2008-02-28 00:33 . 2008-02-28 00:33 <DIR> d-------- C:\Program Files\WINDDK
2008-02-27 15:48 . 2008-02-27 15:48 <DIR> d-------- C:\Program Files\Frontline Test System II
2008-02-27 15:48 . 2008-02-27 15:48 <DIR> d-------- C:\Program Files\Common Files\FTE
2008-02-27 15:48 . 2008-02-27 15:48 108 --a------ C:\WINDOWS\system32\116016.lrd
2008-02-27 01:09 . 2008-02-27 01:09 <DIR> d-------- C:\Documents and Settings\Ali Mualla\Bluetooth Software
2008-02-27 00:43 . 2007-11-30 17:23 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-27 00:43 . 2007-11-30 17:23 14,592 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-27 00:42 . 2007-12-01 00:27 380,416 --a------ C:\WINDOWS\system32\irprops.cpl
2008-02-27 00:42 . 2007-12-01 00:27 380,416 --a------ C:\WINDOWS\system32\dllcache\irprops.cpl
2008-02-27 00:40 . 2008-02-28 14:23 <DIR> d-------- C:\Program Files\WIDCOMM
2008-02-21 04:06 . 2008-02-21 04:06 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-20 16:54 . 2008-02-20 16:55 <DIR> d-------- C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2
2008-02-20 16:22 . 2008-02-20 16:32 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-20 16:22 . 2008-02-20 16:49 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-02-20 05:22 . 2008-02-20 05:22 122 --a------ C:\WINDOWS\Winchat.ini
2008-02-20 00:20 . 2008-02-20 00:20 <DIR> d-------- C:\Program Files\WinSIXAXIS
2008-02-19 00:40 . 2008-02-19 00:40 <DIR> d-------- C:\Program Files\Inno Setup 5
2008-02-18 02:38 . 2008-02-18 02:38 <DIR> d-------- C:\Documents and Settings\Ali Mualla\Application Data\Caphyon
2008-02-18 02:25 . 2008-02-18 02:25 <DIR> d-------- C:\Program Files\RegSpy
2008-02-16 16:41 . 2008-02-16 16:41 <DIR> d-------- C:\Program Files\Auslogics
2008-02-16 16:41 . 2008-02-16 16:41 <DIR> d-------- C:\Documents and Settings\Ali Mualla\Application Data\Auslogics
2008-02-16 02:08 . 2008-02-16 02:11 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-02-15 04:48 . 2008-02-15 04:48 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-02-15 04:47 . 2008-02-20 15:57 <DIR> d-------- C:\Program Files\MSECACHE
2008-02-15 03:44 . 2008-02-15 03:44 <DIR> d-------- C:\Program Files\LibUSB-Win32
2008-02-15 00:09 . 2008-02-15 00:09 268 --ah----- C:\sqmdata00.sqm
2008-02-15 00:09 . 2008-02-15 00:09 244 --ah----- C:\sqmnoopt00.sqm
2008-02-11 16:59 . 2003-01-28 10:42 92,380 --a------ C:\WINDOWS\system32\drivers\USBSnpys.sys
2008-02-11 16:59 . 2003-01-28 10:42 23,948 --a------ C:\WINDOWS\system32\drivers\UsbSnoop.sys
2008-02-11 13:50 . 2008-02-27 21:46 <DIR> d--h----- C:\Documents and Settings\Ali Mualla\.mxu-f40b
2008-02-11 13:50 . 2008-02-27 21:46 <DIR> d-------- C:\Documents and Settings\Ali Mualla\.borland
2008-02-11 13:46 . 2008-02-11 13:46 <DIR> d-------- C:\Program Files\Borland
2008-02-11 13:31 . 2008-02-11 13:31 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-02-11 03:45 . 2008-02-11 03:45 <DIR> d-------- C:\Program Files\SixaxisDriver
2008-02-11 03:45 . 2006-12-24 05:15 27,904 --a------ C:\WINDOWS\system32\drivers\xPADFL02.sys
2008-02-11 02:52 . 2008-02-24 17:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 02:52 . 2008-02-11 02:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-10 20:37 . 2008-02-10 20:37 <DIR> d-------- C:\Program Files\Parallel Port Joystick
2008-02-10 20:37 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-02-10 20:35 . 2008-02-10 20:36 <DIR> d-------- C:\Documents and Settings\Ali Mualla\Application Data\GetRightToGo
