Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

The YouTube Trojan [RESOLVED]

Started by DjGalm , Apr 20 2008 08:06 AM

  • This topic is locked This topic is locked

#1
DjGalm
Posted 20 April 2008 - 08:06 AM

DjGalm

    New Member

  • Member
  • Pip
  • 6 posts
When I open up YouTube on either IE7 or Firefox I get logged in to random accounts from people around the world. They are real accounts by the way, not bogus ones. When I log into my accounts everything goes fine but after a few clicks through the videos I get either logged out or logged into someone else's account. Is this a Trojan? Here's my HijackThis 2.02 log: (also if you could tell me if there any services running in the background that are not that essential)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:29 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.174.67.187:3124
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Bluetooth.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205511643453
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 8955 bytes
  • 0

Advertisements

#2
greyknight17
Posted 20 April 2008 - 07:08 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Not much that you can disable from startup. You can check and fix these in HijackThis:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

For MSN Messenger, you can go into the options/settings and change the setting to disable it from startup.

Let's see if we can spot anything with the following tool...

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

Also run the following virus scanner:

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.
  • 0

#3
DjGalm
Posted 21 April 2008 - 07:42 AM

DjGalm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is my ComboFix log

ComboFix 08-04-20.2 - Galm 2008-04-21 12:56:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1487 [GMT 4:00]
Running from: C:\Documents and Settings\Galm\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Galm\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-20 18:03 . 2008-04-20 18:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-19 22:06 . 2008-04-19 22:07 <DIR> d-------- C:\Program Files\iTunes
2008-04-19 22:06 . 2008-04-19 22:06 <DIR> d-------- C:\Program Files\iPod
2008-04-19 22:06 . 2008-04-19 22:06 <DIR> d-------- C:\Program Files\Bonjour
2008-04-19 22:05 . 2008-04-19 22:06 <DIR> d-------- C:\Program Files\QuickTime
2008-04-19 22:05 . 2008-04-19 22:05 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-04-19 22:05 . 2008-04-19 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-19 22:01 . 2008-04-19 22:07 <DIR> d-------- C:\Documents and Settings\Galm\Application Data\Apple Computer
2008-04-19 21:59 . 2008-04-21 00:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-19 21:59 . 2008-04-19 21:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-18 18:34 . 2008-04-18 18:34 1,409 --a------ C:\WINDOWS\system32\tmpC6BD6.FOT
2008-04-18 18:34 . 2008-04-18 18:34 1,409 --a------ C:\WINDOWS\system32\tmp5F9D6.FOT
2008-04-18 18:34 . 2008-04-18 18:34 1,409 --a------ C:\WINDOWS\system32\tmp32AD6.FOT
2008-04-18 18:34 . 2008-04-18 18:34 1,409 --a------ C:\WINDOWS\system32\tmp18AD6.FOT
2008-04-18 18:34 . 2008-04-18 18:34 1,409 --a------ C:\WINDOWS\system32\tmp0BAD6.FOT
2008-04-18 18:14 . 2004-10-13 14:28 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-04-18 18:14 . 2004-10-13 14:28 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-04-18 18:14 . 2004-10-13 14:28 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-04-18 18:14 . 2004-10-13 14:28 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2008-04-18 18:14 . 2004-10-13 14:28 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-04-18 18:07 . 2008-04-18 18:14 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-16 01:41 . 2008-04-16 01:41 <DIR> d-------- C:\Program Files\RocketDock
2008-04-15 20:44 . 2008-04-15 20:44 222 --a------ C:\FindBt.log.old
2008-04-14 21:16 . 2008-04-15 17:58 <DIR> d-------- C:\DRIVERS
2008-04-13 20:29 . 2008-04-13 20:29 <DIR> d-------- C:\Documents and Settings\Galm\Application Data\Notepad++
2008-04-13 18:13 . 2008-04-13 18:20 <DIR> d-------- C:\Documents and Settings\Galm\Application Data\Hamachi
2008-04-13 18:12 . 2008-04-13 18:13 <DIR> d-------- C:\Program Files\Hamachi
2008-04-13 18:12 . 2008-04-13 18:12 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-13 17:28 . 2008-04-13 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-13 17:27 . 2008-04-13 17:27 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-13 17:26 . 2008-04-13 17:26 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-13 17:26 . 2008-04-13 17:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-04-13 17:25 . 2008-04-13 17:25 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-04-13 17:25 . 2008-04-13 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-13 17:25 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-04-13 16:44 . 2008-04-13 16:44 <DIR> d-------- C:\Documents and Settings\Galm\Application Data\Logitech
2008-04-13 16:41 . 2006-03-28 17:55 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-04-13 16:41 . 2006-03-28 17:55 55,808 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2008-04-13 16:41 . 2006-03-28 17:54 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2008-04-13 16:39 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-04-13 16:39 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-04-13 16:39 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-04-13 16:39 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-04-13 16:39 . 2007-11-29 02:17 55,824 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-04-13 16:39 . 2006-03-28 17:55 36,736 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2008-04-13 16:39 . 2006-03-28 17:56 27,008 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2008-04-13 16:37 . 2008-04-13 16:39 <DIR> d-------- C:\Program Files\Logitech
2008-04-13 16:37 . 2005-06-08 14:31 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2008-04-13 16:37 . 2005-06-08 14:31 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2008-04-13 16:37 . 2005-06-08 14:31 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
2008-04-13 16:37 . 2005-06-08 14:38 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2008-04-13 16:37 . 2005-06-08 14:31 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2008-04-13 16:37 . 2005-06-08 14:31 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2008-04-08 17:51 . 2008-04-14 02:08 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-04-07 23:06 . 2008-04-07 23:17 26,624 --a------ C:\I was in Lebanon during my summer vacation when the two Israeli soldiers were kidnapped in 2006.doc
2008-04-07 14:25 . 2008-04-07 14:43 <DIR> d-------- C:\Program Files\Windows Mobile Developer Power Toys
2008-04-07 13:10 . 2008-04-07 13:10 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-04-07 03:40 . 2008-04-07 03:41 <DIR> d-------- C:\Program Files\WinLibre
2008-04-07 02:05 . 2008-04-07 02:05 <DIR> d-------- C:\Program Files\Torrents Open Registrations Checker
2008-04-05 03:36 . 2008-04-11 23:31 <DIR> d-------- C:\WINDOWS\system\New Folder
2008-04-05 03:36 . 2008-04-11 23:32 <DIR> d-------- C:\WINDOWS\system\Incomplete
2008-04-05 03:35 . 2008-04-11 23:31 <DIR> d-------- C:\Documents and Settings\Galm\Application Data\LimeWire
2008-04-03 05:42 . 2008-04-03 05:44 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-04-03 05:10 . 2008-04-04 12:52 <DIR> d-------- C:\Program Files\Minefield
2008-04-03 04:40 . 2008-04-03 04:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-04-03 04:35 . 2008-04-03 04:35 <DIR> d-------- C:\Documents and Settings\Galm\Application Data\Webroot
2008-04-03 04:34 . 2008-04-03 04:34 <DIR> d-------- C:\Program Files\Webroot
2008-04-03 04:34 . 2008-04-03 04:35 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-04-03 04:34 . 2008-04-03 04:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-03 04:34 . 2007-08-10 00:56 69,960 --a------ C:\WINDOWS\Unwash6.exe
2008-04-03 03:16 . 2008-04-13 21:32 <DIR> d-------- C:\Program Files\nLite
2008-04-01 13:30 . 2008-04-01 13:30 <DIR> d-------- C:\Program Files\XNeat Windows Manager
2008-04-01 10:46 . 2008-04-21 08:06 <DIR> d-------- C:\Documents and Settings\Galm\Application Data\skypePM
2008-04-01 10:46 . 2008-04-01 10:46 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-01 10:31 . 2008-04-01 10:31 <DIR> d-------- C:\Program Files\GALA-NET
2008-04-01 10:31 . 2005-08-12 02:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-04-01 08:13 . 2008-04-11 18:51 <DIR> d-------- C:\Program Files\Crime Catcher
2008-04-01 08:13 . 2006-01-06 00:25 1,409,024 --a------ C:\WINDOWS\system32\ChilkatMail2.dll
2008-04-01 08:13 . 2005-09-24 04:14 757,760 --a------ C:\WINDOWS\system32\videocapx.ocx
2008-04-01 08:13 . 2003-08-29 17:10 389,120 --a------ C:\WINDOWS\system32\ChilkatUtil.dll
2008-04-01 08:13 . 2003-09-25 21:02 290,816 --a------ C:\WINDOWS\system32\ChilkatFTP.dll
2008-04-01 08:13 . 2002-12-18 22:15 107,800 --a------ C:\WINDOWS\system32\csras32.ocx
2008-04-01 08:13 . 2004-07-08 07:20 40,960 --a------ C:\WINDOWS\system32\motion.dll
2008-04-01 07:52 . 2008-04-01 07:52 <DIR> d-------- C:\Program Files\LEDSET
2008-04-01 06:45 . 2008-04-01 06:46 <DIR> d-------- C:\Program Files\ManyCam 2.2
2008-04-01 05:14 . 2008-04-01 05:14 <DIR> d-------- C:\Program Files\Stardock
2008-04-01 05:14 . 2008-04-01 09:50 <DIR> d-------- C:\Program Files\Common Files\stardock