2008-02-10 19:38 . 2008-02-10 19:38 544 --a------ C:\WINDOWS\_delis32.ini
2008-02-10 19:14 . 2008-02-10 19:14 <DIR> d-------- C:\Program Files\Call of Duty 2 for Pocket PC
2008-02-06 00:17 . 2008-02-06 00:17 <DIR> d-------- C:\Program Files\RapidMind Platform v2.1
2008-02-05 19:19 . 2008-02-20 14:06 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-02-05 18:27 . 2008-02-05 18:27 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 16:35 --------- d-----w C:\Program Files\ViStart
2008-02-28 16:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 15:39 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-02-28 13:20 --------- d-----w C:\Program Files\activePDF
2008-02-28 00:48 --------- d-----w C:\Program Files\eMule
2008-02-27 23:53 --------- d-----w C:\Program Files\LogMeIn
2008-02-27 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 16:56 --------- d-----w C:\Program Files\Google
2008-02-26 23:38 --------- d-----w C:\Program Files\IBM
2008-02-21 03:05 --------- d-----w C:\Program Files\Common Files\Real
2008-02-20 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-16 15:50 --------- d-----w C:\Program Files\WinFlip
2008-02-16 00:42 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\BitTorrent
2008-02-15 03:49 --------- d-----w C:\Program Files\TortoiseSVN
2008-02-12 01:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 12:37 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-10 18:19 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-09 21:32 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\Skype
2008-02-05 17:02 --------- d-----w C:\Program Files\Simple Backup
2008-02-05 16:51 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2008-02-05 16:40 --------- d-----w C:\Program Files\Yahoo!
2008-02-05 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-01-29 06:30 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-01-22 21:42 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\gtk-2.0
2008-01-22 21:39 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-18 16:32 3,350,528 ----a-w C:\WINDOWS\system32\PDFCreatorPilot3.dll
2008-01-16 23:08 --------- d-----w C:\Program Files\TightVNC
2008-01-16 12:52 --------- d-----w C:\Program Files\BitTorrent
2008-01-13 19:08 --------- d-----w C:\Program Files\VisualTooltip
2008-01-13 18:20 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\VMware
2008-01-13 17:51 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\OtakuSoftware
2008-01-13 17:50 --------- d-----w C:\Program Files\DeskSpace
2008-01-13 17:17 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\ViStart
2008-01-13 17:15 --------- d-----w C:\Program Files\Vista Sidebar
2008-01-13 17:08 --------- d-----w C:\Program Files\ViOrb
2008-01-13 17:08 --------- d-----w C:\Program Files\TrueTransparency
2008-01-13 17:08 --------- d-----w C:\Program Files\Styler
2008-01-13 17:08 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\Styler
2008-01-13 02:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Subversion
2008-01-13 02:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VMware
2008-01-11 02:19 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-01-11 02:19 --------- d-----w C:\Program Files\Shock Utility
2008-01-10 22:15 --------- d-----w C:\Program Files\Microsoft Games
2008-01-08 03:07 --------- d-----w C:\Program Files\QLiner
2008-01-05 21:30 --------- d-----w C:\Program Files\XP Codec Pack
2008-01-04 23:36 --------- d-----w C:\Program Files\Pocket Informant