2008-04-01 05:14 . 2000-10-20 12:05 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-31 07:20 . 2008-03-31 07:20 <DIR> d-------- C:\Documents and Settings\Galm\Application Data\ViStart
2008-03-30 15:38 . 2008-03-30 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-30 11:57 . 2008-04-12 03:05 <DIR> d-------- C:\Documents and Settings\Galm\Application Data\Desktop Sidebar
2008-03-30 10:36 . 2008-03-30 10:36 <DIR> d-------- C:\Program Files\Motvik
2008-03-29 21:48 . 2007-10-02 00:46 114,688 --a------ C:\WINDOWS\system32\BTCamVideoSource.dll
2008-03-29 21:07 . 2008-03-29 21:07 <DIR> d-------- C:\Program Files\Ateksoft
2008-03-29 21:07 . 2007-12-25 22:06 11,776 --a------ C:\WINDOWS\system32\drivers\ateksoftaudio.sys
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-27 23:46 . 2008-03-27 23:46 <DIR> d-------- C:\Program Files\Desktop Sidebar
2008-03-27 08:38 . 2008-03-29 17:16 <DIR> d-------- C:\Program Files\Google
2008-03-26 06:35 . 2008-03-26 06:38 <DIR> d-------- C:\Documents and Settings\Test\Application Data\Winamp
2008-03-26 06:34 . 2008-03-26 06:34 <DIR> d-------- C:\Documents and Settings\Test\Bluetooth Software
2008-03-26 06:33 . 2008-03-26 06:34 <DIR> d-------- C:\Documents and Settings\Test
2008-03-26 06:33 . 2008-04-21 12:55 1,024 --ah----- C:\Documents and Settings\Test\ntuser.dat.LOG
2008-03-26 05:05 . 2008-03-26 05:05 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-03-25 09:50 . 2008-03-25 09:50 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-25 09:48 . 2005-10-15 09:42 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll
2008-03-25 09:47 . 2005-03-14 23:03 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-03-25 09:47 . 2005-03-14 23:05 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-03-25 09:47 . 2005-03-08 22:55 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-03-25 09:47 . 2005-03-14 23:05 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-03-25 09:47 . 2005-03-15 00:39 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-03-25 09:47 . 2005-03-08 22:55 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-03-25 09:46 . 2008-03-25 09:47 <DIR> d-------- C:\Program Files\HP
2008-03-24 11:26 . 2008-03-29 09:38 <DIR> d-------- C:\Program Files\Addit! Pro FSX
2008-03-24 08:38 . 2008-03-24 08:38 <DIR> d-------- C:\Documents and Settings\Galm\Application Data\Thunderbird
2008-03-24 08:37 . 2008-04-21 00:56 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-03-23 18:13 . 2008-04-03 03:30 <DIR> d-------- C:\Program Files\Frets on Fire
2008-03-23 18:02 . 2008-03-23 18:02 <DIR> d-------- C:\Program Files\Team MediaPortal
2008-03-23 17:07 . 2008-03-23 17:07 <DIR> d-------- C:\Documents and Settings\Galm\WINDOWS
2008-03-22 15:02 . 2008-04-07 22:25 <DIR> d--hs---- C:\Boot
2008-03-22 15:02 . 2008-03-29 04:19 443,912 -rahs---- C:\bootmgr
2008-03-22 15:02 . 2008-03-22 16:12 8,192 -ra-s---- C:\BOOTSECT.BAK
2008-03-22 14:43 . 2008-03-22 15:03 1,887 --a------ C:\WINDOWS\diagwrn.xml
2008-03-22 14:43 . 2008-03-22 15:03 1,887 --a------ C:\WINDOWS\diagerr.xml
2008-03-22 12:20 . 2008-03-22 12:20 <DIR> d-------- C:\Program Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 08:56 --------- d-----w C:\Program Files\ESET
2008-04-21 05:18 --------- d-----w C:\Program Files\DC++
2008-04-20 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-19 22:14 --------- d-----w C:\Program Files\FrostWire
2008-04-18 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 12:45 --------- d-----w C:\Documents and Settings\Galm\Application Data\foobar2000
2008-04-13 13:25 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-11 13:02 --------- d-----w C:\Documents and Settings\Galm\Application Data\TeamViewer
2008-04-03 01:33 --------- d-----w C:\Program Files\Java
2008-04-03 00:50 --------- d-----w C:\Program Files\Audacity
2008-04-03 00:40 --------- d-----w C:\Program Files\Winamp
2008-04-02 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-04-02 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Screaming Bee
2008-04-01 21:28 --------- d-----w C:\Documents and Settings\Galm\Application Data\X-Chat 2
2008-03-31 04:07 --------- d-----w C:\Documents and Settings\Galm\Application Data\Winamp
2008-03-30 11:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-29 18:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-29 11:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-28 22:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-26 02:49 --------- d-----w C:\Program Files\CamStudio
2008-03-24 07:28 --------- d-----w C:\Program Files\Microsoft Games
2008-03-23 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-23 12:42 --------- d-----w C:\Program Files\Funcom
2008-03-23 12:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-03-22 10:09 --------- d-----w C:\Documents and Settings\Galm\Application Data\VMware
2008-03-20 20:04 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-03-20 19:12 --------- d-----w C:\Documents and Settings\Galm\Application Data\vlc
2008-03-20 19:00 --------- d-----w C:\Program Files\GRETECH
2008-03-20 18:59 --------- d-----w C:\Program Files\VideoLAN
2008-03-20 06:45 --------- d-----w C:\Documents and Settings\Galm\Application Data\FrostWire
2008-03-19 21:54 --------- d-----w C:\Program Files\PowerISO
2008-03-19 17:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-18 17:20 --------- d-----w C:\Program Files\Paragon Software
2008-03-18 14:29 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-18 14:24 --------- d-----w C:\Program Files\foobar2000
2008-03-17 22:26 --------- d-----w C:\Program Files\AeriaGames
2008-03-17 19:42 --------- d-----w C:\Program Files\MagicDisc
2008-03-17 01:28 --------- d-----w C:\Program Files\Screaming Bee
2008-03-17 01:28 --------- d-----w C:\Documents and Settings\Galm\Application Data\Screaming Bee
2008-03-17 01:23 --------- d-----w C:\Program Files\Common Files\Screaming Bee
2008-03-16 18:29 --------- d-----w C:\Program Files\Hotspot Shield
2008-03-16 02:10 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-16 01:58 --------- d-----w C:\Program Files\MSBuild
2008-03-16 01:58 --------- d-----w C:\Program Files\Microsoft Works
2008-03-15 22:03 --------- d-----w C:\Program Files\Stellar Phoenix Outlook Pst Repair
2008-03-15 14:47 --------- d-----w C:\Program Files\KComputer Zone Widget Pack
2008-03-15 14:37 --------- d-----w C:\Program Files\TGTSoft
2008-03-15 13:04 --------- d-----w C:\Program Files\Apple Software Update
2008-03-15 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-15 11:42 --------- d-----w C:\Documents and Settings\Galm\Application Data\SecondLife
2008-03-15 11:13 --------- d-----w C:\Program Files\ThinkPad
2008-03-15 08:15 --------- d-----w C:\Program Files\URLSnooper2
2008-03-15 07:55 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-15 07:39 --------- d-----w C:\Program Files\WinPcap
2008-03-15 06:44 106,496 ----a-w C:\WINDOWS\system32\WMPBTRemote.dll
2008-03-15 06:44 --------- d-----w C:\Documents and Settings\Galm\Application Data\Orion
2008-03-15 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-15 06:15 --------- d-----w C:\Program Files\X-Chat 2
2008-03-15 06:14 --------- d-----w C:\Program Files\xchat
2008-03-14 23:57 --------- d-----w C:\Program Files\BitComet
2008-03-14 23:27 --------- d-----w C:\Program Files\Synaptics
2008-03-14 22:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-14 22:24 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-14 20:10 --------- d-----w C:\Program Files\IE7Pro
2008-03-14 20:10 --------- d-----w C:\Documents and Settings\Galm\Application Data\IE7Pro
2008-03-14 19:55 --------- d-----w C:\Program Files\Microsoft Speech SDK 5.1
2008-03-14 19:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-14 19:18 --------- d-----w C:\Program Files\Common Files\Java
2008-03-14 19:17 --------- d-----w C:\Program Files\Foxit Software
2008-03-14 19:17 --------- d-----w C:\Program Files\FolderSize
2008-03-14 19:16 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-03-14 19:15 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-14 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
2008-03-14 18:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-14 18:43 --------- d-----w C:\Program Files\Windows Live
2008-03-14 17:25 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-03-14 17:25 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-14 17:25 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-14 17:24 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-03-14 17:10 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe
2008-03-14 17:07 --------- d-----w C:\Program Files\Cacheman
2008-03-14 17:01 --------- d-----w C:\Program Files\Resource Kit
2008-03-14 16:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-14 16:12 2,532,664 ----a-w C:\WINDOWS\qfe12.tmp
2008-03-14 16:11 530,672 ----a-w C:\WINDOWS\qfe4.tmp
2008-03-14 16:11 494,832 ----a-w C:\WINDOWS\qfe5.tmp
2008-03-14 16:07 2,619,120 ----a-w C:\WINDOWS\qfe3E.tmp
2008-03-14 16:07 2,583,280 ----a-w C:\WINDOWS\qfe3F.tmp
2008-03-14 16:06 553,200 ----a-w C:\WINDOWS\qfe3A.tmp
2008-03-14 16:06 517,360 ----a-w C:\WINDOWS\qfe3B.tmp
2008-03-14 16:06 507,112 ----a-w C:\WINDOWS\qfe2F.tmp
2008-03-14 16:06 471,272 ----a-w C:\WINDOWS\qfe30.tmp
2008-03-14 16:06 402,664 ----a-w C:\WINDOWS\qfe2A.tmp
2008-03-14 16:05 813,288 ----a-w C:\WINDOWS\qfe22.tmp
2008-03-14 16:05 777,448 ----a-w C:\WINDOWS\qfe23.tmp
2008-03-14 16:05 411,880 ----a-w C:\WINDOWS\qfe1A.tmp
2008-03-14 16:05 376,040 ----a-w C:\WINDOWS\qfe1B.tmp
2008-03-14 16:05 352,488 ----a-w C:\WINDOWS\qfe20.tmp
2008-03-14 16:04 406,760 ----a-w C:\WINDOWS\qfe13.tmp
.