2008-01-04 14:20 --------- d-----w C:\Program Files\VirtuaWin
2008-01-04 14:17 --------- d-----w C:\Documents and Settings\Ali Mualla\Application Data\.purple
2007-12-31 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-29 21:16 --------- d-----w C:\Program Files\JetAudio
2007-12-21 15:54 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-18 19:47 598,016 ----a-w C:\WINDOWS\system32\PGPfsshl.dll
2007-12-18 19:40 198,000 ----a-w C:\WINDOWS\system32\PGPlspRollback.reg
2007-11-30 23:31 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2007-11-30 23:26 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll
2007-11-30 23:25 98,304 ----a-w C:\WINDOWS\system32\slbiop.dll
2007-11-30 23:24 756,224 ----a-w C:\WINDOWS\system32\winntbbu.dll
2007-11-30 23:24 706,048 ----a-w C:\WINDOWS\system32\ntdll.dll
2007-11-30 23:24 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2007-11-30 23:24 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2007-11-30 23:23 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2007-11-30 23:21 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2007-11-30 23:21 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2007-11-30 17:25 2,200,832 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2007-11-30 17:24 1,843,968 ----a-w C:\WINDOWS\system32\win32k.sys
2007-11-30 17:17 146,048 ----a-w C:\WINDOWS\system32\dllcache\portcls.sys
2007-11-30 17:14 141,056 ----a-w C:\WINDOWS\system32\dllcache\ks.sys
2007-11-30 16:31 49,280 ----a-w C:\WINDOWS\system32\dllcache\stream.sys
2007-11-30 16:30 60,160 ----a-w C:\WINDOWS\system32\dllcache\drmk.sys
2007-11-30 16:30 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2007-11-30 16:27 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2007-11-30 16:27 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2007-11-30 16:25 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2007-11-30 16:25 2,077,696 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2007-11-30 16:24 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2007-11-30 15:38 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2007-11-30 15:37 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2007-11-30 15:37 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2007-11-30 15:37 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2007-11-30 15:35 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2007-11-30 15:25 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2007-11-30 15:25 3,385,856 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2007-11-30 15:25 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2007-11-30 15:23 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2007-11-30 15:23 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2007-11-30 15:06 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2007-11-30 14:54 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2007-11-30 14:53 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2007-11-30 14:45 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2007-11-30 14:37 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2007-11-30 14:36 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2007-11-30 14:35 1,791,488 ----a-w C:\WINDOWS\system32\WINbrand.dll
2007-11-30 14:32 212,480 ----a-w C:\WINDOWS\system32\moricons.dll
2007-11-30 14:10 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2007-11-30 13:31 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2007-11-30 04:56 329,029 ----a-w C:\WINDOWS\system32\viwc.exe
.