------- Sigcheck -------

2007-10-30 20:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2003-07-16 20:41 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 11:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 11:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-03-21 00:04 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-03-21 00:04 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 22:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 20:24 1694208]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-14 00:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-14 21:25 949376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-28 20:06 8491008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 12:56 158208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Galm^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Galm\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Galm^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Galm\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Galm^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Galm\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cacheman]
--a------ 2003-08-01 02:13 1290752 C:\PROGRA~1\Cacheman\Cacheman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Compact Remote Control]
C:\Program Files\nikafx\Compact Remote Control Trial\CRC_Server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 12:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 11:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-14 00:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-20 04:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
--a------ 2008-02-06 11:24 1676584 C:\Program Files\ManyCam 2.2\ManyCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-28 20:06 8491008 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-28 20:06 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-09-28 20:06 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-15 03:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-02 04:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--------- 2007-04-04 07:55 839680 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-04-10 04:23 1015808 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 15:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-06-25 02:33 561152 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-06-25 02:34 126976 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysMetrix]
C:\Program Files\SysMetrix\SysMetrix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
C:\Program Files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 2007-08-10 00:56 1261384 C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XNeat Windows Manager]
--a------ 2008-03-04 02:09 77824 C:\Program Files\XNeat Windows Manager\xnViewer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"helpsvc"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7680:TCP"= 7680:TCP:BitComet 7680 TCP
"7680:UDP"= 7680:UDP:BitComet 7680 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"45682:TCP"= 45682:TCP:BitComet 45682 TCP
"45682:UDP"= 45682:UDP:BitComet 45682 UDP

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2008-01-22 04:43]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-10 00:56]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 14:06]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 10:52]
S3 AteksoftAudio;WebCamera Plus Audio;C:\WINDOWS\system32\drivers\ateksoftaudio.sys [2007-12-25 22:06]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 01:10]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 13:00:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [59764]
? [19380]
? [53112]
? [58520]
? [59992]
? [60000]
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-21 13:02:39
ComboFix-quarantined-files.txt 2008-04-21 09:01:50

Pre-Run: 5,308,895,232 bytes free
Post-Run: 6,227,505,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

420 --- E O F --- 2008-03-29 11:06:31


Here's my Panda ActiveScan log as well (looks like I have company):

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-21 17:37:23
PROTECTIONS: 1
MALWARE: 25
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
ESET NOD32 antivirus system 2.70 2.70 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Cookies\galm@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Cookies\ncode@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Cookies\galm@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 No No V:\Documents and Settings\Ncode\Local Settings\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\Cache\4292372Ed01[²ƒÇ]
00139535 Application/Processor HackTools No 0 No No V:\System Volume Information\_restore{BFCD3DE7-5A68-4188-BD1E-772B289664FC}\RP26\A0006264.exe[²ƒÇ]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Cookies\ncode@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies-1.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Cookies\galm@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Cookies\ncode@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies-1.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Cookies\galm@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Application Data\Mozilla\Firefox\Profiles\6rhog7px.default\cookies.txt[.apmebf.com/]
00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Cookies\galm@versiontracker[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\0tpj2933.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Cookies\galm@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\0tpj2933.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\0tpj2933.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\0tpj2933.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Cookies\ncode@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.ads.pointroll.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No V:\Documents and Settings\Ncode\Cookies\ncode@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\eltay3ho.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mozilla\Firefox\Profiles\90amo8be.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Galm\Application Data\Mo
  • 0

#4
greyknight17
Posted 21 April 2008 - 04:40 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you know what this file is for?

C:\I was in Lebanon during my summer vacation when the two Israeli soldiers were kidnapped in 2006.doc

If not, delete it.

The only thing that I see that is related to your issue, is this program:

C:\Program Files\YouTube Downloader

Try uninstalling it to see if it helps.