------- Sigcheck -------

30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\system32\wininet.dll
-c--a-w 658,944 2007-01-04 13:37:08 C:\WINDOWS\ie7\wininet.dll
-c----w 818,688 2006-11-08 01:03:36 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
-c----w 822,784 2007-01-12 13:27:42 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
-c----w 822,784 2007-04-25 08:41:17 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 824,832 2007-08-20 10:04:43 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
------w 666,112 2007-11-30 23:26:08 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
----a-w 824,832 2007-10-10 23:56:00 C:\WINDOWS\system32\wininet.dll
----a-w 824,832 2007-10-10 23:56:00 C:\WINDOWS\system32\dllcache\wininet.dll

38396a87501b0a18c87db131d6b3ce25 C:\WINDOWS\system32\ntkrnlpa.exe
------w 2,065,792 2007-11-30 16:25:06 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
----a-w 2,077,696 2007-11-30 16:25:06 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,065,792 2007-11-30 16:25:06 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

b2f036a2fb43a8e91867de0d6092554a C:\WINDOWS\system32\ntoskrnl.exe
------w 2,188,928 2007-11-30 17:25:32 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
----a-w 2,200,832 2007-11-30 17:25:32 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,188,928 2007-11-30 17:25:32 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

8834c481d4a06f0cf970ac4eac2def12 C:\WINDOWS\explorer.exe
----a-w 1,423,872 2007-11-30 23:26:26 C:\WINDOWS\explorer.exe
------w 1,033,728 2007-11-30 23:26:26 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
----a-w 1,033,728 2007-11-30 23:26:26 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-01 00:26 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2007-12-13 20:40 8824112]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544]
"C:\Program Files\QLiner\Quotes\quotes.exe"="C:\Program Files\QLiner\Quotes\quotes.exe" [2007-05-25 11:47 335872]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2008-01-23 21:43 577536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 16:28 868352]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 15:19 94208]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 19:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 19:07 512000]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 14:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 17:41 860160]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 21:08 86016]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 01:33 2629632]
"frymxins"="C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [ ]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 07:33 243248]
"BTStackServer"="C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe" [ ]
"BlueSoleil"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 21:00 344064]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-28 17:47 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"C:\Program Files\qliner\quotes\quotes.exe"="C:\Program Files\qliner\quotes\quotes.exe" [2007-05-25 11:47 335872]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-28 17:47 219136]

C:\Documents and Settings\Ali Mualla\Start Menu\Programs\Startup\
Google Desktop.lnk - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-09 23:08:20 1836544]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VirtuaWin.lnk - C:\Program Files\VirtuaWin\VirtuaWin.exe [2007-07-11 09:49:03 115712]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoSMMyPictures"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-06 04:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-12-01 01:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\IBMTOOLS\\Updater\\ucsmb.exe"=
"C:\\IBMTOOLS\\Updater\\jre\\bin\\java.exe"=
"C:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\VoiceStick\\VoiceStick.exe"=
"C:\\Program Files\\VoiceStick\\autorun.exe"=
"C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"C:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\TightVNC\\WinVNC.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\VCExpress.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2005-04-20 06:38]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 SVNService;SVNService;C:\Program Files\Subversion\bin\svnservice.exe [2007-07-17 22:25]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]
R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]
S3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe []
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;C:\WINDOWS\system32\Drivers\FTD2XX.sys []
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\WINDOWS\system32\drivers\libusb0.sys [2007-03-20 11:33]
S3 usbsnoop;USB Snoopy Filter Driver Service;C:\WINDOWS\system32\drivers\usbsnoop.sys [2003-01-28 10:42]
S3 usbsnpys;USB Snoopy Driver Exposer Service;C:\WINDOWS\system32\drivers\usbsnpys.sys [2003-01-28 10:42]
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys [2006-12-24 05:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\wd_windows_tools\setup.exe

*Newly Created Service* - AVG7ALRT
*Newly Created Service* - AVG7CORE
*Newly Created Service* - AVG7UPDSVC
*Newly Created Service* - AVGCLEAN
.
Contents of the 'Scheduled Tasks' folder
"2007-07-22 12:32:54 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 19:02:47
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\Program Files\\QLiner\\Quotes\\quotes.exe"="C:\\Program Files\\QLiner\\Quotes\\quotes.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-02-28 19:03:35
ComboFix-quarantined-files.txt 2008-02-28 18:03:17
ComboFix2.txt 2008-02-28 15:42:33
.
2008-02-14 02:02:08 --- E O F ---


/* ********** END COMBOFIX LOG ********** */


Run Malwarebytes' Anti-Malware, AVG Antivirus and Spybot Search & Destroy and all didn't find any infected files on my system.

I ran kasparsky's webscanner earlier today, before I posted on these forums, and it was VERY slow. It took it over 3 minutes to scan a 1.4MB installer of one of my apps that contains 8 files totalling a little over 4MB unpacked.

[kahdah]

Ok well go ahead and uninstall Malwarebytes antimalware.

Then Time for some housekeeping

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
  
  
  [list]
• 

The above procedure will delete and do the following:

• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Clean System Restore points.

Also delete\uninstall anything that we used that is left over.
===========================================
After that Your log is clean.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here

[IraqiGeek]

Thanks a lot for all your help. I really appreciate it.

I know exactly how, when, and what got me infected. Its just that I couldn't find any malicous process running, which baffled me as to what was happening.

Thanks again.

[kahdah]

You are welcome


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[kahdah]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.