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\qfe12.tmp
C:\WINDOWS\qfe4.tmp
C:\WINDOWS\qfe5.tmp
C:\WINDOWS\qfe3E.tmp
C:\WINDOWS\qfe3F.tmp
C:\WINDOWS\qfe3A.tmp
C:\WINDOWS\qfe3B.tmp
C:\WINDOWS\qfe2F.tmp
C:\WINDOWS\qfe30.tmp
C:\WINDOWS\qfe2A.tmp
C:\WINDOWS\qfe22.tmp
C:\WINDOWS\qfe23.tmp
C:\WINDOWS\qfe1A.tmp
C:\WINDOWS\qfe1B.tmp
C:\WINDOWS\qfe20.tmp
C:\WINDOWS\qfe13.tmp

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Any improvement?
  • 0

#5
DjGalm
Posted 21 April 2008 - 05:02 PM

DjGalm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you for your quick reply sir. The document was just a story I was reading. I have tried everything I could but no luck so I decided to format my laptop and install everything from scratch. I've installed only freeware and opensource software to make this faster but didn't include YouTube Downloader. It's still the same, I am still managing to get into other people's accounts (in the United Arab Emirates specifically). I know that some people might say "Well good for you! Now you have full control just like a hacker!" but that's not my way, I just want to log into my account. I'll report this to YouTube soon and see what comes up.

Here's a ComboFix log for my new Windows XP Pro installation:

ComboFix 08-04-20.2 - Ncrypt 2008-04-22 2:57:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1416 [GMT 4:00]
Running from: C:\Documents and Settings\Ncrypt\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ncrypt\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-22 01:57 . 2008-04-22 01:57 <DIR> d-------- C:\Program Files\CCleaner
2008-04-22 01:57 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-04-22 01:57 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-04-22 01:56 . 2008-04-22 01:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 01:49 . 2008-04-22 01:49 <DIR> d-------- C:\Program Files\Foxit Software
2008-04-22 01:45 . 2008-04-22 01:45 <DIR> d-------- C:\Program Files\Hamachi
2008-04-22 01:45 . 2008-04-22 01:45 <DIR> d-------- C:\Documents and Settings\Ncrypt\Application Data\TeamViewer
2008-04-22 01:45 . 2008-04-22 01:45 <DIR> d-------- C:\Documents and Settings\Ncrypt\Application Data\Hamachi
2008-04-22 01:45 . 2008-04-22 01:45 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-22 01:44 . 2008-04-22 01:44 <DIR> d-------- C:\Program Files\TeamViewer3
2008-04-22 01:44 . 2008-04-22 01:44 <DIR> d-------- C:\Documents and Settings\Ncrypt\temp
2008-04-22 01:41 . 2008-04-22 01:41 <DIR> d-------- C:\Program Files\MozBackup
2008-04-22 01:41 . 2008-04-22 01:41 <DIR> d-------- C:\Documents and Settings\Ncrypt\Application Data\skypePM
2008-04-22 01:41 . 2008-04-22 01:41 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-04-22 01:40 . 2008-04-22 01:40 <DIR> d-------- C:\Program Files\Skype
2008-04-22 01:40 . 2008-04-22 01:40 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-22 01:40 . 2008-04-22 01:40 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-04-22 01:40 . 2008-04-22 02:53 <DIR> d-------- C:\Documents and Settings\Ncrypt\Application Data\Skype
2008-04-22 01:40 . 2008-04-22 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-04-22 01:39 . 2008-04-22 01:39 <DIR> d-------- C:\Program Files\Winamp
2008-04-22 01:39 . 2008-04-22 01:39 <DIR> d-------- C:\Program Files\uTorrent
2008-04-22 01:39 . 2008-04-22 01:39 <DIR> d-------- C:\Program Files\DC++
2008-04-22 01:39 . 2008-04-22 01:39 <DIR> d-------- C:\Documents and Settings\Ncrypt\Application Data\Winamp
2008-04-22 01:39 . 2008-04-22 02:05 <DIR> d-------- C:\Documents and Settings\Ncrypt\Application Data\uTorrent
2008-04-22 01:36 . 2008-04-22 01:36 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-22 01:32 . 2008-04-22 01:32 <DIR> d-------- C:\Program Files\Audacity
2008-04-22 01:24 . 2008-04-22 01:24 <DIR> d-------- C:\Program Files\foobar2000
2008-04-22 01:22 . 2008-04-22 01:22 1,169 --a------ C:\WINDOWS\mozver.dat
2008-04-22 00:19 . 2008-04-22 02:53 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-04-22 00:19 . 2008-04-22 00:19 <DIR> d-------- C:\Program Files\MagicISO
2008-04-22 00:19 . 2008-04-22 00:19 <DIR> d-------- C:\Program Files\Glary Undelete
2008-04-22 00:19 . 2008-04-22 00:19 <DIR> d-------- C:\Program Files\7-Zip
2008-04-22 00:19 . 2008-04-22 00:19 <DIR> d-------- C:\Documents and Settings\Ncrypt\Application Data\Thunderbird
2008-04-22 00:17 . 2008-04-22 02:57 <DIR> d-------- C:\Program Files\ESET
2008-04-22 00:17 . 2008-04-22 00:17 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-04-22 00:17 . 2008-04-22 00:17 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-04-22 00:17 . 2008-04-22 00:17 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-22 00:11 . 2008-04-22 00:11 <DIR> d-------- C:\Program Files\Motvik
2008-04-22 00:11 . 2008-04-22 00:11 <DIR> d-------- C:\Program Files\CamStudio
2008-04-22 00:08 . 2008-04-22 00:08 <DIR> d-------- C:\Program Files\Crime Catcher
2008-04-22 00:08 . 2008-04-22 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-22 00:08 . 2006-01-05 13:25 1,409,024 --a------ C:\WINDOWS\system32\ChilkatMail2.dll
2008-04-22 00:08 . 2000-05-22 00:00 1,066,176 --a------ C:\WINDOWS\system32\mscomctl.ocx
2008-04-22 00:08 . 2005-09-23 17:14 757,760 --a------ C:\WINDOWS\system32\videocapx.ocx
2008-04-22 00:08 . 2003-08-29 06:10 389,120 --a------ C:\WINDOWS\system32\ChilkatUtil.dll
2008-04-22 00:08 . 2003-09-25 10:02 290,816 --a------ C:\WINDOWS\system32\ChilkatFTP.dll
2008-04-22 00:08 . 1999-05-07 01:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-04-22 00:08 . 2000-03-14 00:00 118,784 --a------ C:\WINDOWS\system32\msstdfmt.dll
2008-04-22 00:08 . 2002-10-08 11:46 109,248 --a------ C:\WINDOWS\system32\mswinsck.ocx
2008-04-22 00:08 . 2002-12-18 11:15 107,800 --a------ C:\WINDOWS\system32\csras32.ocx
2008-04-22 00:08 . 2004-07-07 20:20 40,960 --a------ C:\WINDOWS\system32\motion.dll
2008-04-22 00:07 . 2008-04-22 00:07 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-04-22 00:07 . 2008-04-22 00:06 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-04-22 00:04 . 2008-04-22 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-22 00:04 . 2008-04-22 00:04 268 --ah----- C:\sqmdata01.sqm
2008-04-22 00:04 . 2008-04-22 00:04 244 --ah----- C:\sqmnoopt01.sqm
2008-04-22 00:02 . 2008-03-01 17:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-22 00:02 . 2007-07-01 07:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-22 00:02 . 2007-07-01 07:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-22 00:02 . 2008-03-01 17:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-22 00:02 . 2008-03-01 17:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-22 00:02 . 2008-03-01 17:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-22 00:02 . 2008-03-01 17:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-22 00:02 . 2008-03-01 17:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-22 00:02 . 2008-02-22 14:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-22 00:01 . 2008-04-22 00:01 <DIR> d-------- C:\Documents and Settings\Ncrypt\Contacts
2008-04-22 00:01 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-22 00:00 . 2008-04-22 00:00 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-04-22 00:00 . 2008-04-22 00:00 268 --ah----- C:\sqmdata00.sqm
2008-04-22 00:00 . 2008-04-22 00:00 244 --ah----- C:\sqmnoopt00.sqm
2008-04-21 23:56 . 2008-04-21 23:56 <DIR> d-------- C:\Program Files\GALA-NET
2008-04-21 23:56 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-04-21 23:52 . 2008-04-21 23:59 <DIR> d-------- C:\Program Files\Windows Live
2008-04-21 23:52 . 2008-04-21 23:58 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-21 23:51 . 2008-04-21 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-21 23:46 . 2008-04-21 23:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-21 23:46 . 2008-04-21 23:46 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-04-21 23:44 . 2008-04-21 23:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-21 23:39 . 2008-04-22 00:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-21 23:34 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-21 23:34 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-04-21 23:32 . 2008-04-21 23:32 <DIR> d-------- C:\Documents and Settings\Ncrypt\Bluetooth Software
2008-04-21 23:28 . 2008-04-21 23:28 <DIR> d-------- C:\Documents and Settings\Ncrypt\Application Data\Logitech
2008-04-21 23:28 . 2006-03-28 17:54 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2008-04-21 23:27 . 2008-04-21 23:29 <DIR> d-------- C:\Program Files\Logitech
2008-04-21 23:27 . 2008-04-21 23:29 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-04-21 23:27 . 2006-05-05 06:19 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2008-04-21 23:27 . 2006-05-05 06:18 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-04-21 23:27 . 2006-05-05 06:18 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-04-21 23:27 . 2006-03-28 17:38 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-04-21 23:27 . 2006-03-28 17:55 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-04-21 23:27 . 2006-03-28 17:55 55,808 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-04-21 23:27 . 2006-05-05 06:19 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2008-04-21 23:27 . 2006-03-28 17:55 36,736 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2008-04-21 23:27 . 2006-03-28 17:56 27,008 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2008-04-21 23:26 . 2008-04-21 23:26 <DIR> d-------- C:\WINDOWS\nview
2008-04-21 23:26 . 2007-09-28 08:06 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-21 23:26 . 2007-09-28 08:06 134,756 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-21 23:26 . 2007-09-28 08:06 17,527 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-21 23:26 . 2008-04-21 23:26 0 --a------ C:\WINDOWS\qfe10B.tmp
2008-04-21 23:25 . 2007-09-28 09:06 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-21 23:24 . 2008-04-21 23:24 <DIR> d-------- C:\Program Files\CONEXANT
2008-04-21 23:23 . 2006-01-12 15:52 1,904 --------- C:\WINDOWS\system32\SetupBD.din
2008-04-21 23:22 . 2008-04-21 23:56 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-21 23:22 . 2008-04-21 23:56 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-21 23:22 . 2008-04-21 23:22 <DIR> d-------- C:\Program Files\Analog Devices
2008-04-21 23:21 . 2008-04-21 23:21 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-21 23:19 . 2008-04-21 23:59 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-21 23:19 . 2008-04-21 23:19 <DIR> d-------- C:\Program Files\DIFX
2008-04-21 23:19 . 2007-11-20 16:42 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-04-21 23:19 . 2007-11-26 23:37 2,236,544 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-04-21 23:19 . 2007-11-20 16:41 749,568 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-04-21 23:18 . 2008-04-21 23:25 <DIR> d-------- C:\Program Files\ThinkPad
2008-04-21 23:18 . 2007-11-21 10:51 879,624 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2008-04-21 23:18 . 2007-11-27 15:40 539,512 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2008-04-21 23:18 . 2007-06-29 11:38 156,392 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys
2008-04-21 23:18 . 2007-03-23 09:50 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll
2008-04-21 23:18 . 2007-11-27 15:40 74,688 --a------ C:\WINDOWS\system32\drivers\btwusb.sys
2008-04-21 23:18 . 2007-03-23 09:50 37,424 --a------ C:\WINDOWS\system32\drivers\btport.sys
2008-04-21 23:15 . 2008-04-21 23:15 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-21 23:14 . 2008-04-22 00:12 3,352 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-21 23:13 . 2008-04-21 23:13 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-21 23:11 . 2008-04-21 23:11 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-21 23:04 . 2008-04-21 23:04 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-13 21:23 . 2004-08-04 00:56 1,580,544 --a------ C:\WINDOWS\system32\sfcfiles.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 22:31 --------- d-----w C:\Program Files\FrostWire
2008-04-21 22:27 --------- d-----w C:\Program Files\Java
2008-04-21 22:26 --------- d-----w C:\Program Files\Common Files\Java
2008-04-21 22:24 --------- d-----w C:\Program Files\MediaCoder Audio Edition
2008-04-21 22:21 --------- d-----w C:\Program Files\MP3Gain
2008-04-21 22:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-21 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-21 18:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-22 00:17 949376]
"MSConfig"="C:\WINDOWS\system32\msconfig.exe" [2003-07-16 20:29 145408]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-03-01 17:06 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2006-03-28 17:38 94208 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-28 08:06 8491008 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-28 08:06 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-09-28 08:06 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-03-28 21:01 21712680 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--------- 2007-04-03 19:55 839680 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-04-09 16:23 1015808 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]

*Newly Created Service* - AMON
*Newly Created Service* - CATCHME
*Newly Created Service* - NOD32DRV
*Newly Created Service* - NOD32KRN
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 02:58:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 2:59:25
ComboFix-quarantined-files.txt 2008-04-21 22:59:21

Pre-Run: 40,873,074,688 bytes free
Post-Run: 42,692,190,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

230 --- E O F --- 2008-04-21 19:45:34
  • 0

#6
greyknight17
Posted 21 April 2008 - 06:10 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
It's definitely something else if it's happening even after a format and clean install of Windows. Did you test it out before installing your other programs (open source and others)? If it's happening on a clean install, I must say it's a problem on the site itself.

I will mark this topic as solved unless you want to keep it open...let me know either way.
  • 0

#7
DjGalm
Posted 21 April 2008 - 06:14 PM

DjGalm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I've tried before and after, though it's still the same. Anyways thank you so much for your time. I will report it to YouTube and hopefully I'll be a hero to them :) You may consider this topic as solved :)
  • 0

#8
greyknight17
Posted 21 April 2008 - 06:26 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP