[antenna]

few days ago my computer started running slow, very slow internet, buffer overruns in explorer.exe, multiple rundll32.exe's running and isass.exe using up about 30% cpu. spybot and ad aware find virtumonde and say they got it all but there must be some left over cause it comes back every time. i've tried the Vundofix and virtumondobegone with no luck at getting all of it. i could use some help please. here's some logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:51 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DT HPW] "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MEMonitor.lnk.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - ?p=ZJxdm128YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152909381453
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programch...m/dll/nixon.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9526 bytes


and the virtumondobegone log.


[04/26/2008, 12:55:04] - VirtumundoBeGone v1.5 ( "C:\Downloads\VirtumundoBeGone.exe" )
[04/26/2008, 12:55:21] - Detected System Information:
[04/26/2008, 12:55:21] - Windows Version: 5.1.2600, Service Pack 2
[04/26/2008, 12:55:21] - Current Username: Owner (Admin)
[04/26/2008, 12:55:21] - Windows is in NORMAL mode.
[04/26/2008, 12:55:21] - Searching for Browser Helper Objects:
[04/26/2008, 12:55:21] - BHO 1: {08EEDB03-6F99-4924-B5F6-BAEFD1E850E2} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - Checking for HKLM\...\Winlogon\Notify\vtUkllmk
[04/26/2008, 12:55:21] - Key not found: HKLM\...\Winlogon\Notify\vtUkllmk, continuing.
[04/26/2008, 12:55:21] - BHO 2: {0CC0022A-2FB3-4F16-A4A3-07D542F4684A} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - No filename found. Continuing.
[04/26/2008, 12:55:21] - BHO 3: {15421B84-3488-49A7-AD18-CBF84A3EFAF6} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - No filename found. Continuing.
[04/26/2008, 12:55:21] - BHO 4: {20009189-C355-4439-BE70-AC9D3BAFC2D4} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - Checking for HKLM\...\Winlogon\Notify\qoMdEuUK
[04/26/2008, 12:55:21] - Key not found: HKLM\...\Winlogon\Notify\qoMdEuUK, continuing.
[04/26/2008, 12:55:21] - BHO 5: {30E9B0AE-C088-43AA-BF22-91D84126B5BB} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - Checking for HKLM\...\Winlogon\Notify\pmnlmnND
[04/26/2008, 12:55:21] - Key not found: HKLM\...\Winlogon\Notify\pmnlmnND, continuing.
[04/26/2008, 12:55:21] - BHO 6: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[04/26/2008, 12:55:21] - BHO 7: {4180BD5F-CD9F-4C87-9825-A27B839235EB} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - No filename found. Continuing.
[04/26/2008, 12:55:21] - BHO 8: {44B99BFA-AD0B-495F-B64F-D762D96451AA} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - No filename found. Continuing.
[04/26/2008, 12:55:21] - BHO 9: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/26/2008, 12:55:21] - BHO 10: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - No filename found. Continuing.
[04/26/2008, 12:55:21] - BHO 11: {6A68C21C-8144-44AE-B071-6A47C7ACD650} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - Checking for HKLM\...\Winlogon\Notify\pmnkkKaA
[04/26/2008, 12:55:21] - Key not found: HKLM\...\Winlogon\Notify\pmnkkKaA, continuing.
[04/26/2008, 12:55:21] - BHO 12: {801B1EE4-6C7D-4E6B-823C-462214EFD291} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - Checking for HKLM\...\Winlogon\Notify\qoMDSJcd
[04/26/2008, 12:55:21] - Key not found: HKLM\...\Winlogon\Notify\qoMDSJcd, continuing.
[04/26/2008, 12:55:21] - BHO 13: {A22AB9FA-FC36-4ED5-91D9-435E02EAC345} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - Checking for HKLM\...\Winlogon\Notify\ssqoonMe
[04/26/2008, 12:55:21] - Key not found: HKLM\...\Winlogon\Notify\ssqoonMe, continuing.
[04/26/2008, 12:55:21] - BHO 14: {B02C5D38-E5A1-47DF-935C-67808783179A} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - Checking for HKLM\...\Winlogon\Notify\byXOiGXp
[04/26/2008, 12:55:21] - Key not found: HKLM\...\Winlogon\Notify\byXOiGXp, continuing.
[04/26/2008, 12:55:21] - BHO 15: {c50df854-a4ac-4dcd-87b7-33228fa1f813} ()
[04/26/2008, 12:55:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:21] - Checking for HKLM\...\Winlogon\Notify\utcdobea
[04/26/2008, 12:55:21] - Key not found: HKLM\...\Winlogon\Notify\utcdobea, continuing.
[04/26/2008, 12:55:21] - BHO 16: {E147205A-E12F-457B-9AEC-6696977532D6} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - Checking for HKLM\...\Winlogon\Notify\jkkiIBuu
[04/26/2008, 12:55:22] - Key not found: HKLM\...\Winlogon\Notify\jkkiIBuu, continuing.
[04/26/2008, 12:55:22] - BHO 17: {F50B3F5E-856E-4757-9BB1-B35D46CA7719} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - Checking for HKLM\...\Winlogon\Notify\urqQjkhF
[04/26/2008, 12:55:22] - Found: HKLM\...\Winlogon\Notify\urqQjkhF - This is probably Virtumundo.
[04/26/2008, 12:55:22] - Assigning {F50B3F5E-856E-4757-9BB1-B35D46CA7719} MSEvents Object
[04/26/2008, 12:55:22] - BHO list has been changed! Starting over...
[04/26/2008, 12:55:22] - BHO 1: {08EEDB03-6F99-4924-B5F6-BAEFD1E850E2} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - Checking for HKLM\...\Winlogon\Notify\vtUkllmk
[04/26/2008, 12:55:22] - Key not found: HKLM\...\Winlogon\Notify\vtUkllmk, continuing.
[04/26/2008, 12:55:22] - BHO 2: {0CC0022A-2FB3-4F16-A4A3-07D542F4684A} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - No filename found. Continuing.
[04/26/2008, 12:55:22] - BHO 3: {15421B84-3488-49A7-AD18-CBF84A3EFAF6} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - No filename found. Continuing.
[04/26/2008, 12:55:22] - BHO 4: {20009189-C355-4439-BE70-AC9D3BAFC2D4} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - Checking for HKLM\...\Winlogon\Notify\qoMdEuUK
[04/26/2008, 12:55:22] - Key not found: HKLM\...\Winlogon\Notify\qoMdEuUK, continuing.
[04/26/2008, 12:55:22] - BHO 5: {30E9B0AE-C088-43AA-BF22-91D84126B5BB} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - Checking for HKLM\...\Winlogon\Notify\pmnlmnND
[04/26/2008, 12:55:22] - Key not found: HKLM\...\Winlogon\Notify\pmnlmnND, continuing.
[04/26/2008, 12:55:22] - BHO 6: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[04/26/2008, 12:55:22] - BHO 7: {4180BD5F-CD9F-4C87-9825-A27B839235EB} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - No filename found. Continuing.
[04/26/2008, 12:55:22] - BHO 8: {44B99BFA-AD0B-495F-B64F-D762D96451AA} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - No filename found. Continuing.
[04/26/2008, 12:55:22] - BHO 9: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/26/2008, 12:55:22] - BHO 10: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - No filename found. Continuing.
[04/26/2008, 12:55:22] - BHO 11: {6A68C21C-8144-44AE-B071-6A47C7ACD650} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - Checking for HKLM\...\Winlogon\Notify\pmnkkKaA
[04/26/2008, 12:55:22] - Key not found: HKLM\...\Winlogon\Notify\pmnkkKaA, continuing.
[04/26/2008, 12:55:22] - BHO 12: {801B1EE4-6C7D-4E6B-823C-462214EFD291} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - Checking for HKLM\...\Winlogon\Notify\qoMDSJcd
[04/26/2008, 12:55:22] - Key not found: HKLM\...\Winlogon\Notify\qoMDSJcd, continuing.
[04/26/2008, 12:55:22] - BHO 13: {A22AB9FA-FC36-4ED5-91D9-435E02EAC345} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - Checking for HKLM\...\Winlogon\Notify\ssqoonMe
[04/26/2008, 12:55:22] - Key not found: HKLM\...\Winlogon\Notify\ssqoonMe, continuing.
[04/26/2008, 12:55:22] - BHO 14: {B02C5D38-E5A1-47DF-935C-67808783179A} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - Checking for HKLM\...\Winlogon\Notify\byXOiGXp
[04/26/2008, 12:55:22] - Key not found: HKLM\...\Winlogon\Notify\byXOiGXp, continuing.
[04/26/2008, 12:55:22] - BHO 15: {c50df854-a4ac-4dcd-87b7-33228fa1f813} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - Checking for HKLM\...\Winlogon\Notify\utcdobea
[04/26/2008, 12:55:22] - Key not found: HKLM\...\Winlogon\Notify\utcdobea, continuing.
[04/26/2008, 12:55:22] - BHO 16: {E147205A-E12F-457B-9AEC-6696977532D6} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - Checking for HKLM\...\Winlogon\Notify\jkkiIBuu
[04/26/2008, 12:55:22] - Key not found: HKLM\...\Winlogon\Notify\jkkiIBuu, continuing.
[04/26/2008, 12:55:22] - BHO 17: {F50B3F5E-856E-4757-9BB1-B35D46CA7719} (MSEvents Object)
[04/26/2008, 12:55:22] - ALERT: Found MSEvents Object!
[04/26/2008, 12:55:22] - BHO 18: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[04/26/2008, 12:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:22] - No filename found. Continuing.
[04/26/2008, 12:55:22] - Finished Searching Browser Helper Objects
[04/26/2008, 12:55:22] - *** Detected MSEvents Object
[04/26/2008, 12:55:22] - Trying to remove MSEvents Object...
[04/26/2008, 12:55:23] - Terminating Process: IEXPLORE.EXE
[04/26/2008, 12:55:23] - Terminating Process: RUNDLL32.EXE
[04/26/2008, 12:55:23] - Disabling Automatic Shell Restart
[04/26/2008, 12:55:23] - Terminating Process: EXPLORER.EXE
[04/26/2008, 12:55:24] - Suspending the NT Session Manager System Service
[04/26/2008, 12:55:24] - Terminating Windows NT Logon/Logoff Manager
[04/26/2008, 12:55:24] - Re-enabling Automatic Shell Restart
[04/26/2008, 12:55:24] - File to disable: C:\WINDOWS\system32\urqQjkhF.dll
[04/26/2008, 12:55:24] - Renaming C:\WINDOWS\system32\urqQjkhF.dll -> C:\WINDOWS\system32\urqQjkhF.dll.vir
[04/26/2008, 12:55:24] - File successfully renamed!
[04/26/2008, 12:55:24] - Removing HKLM\...\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}
[04/26/2008, 12:55:24] - Removing HKCR\CLSID\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}
[04/26/2008, 12:55:24] - Adding Kill Bit for ActiveX for GUID: {F50B3F5E-856E-4757-9BB1-B35D46CA7719}
[04/26/2008, 12:55:24] - Deleting ATLEvents/MSEvents Registry entries
[04/26/2008, 12:55:24] - Removing HKLM\...\Winlogon\Notify\urqQjkhF
[04/26/2008, 12:55:24] - Searching for Browser Helper Objects:
[04/26/2008, 12:55:24] - BHO 1: {08EEDB03-6F99-4924-B5F6-BAEFD1E850E2} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - Checking for HKLM\...\Winlogon\Notify\vtUkllmk
[04/26/2008, 12:55:24] - Key not found: HKLM\...\Winlogon\Notify\vtUkllmk, continuing.
[04/26/2008, 12:55:24] - BHO 2: {0CC0022A-2FB3-4F16-A4A3-07D542F4684A} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - No filename found. Continuing.
[04/26/2008, 12:55:24] - BHO 3: {15421B84-3488-49A7-AD18-CBF84A3EFAF6} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - No filename found. Continuing.
[04/26/2008, 12:55:24] - BHO 4: {20009189-C355-4439-BE70-AC9D3BAFC2D4} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - Checking for HKLM\...\Winlogon\Notify\qoMdEuUK
[04/26/2008, 12:55:24] - Key not found: HKLM\...\Winlogon\Notify\qoMdEuUK, continuing.
[04/26/2008, 12:55:24] - BHO 5: {30E9B0AE-C088-43AA-BF22-91D84126B5BB} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - Checking for HKLM\...\Winlogon\Notify\pmnlmnND
[04/26/2008, 12:55:24] - Key not found: HKLM\...\Winlogon\Notify\pmnlmnND, continuing.
[04/26/2008, 12:55:24] - BHO 6: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[04/26/2008, 12:55:24] - BHO 7: {4180BD5F-CD9F-4C87-9825-A27B839235EB} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - No filename found. Continuing.
[04/26/2008, 12:55:24] - BHO 8: {44B99BFA-AD0B-495F-B64F-D762D96451AA} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - No filename found. Continuing.
[04/26/2008, 12:55:24] - BHO 9: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/26/2008, 12:55:24] - BHO 10: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - No filename found. Continuing.
[04/26/2008, 12:55:24] - BHO 11: {6A68C21C-8144-44AE-B071-6A47C7ACD650} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - Checking for HKLM\...\Winlogon\Notify\pmnkkKaA
[04/26/2008, 12:55:24] - Key not found: HKLM\...\Winlogon\Notify\pmnkkKaA, continuing.
[04/26/2008, 12:55:24] - BHO 12: {801B1EE4-6C7D-4E6B-823C-462214EFD291} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - Checking for HKLM\...\Winlogon\Notify\qoMDSJcd
[04/26/2008, 12:55:24] - Key not found: HKLM\...\Winlogon\Notify\qoMDSJcd, continuing.
[04/26/2008, 12:55:24] - BHO 13: {A22AB9FA-FC36-4ED5-91D9-435E02EAC345} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - Checking for HKLM\...\Winlogon\Notify\ssqoonMe
[04/26/2008, 12:55:24] - Key not found: HKLM\...\Winlogon\Notify\ssqoonMe, continuing.
[04/26/2008, 12:55:24] - BHO 14: {B02C5D38-E5A1-47DF-935C-67808783179A} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - Checking for HKLM\...\Winlogon\Notify\byXOiGXp
[04/26/2008, 12:55:24] - Key not found: HKLM\...\Winlogon\Notify\byXOiGXp, continuing.
[04/26/2008, 12:55:24] - BHO 15: {c50df854-a4ac-4dcd-87b7-33228fa1f813} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - Checking for HKLM\...\Winlogon\Notify\utcdobea
[04/26/2008, 12:55:24] - Key not found: HKLM\...\Winlogon\Notify\utcdobea, continuing.
[04/26/2008, 12:55:24] - BHO 16: {E147205A-E12F-457B-9AEC-6696977532D6} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - Checking for HKLM\...\Winlogon\Notify\jkkiIBuu
[04/26/2008, 12:55:24] - Key not found: HKLM\...\Winlogon\Notify\jkkiIBuu, continuing.
[04/26/2008, 12:55:24] - BHO 17: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[04/26/2008, 12:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 12:55:24] - No filename found. Continuing.
[04/26/2008, 12:55:24] - Finished Searching Browser Helper Objects
[04/26/2008, 12:55:24] - Finishing up...
[04/26/2008, 12:55:24] - A restart is needed.
[04/26/2008, 12:55:30] - Attempting to Restart via STOP error (Blue Screen!)

[04/26/2008, 13:03:31] - VirtumundoBeGone v1.5 ( "C:\Downloads\VirtumundoBeGone.exe" )
[04/26/2008, 13:03:33] - Detected System Information:
[04/26/2008, 13:03:33] - Windows Version: 5.1.2600, Service Pack 2
[04/26/2008, 13:03:34] - Current Username: Administrator (Admin)
[04/26/2008, 13:03:34] - Windows is in SAFE mode with Networking.
[04/26/2008, 13:03:34] - Searching for Browser Helper Objects:
[04/26/2008, 13:03:34] - BHO 1: {0CC0022A-2FB3-4F16-A4A3-07D542F4684A} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - No filename found. Continuing.
[04/26/2008, 13:03:34] - BHO 2: {15421B84-3488-49A7-AD18-CBF84A3EFAF6} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - No filename found. Continuing.
[04/26/2008, 13:03:34] - BHO 3: {20009189-C355-4439-BE70-AC9D3BAFC2D4} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - Checking for HKLM\...\Winlogon\Notify\qoMdEuUK
[04/26/2008, 13:03:34] - Key not found: HKLM\...\Winlogon\Notify\qoMdEuUK, continuing.
[04/26/2008, 13:03:34] - BHO 4: {30E9B0AE-C088-43AA-BF22-91D84126B5BB} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - Checking for HKLM\...\Winlogon\Notify\pmnlmnND
[04/26/2008, 13:03:34] - Key not found: HKLM\...\Winlogon\Notify\pmnlmnND, continuing.
[04/26/2008, 13:03:34] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[04/26/2008, 13:03:34] - BHO 6: {4180BD5F-CD9F-4C87-9825-A27B839235EB} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - No filename found. Continuing.
[04/26/2008, 13:03:34] - BHO 7: {44B99BFA-AD0B-495F-B64F-D762D96451AA} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - No filename found. Continuing.
[04/26/2008, 13:03:34] - BHO 8: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/26/2008, 13:03:34] - BHO 9: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - No filename found. Continuing.
[04/26/2008, 13:03:34] - BHO 10: {6A68C21C-8144-44AE-B071-6A47C7ACD650} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - Checking for HKLM\...\Winlogon\Notify\pmnkkKaA
[04/26/2008, 13:03:34] - Key not found: HKLM\...\Winlogon\Notify\pmnkkKaA, continuing.
[04/26/2008, 13:03:34] - BHO 11: {801B1EE4-6C7D-4E6B-823C-462214EFD291} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - Checking for HKLM\...\Winlogon\Notify\qoMDSJcd
[04/26/2008, 13:03:34] - Key not found: HKLM\...\Winlogon\Notify\qoMDSJcd, continuing.
[04/26/2008, 13:03:34] - BHO 12: {907DA83F-6E32-4EE1-B6A2-8E22D89FE93D} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - Checking for HKLM\...\Winlogon\Notify\vtUkllmk
[04/26/2008, 13:03:34] - Key not found: HKLM\...\Winlogon\Notify\vtUkllmk, continuing.
[04/26/2008, 13:03:34] - BHO 13: {A22AB9FA-FC36-4ED5-91D9-435E02EAC345} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - Checking for HKLM\...\Winlogon\Notify\ssqoonMe
[04/26/2008, 13:03:34] - Key not found: HKLM\...\Winlogon\Notify\ssqoonMe, continuing.
[04/26/2008, 13:03:34] - BHO 14: {B02C5D38-E5A1-47DF-935C-67808783179A} ()
[04/26/2008, 13:03:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:34] - Checking for HKLM\...\Winlogon\Notify\byXOiGXp
[04/26/2008, 13:03:35] - Key not found: HKLM\...\Winlogon\Notify\byXOiGXp, continuing.
[04/26/2008, 13:03:35] - BHO 15: {c50df854-a4ac-4dcd-87b7-33228fa1f813} ()
[04/26/2008, 13:03:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:35] - Checking for HKLM\...\Winlogon\Notify\utcdobea
[04/26/2008, 13:03:35] - Key not found: HKLM\...\Winlogon\Notify\utcdobea, continuing.
[04/26/2008, 13:03:35] - BHO 16: {E147205A-E12F-457B-9AEC-6696977532D6} ()
[04/26/2008, 13:03:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:35] - Checking for HKLM\...\Winlogon\Notify\jkkiIBuu
[04/26/2008, 13:03:35] - Key not found: HKLM\...\Winlogon\Notify\jkkiIBuu, continuing.
[04/26/2008, 13:03:35] - BHO 17: {F50B3F5E-856E-4757-9BB1-B35D46CA7719} ()
[04/26/2008, 13:03:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:35] - No filename found. Continuing.
[04/26/2008, 13:03:35] - BHO 18: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[04/26/2008, 13:03:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:03:35] - No filename found. Continuing.
[04/26/2008, 13:03:35] - Finished Searching Browser Helper Objects
[04/26/2008, 13:03:35] - Finishing up...
[04/26/2008, 13:03:35] - Nothing found! Exiting...

[04/26/2008, 13:05:35] - VirtumundoBeGone v1.5 ( "C:\Downloads\VirtumundoBeGone.exe" )
[04/26/2008, 13:05:36] - Detected System Information:
[04/26/2008, 13:05:36] - Windows Version: 5.1.2600, Service Pack 2
[04/26/2008, 13:05:36] - Current Username: Administrator (Admin)
[04/26/2008, 13:05:36] - Windows is in SAFE mode with Networking.
[04/26/2008, 13:05:36] - Searching for Browser Helper Objects:
[04/26/2008, 13:05:36] - BHO 1: {0CC0022A-2FB3-4F16-A4A3-07D542F4684A} ()
[04/26/2008, 13:05:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:36] - No filename found. Continuing.
[04/26/2008, 13:05:36] - BHO 2: {15421B84-3488-49A7-AD18-CBF84A3EFAF6} ()
[04/26/2008, 13:05:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:36] - No filename found. Continuing.
[04/26/2008, 13:05:36] - BHO 3: {20009189-C355-4439-BE70-AC9D3BAFC2D4} ()
[04/26/2008, 13:05:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:36] - Checking for HKLM\...\Winlogon\Notify\qoMdEuUK
[04/26/2008, 13:05:36] - Key not found: HKLM\...\Winlogon\Notify\qoMdEuUK, continuing.
[04/26/2008, 13:05:36] - BHO 4: {30E9B0AE-C088-43AA-BF22-91D84126B5BB} ()
[04/26/2008, 13:05:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:36] - Checking for HKLM\...\Winlogon\Notify\pmnlmnND
[04/26/2008, 13:05:36] - Key not found: HKLM\...\Winlogon\Notify\pmnlmnND, continuing.
[04/26/2008, 13:05:36] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[04/26/2008, 13:05:36] - BHO 6: {4180BD5F-CD9F-4C87-9825-A27B839235EB} ()
[04/26/2008, 13:05:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:36] - No filename found. Continuing.
[04/26/2008, 13:05:36] - BHO 7: {44B99BFA-AD0B-495F-B64F-D762D96451AA} ()
[04/26/2008, 13:05:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:36] - No filename found. Continuing.
[04/26/2008, 13:05:36] - BHO 8: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/26/2008, 13:05:36] - BHO 9: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[04/26/2008, 13:05:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:37] - No filename found. Continuing.
[04/26/2008, 13:05:37] - BHO 10: {6A68C21C-8144-44AE-B071-6A47C7ACD650} ()
[04/26/2008, 13:05:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:37] - Checking for HKLM\...\Winlogon\Notify\pmnkkKaA
[04/26/2008, 13:05:37] - Key not found: HKLM\...\Winlogon\Notify\pmnkkKaA, continuing.
[04/26/2008, 13:05:37] - BHO 11: {801B1EE4-6C7D-4E6B-823C-462214EFD291} ()
[04/26/2008, 13:05:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:37] - Checking for HKLM\...\Winlogon\Notify\qoMDSJcd
[04/26/2008, 13:05:37] - Key not found: HKLM\...\Winlogon\Notify\qoMDSJcd, continuing.
[04/26/2008, 13:05:37] - BHO 12: {907DA83F-6E32-4EE1-B6A2-8E22D89FE93D} ()
[04/26/2008, 13:05:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:37] - Checking for HKLM\...\Winlogon\Notify\vtUkllmk
[04/26/2008, 13:05:37] - Key not found: HKLM\...\Winlogon\Notify\vtUkllmk, continuing.
[04/26/2008, 13:05:37] - BHO 13: {A22AB9FA-FC36-4ED5-91D9-435E02EAC345} ()
[04/26/2008, 13:05:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:37] - Checking for HKLM\...\Winlogon\Notify\ssqoonMe
[04/26/2008, 13:05:37] - Key not found: HKLM\...\Winlogon\Notify\ssqoonMe, continuing.
[04/26/2008, 13:05:37] - BHO 14: {B02C5D38-E5A1-47DF-935C-67808783179A} ()
[04/26/2008, 13:05:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:37] - Checking for HKLM\...\Winlogon\Notify\byXOiGXp
[04/26/2008, 13:05:37] - Key not found: HKLM\...\Winlogon\Notify\byXOiGXp, continuing.
[04/26/2008, 13:05:37] - BHO 15: {c50df854-a4ac-4dcd-87b7-33228fa1f813} ()
[04/26/2008, 13:05:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:37] - Checking for HKLM\...\Winlogon\Notify\utcdobea
[04/26/2008, 13:05:37] - Key not found: HKLM\...\Winlogon\Notify\utcdobea, continuing.
[04/26/2008, 13:05:37] - BHO 16: {E147205A-E12F-457B-9AEC-6696977532D6} ()
[04/26/2008, 13:05:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:37] - Checking for HKLM\...\Winlogon\Notify\jkkiIBuu
[04/26/2008, 13:05:37] - Key not found: HKLM\...\Winlogon\Notify\jkkiIBuu, continuing.
[04/26/2008, 13:05:37] - BHO 17: {F50B3F5E-856E-4757-9BB1-B35D46CA7719} ()
[04/26/2008, 13:05:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:37] - No filename found. Continuing.
[04/26/2008, 13:05:37] - BHO 18: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[04/26/2008, 13:05:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 13:05:37] - No filename found. Continuing.
[04/26/2008, 13:05:37] - Finished Searching Browser Helper Objects
[04/26/2008, 13:05:37] - Finishing up...
[04/26/2008, 13:05:37] - Nothing found! Exiting...

[Advertisements]

combofix log also

ComboFix 08-04-24.1 - Owner 2008-04-26 13:27:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1515 [GMT -5:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AaKkknmp.ini
C:\WINDOWS\system32\AaKkknmp.ini2
C:\WINDOWS\system32\dcJSDMoq.ini
C:\WINDOWS\system32\dcJSDMoq.ini2
C:\WINDOWS\system32\DNnmlnmp.ini
C:\WINDOWS\system32\DNnmlnmp.ini2
C:\WINDOWS\system32\dwfimmin.ini
C:\WINDOWS\system32\eMnooqss.ini
C:\WINDOWS\system32\eMnooqss.ini2
C:\WINDOWS\system32\gjijnfft.dll
C:\WINDOWS\system32\kdlfialr.ini
C:\WINDOWS\system32\kmllkUtv.ini
C:\WINDOWS\system32\kmllkUtv.ini2
C:\WINDOWS\system32\KUuEdMoq.ini
C:\WINDOWS\system32\KUuEdMoq.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nimmifwd.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pXGiOXyb.ini
C:\WINDOWS\system32\pXGiOXyb.ini2
C:\WINDOWS\system32\utcdobea.dll
C:\WINDOWS\system32\uuBIikkj.ini
C:\WINDOWS\system32\uuBIikkj.ini2
C:\WINDOWS\system32\vtUkllmk.dll

----- BITS: Possible infected sites -----

hxxp://launcher.patcher.ncsoft.com
.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-25 02:15 . 2008-03-01 08:06 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-25 02:15 . 2007-04-17 04:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-25 02:15 . 2007-03-08 00:10 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-25 02:15 . 2008-03-01 08:06 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-25 02:15 . 2008-03-01 08:06 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-25 02:15 . 2008-03-01 08:06 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-25 02:15 . 2008-03-01 08:06 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-25 02:15 . 2008-03-01 08:06 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-25 02:15 . 2008-02-22 05:00 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-25 02:02 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-24 23:53 . 2008-04-26 10:07 <DIR> d-------- C:\VundoFix Backups
2008-04-24 23:46 . 2008-04-24 23:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-24 23:37 . 2008-04-25 00:08 1,509,246 --ahs---- C:\WINDOWS\system32\eulwgjlo.ini
2008-04-24 22:31 . 2004-01-20 22:48 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-24 22:31 . 2004-01-21 04:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-24 22:31 . 2004-01-20 22:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-24 22:31 . 2004-01-20 23:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-24 22:31 . 2004-01-21 04:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2008-04-24 22:31 . 2007-11-20 13:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-24 22:31 . 2008-04-24 22:31 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-24 22:31 . 2008-04-26 13:26 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-24 22:06 . 2008-04-24 22:06 <DIR> d-------- C:\Program Files\Uniblue
2008-04-24 22:06 . 2008-04-24 22:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-04-24 21:37 . 2008-04-24 22:13 1,509,237 --ahs---- C:\WINDOWS\system32\yjmyhmju.ini
2008-04-24 07:45 . 2008-04-24 08:03 1,504,008 --ahs---- C:\WINDOWS\system32\ntmnqcvl.ini
2008-04-23 22:33 . 2008-04-24 00:45 1,540,797 --ahs---- C:\WINDOWS\system32\mnwgyshg.ini
2008-04-23 22:22 . 2008-04-23 22:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
2008-04-23 22:19 . 2008-04-26 11:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 20:56 . 2008-04-26 11:32 1,126 --a------ C:\WINDOWS\wininit.ini
2008-04-23 20:26 . 2008-04-23 20:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 20:26 . 2008-04-23 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 20:05 . 2008-04-23 21:32 1,540,909 --ahs---- C:\WINDOWS\system32\ekkystxo.ini
2008-04-23 19:17 . 2008-04-23 19:17 11 --a------ C:\AuResult.ini
2008-04-23 17:14 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-23 12:19 . 2008-04-23 20:09 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-04-23 10:22 . 2008-04-23 10:51 <DIR> d-------- C:\Program Files\Unlocker
2008-04-23 10:22 . 2008-04-23 10:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Desktopicon
2008-04-23 09:23 . 2008-04-23 19:43 1,541,176 --ahs---- C:\WINDOWS\system32\aladdbrk.ini
2008-04-23 08:57 . 2008-04-23 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-23 08:41 . 2008-04-23 08:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sammsoft
2008-04-23 07:54 . 2008-04-23 07:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zenturi
2008-04-22 09:23 . 2008-04-23 08:59 1,541,076 --ahs---- C:\WINDOWS\system32\fdlgkupi.ini
2008-04-22 09:18 . 2008-04-26 03:15 109,734 --a------ C:\WINDOWS\BMe36455c5.xml
2008-04-22 09:12 . 2008-04-22 09:16 <DIR> d-------- C:\WINDOWS\system32\xcsDd01
2008-04-22 09:12 . 2008-04-22 09:12 39,936 --a------ C:\WINDOWS\system32\urqQjkhF.dll.vir
2008-04-16 08:36 . 2008-04-16 08:36 <DIR> d-------- C:\Logs
2008-04-09 08:08 . 2008-04-09 08:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Smith Micro
2008-03-31 08:49 . 2008-03-31 08:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Mutiny

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 03:19 --------- d-----w C:\Program Files\World of Warcraft
2008-04-26 03:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Beyond
2008-04-23 15:19 --------- d-----w C:\Program Files\Quicken
2008-04-23 15:19 --------- d-----w C:\Program Files\PC-Doctor for Windows
2008-04-23 15:19 --------- d-----w C:\Program Files\Microsoft Works
2008-04-23 15:19 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-04-23 15:19 --------- d-----w C:\Program Files\LimeWire
2008-04-23 15:19 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-23 13:58 --------- d-----w C:\Program Files\Lavasoft
2008-04-23 13:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-04-23 13:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 01:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-12 06:06 --------- d-----w C:\Program Files\City of Heroes
2008-03-25 21:31 --------- d-----w C:\Program Files\CoH Hero Builder
2008-03-24 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-08 20:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ventrilo
2008-03-08 02:01 --------- d-----w C:\Program Files\Samsung
2008-03-08 02:00 --------- d-----w C:\Program Files\Sprint music manager
2008-03-07 02:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 02:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-04-12 16:02 1,931,656 ----a-w C:\Documents and Settings\Owner\Cosmos_Win.zip
2007-04-12 15:53 61,535 ----a-w C:\Documents and Settings\Owner\SSPVP_20070410.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CC0022A-2FB3-4F16-A4A3-07D542F4684A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20009189-C355-4439-BE70-AC9D3BAFC2D4}]
C:\WINDOWS\system32\qoMdEuUK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30E9B0AE-C088-43AA-BF22-91D84126B5BB}]
C:\WINDOWS\system32\pmnlmnND.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4180BD5F-CD9F-4C87-9825-A27B839235EB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44B99BFA-AD0B-495F-B64F-D762D96451AA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A68C21C-8144-44AE-B071-6A47C7ACD650}]
C:\WINDOWS\system32\pmnkkKaA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{801B1EE4-6C7D-4E6B-823C-462214EFD291}]
C:\WINDOWS\system32\qoMDSJcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A22AB9FA-FC36-4ED5-91D9-435E02EAC345}]
C:\WINDOWS\system32\ssqoonMe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B02C5D38-E5A1-47DF-935C-67808783179A}]
C:\WINDOWS\system32\byXOiGXp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E147205A-E12F-457B-9AEC-6696977532D6}]
C:\WINDOWS\system32\jkkiIBuu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Twain"="C:\Program Files\Twain\Twain.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 06:15 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 02:11 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 18:56 278528]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04 5562368]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
MEMonitor.lnk.lnk - C:\Program Files\Sprint music manager\MEMonitor.exe [2008-03-07 21:00:34 929792]
PowerReg Scheduler V3.exe [2006-07-23 15:37:06 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\1152120964\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 16:57 1103480 C:\Program Files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-08-13 19:04 5562368 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-06-08 20:28 310520 C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-01-20 22:22 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
--------- 2006-10-18 21:58 8704 C:\Program Files\Windows Media Connect 2\WMCCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"=
"C:\\Program Files\\Fury\\Binaries\\LogUploadService.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Savage 2 - A Tortured Soul\\savage2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10541:TCP"= 10541:TCP:BitComet 10541 TCP
"10541:UDP"= 10541:UDP:BitComet 10541 UDP
"5555:TCP"= 5555:TCP:*:Disabled:x
"7777:UDP"= 7777:UDP:*:Disabled:x
"3776:UDP"= 3776:UDP:*:Disabled:x
"3390:TCP"= 3390:TCP:*:Disabled:x
"3932:TCP"= 3932:TCP:*:Disabled:x


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 20:49:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-22 13:05:53 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 13:32:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2008-04-26 13:37:25 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-04-26 18:37:17

Pre-Run: 28,475,998,208 bytes free
Post-Run: 30,040,891,392 bytes free

291 --- E O F --- 2008-04-26 08:01:25

[antenna]

combofix log also

ComboFix 08-04-24.1 - Owner 2008-04-26 13:27:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1515 [GMT -5:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AaKkknmp.ini
C:\WINDOWS\system32\AaKkknmp.ini2
C:\WINDOWS\system32\dcJSDMoq.ini
C:\WINDOWS\system32\dcJSDMoq.ini2
C:\WINDOWS\system32\DNnmlnmp.ini
C:\WINDOWS\system32\DNnmlnmp.ini2
C:\WINDOWS\system32\dwfimmin.ini
C:\WINDOWS\system32\eMnooqss.ini
C:\WINDOWS\system32\eMnooqss.ini2
C:\WINDOWS\system32\gjijnfft.dll
C:\WINDOWS\system32\kdlfialr.ini
C:\WINDOWS\system32\kmllkUtv.ini
C:\WINDOWS\system32\kmllkUtv.ini2
C:\WINDOWS\system32\KUuEdMoq.ini
C:\WINDOWS\system32\KUuEdMoq.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nimmifwd.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pXGiOXyb.ini
C:\WINDOWS\system32\pXGiOXyb.ini2
C:\WINDOWS\system32\utcdobea.dll
C:\WINDOWS\system32\uuBIikkj.ini
C:\WINDOWS\system32\uuBIikkj.ini2
C:\WINDOWS\system32\vtUkllmk.dll

----- BITS: Possible infected sites -----

hxxp://launcher.patcher.ncsoft.com
.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-25 02:15 . 2008-03-01 08:06 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-25 02:15 . 2007-04-17 04:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-25 02:15 . 2007-03-08 00:10 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-25 02:15 . 2008-03-01 08:06 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-25 02:15 . 2008-03-01 08:06 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-25 02:15 . 2008-03-01 08:06 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-25 02:15 . 2008-03-01 08:06 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-25 02:15 . 2008-03-01 08:06 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-25 02:15 . 2008-02-22 05:00 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-25 02:02 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-24 23:53 . 2008-04-26 10:07 <DIR> d-------- C:\VundoFix Backups
2008-04-24 23:46 . 2008-04-24 23:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-24 23:37 . 2008-04-25 00:08 1,509,246 --ahs---- C:\WINDOWS\system32\eulwgjlo.ini
2008-04-24 22:31 . 2004-01-20 22:48 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-24 22:31 . 2004-01-21 04:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-24 22:31 . 2004-01-20 22:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-24 22:31 . 2004-01-20 23:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-24 22:31 . 2004-01-21 04:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2008-04-24 22:31 . 2007-11-20 13:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-24 22:31 . 2008-04-24 22:31 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-24 22:31 . 2008-04-26 13:26 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-24 22:06 . 2008-04-24 22:06 <DIR> d-------- C:\Program Files\Uniblue
2008-04-24 22:06 . 2008-04-24 22:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-04-24 21:37 . 2008-04-24 22:13 1,509,237 --ahs---- C:\WINDOWS\system32\yjmyhmju.ini
2008-04-24 07:45 . 2008-04-24 08:03 1,504,008 --ahs---- C:\WINDOWS\system32\ntmnqcvl.ini
2008-04-23 22:33 . 2008-04-24 00:45 1,540,797 --ahs---- C:\WINDOWS\system32\mnwgyshg.ini
2008-04-23 22:22 . 2008-04-23 22:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
2008-04-23 22:19 . 2008-04-26 11:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 20:56 . 2008-04-26 11:32 1,126 --a------ C:\WINDOWS\wininit.ini
2008-04-23 20:26 . 2008-04-23 20:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 20:26 . 2008-04-23 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 20:05 . 2008-04-23 21:32 1,540,909 --ahs---- C:\WINDOWS\system32\ekkystxo.ini
2008-04-23 19:17 . 2008-04-23 19:17 11 --a------ C:\AuResult.ini
2008-04-23 17:14 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-23 12:19 . 2008-04-23 20:09 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-04-23 10:22 . 2008-04-23 10:51 <DIR> d-------- C:\Program Files\Unlocker
2008-04-23 10:22 . 2008-04-23 10:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Desktopicon
2008-04-23 09:23 . 2008-04-23 19:43 1,541,176 --ahs---- C:\WINDOWS\system32\aladdbrk.ini
2008-04-23 08:57 . 2008-04-23 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-23 08:41 . 2008-04-23 08:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sammsoft
2008-04-23 07:54 . 2008-04-23 07:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zenturi
2008-04-22 09:23 . 2008-04-23 08:59 1,541,076 --ahs---- C:\WINDOWS\system32\fdlgkupi.ini
2008-04-22 09:18 . 2008-04-26 03:15 109,734 --a------ C:\WINDOWS\BMe36455c5.xml
2008-04-22 09:12 . 2008-04-22 09:16 <DIR> d-------- C:\WINDOWS\system32\xcsDd01
2008-04-22 09:12 . 2008-04-22 09:12 39,936 --a------ C:\WINDOWS\system32\urqQjkhF.dll.vir
2008-04-16 08:36 . 2008-04-16 08:36 <DIR> d-------- C:\Logs
2008-04-09 08:08 . 2008-04-09 08:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Smith Micro
2008-03-31 08:49 . 2008-03-31 08:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Mutiny

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 03:19 --------- d-----w C:\Program Files\World of Warcraft
2008-04-26 03:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Beyond
2008-04-23 15:19 --------- d-----w C:\Program Files\Quicken
2008-04-23 15:19 --------- d-----w C:\Program Files\PC-Doctor for Windows
2008-04-23 15:19 --------- d-----w C:\Program Files\Microsoft Works
2008-04-23 15:19 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-04-23 15:19 --------- d-----w C:\Program Files\LimeWire
2008-04-23 15:19 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-23 13:58 --------- d-----w C:\Program Files\Lavasoft
2008-04-23 13:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-04-23 13:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 01:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-12 06:06 --------- d-----w C:\Program Files\City of Heroes
2008-03-25 21:31 --------- d-----w C:\Program Files\CoH Hero Builder
2008-03-24 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-08 20:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ventrilo
2008-03-08 02:01 --------- d-----w C:\Program Files\Samsung
2008-03-08 02:00 --------- d-----w C:\Program Files\Sprint music manager
2008-03-07 02:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 02:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-04-12 16:02 1,931,656 ----a-w C:\Documents and Settings\Owner\Cosmos_Win.zip
2007-04-12 15:53 61,535 ----a-w C:\Documents and Settings\Owner\SSPVP_20070410.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CC0022A-2FB3-4F16-A4A3-07D542F4684A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20009189-C355-4439-BE70-AC9D3BAFC2D4}]
C:\WINDOWS\system32\qoMdEuUK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30E9B0AE-C088-43AA-BF22-91D84126B5BB}]
C:\WINDOWS\system32\pmnlmnND.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4180BD5F-CD9F-4C87-9825-A27B839235EB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44B99BFA-AD0B-495F-B64F-D762D96451AA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A68C21C-8144-44AE-B071-6A47C7ACD650}]
C:\WINDOWS\system32\pmnkkKaA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{801B1EE4-6C7D-4E6B-823C-462214EFD291}]
C:\WINDOWS\system32\qoMDSJcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A22AB9FA-FC36-4ED5-91D9-435E02EAC345}]
C:\WINDOWS\system32\ssqoonMe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B02C5D38-E5A1-47DF-935C-67808783179A}]
C:\WINDOWS\system32\byXOiGXp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E147205A-E12F-457B-9AEC-6696977532D6}]
C:\WINDOWS\system32\jkkiIBuu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Twain"="C:\Program Files\Twain\Twain.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 06:15 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 02:11 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 18:56 278528]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04 5562368]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
MEMonitor.lnk.lnk - C:\Program Files\Sprint music manager\MEMonitor.exe [2008-03-07 21:00:34 929792]
PowerReg Scheduler V3.exe [2006-07-23 15:37:06 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\1152120964\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 16:57 1103480 C:\Program Files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-08-13 19:04 5562368 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-06-08 20:28 310520 C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-01-20 22:22 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
--------- 2006-10-18 21:58 8704 C:\Program Files\Windows Media Connect 2\WMCCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"=
"C:\\Program Files\\Fury\\Binaries\\LogUploadService.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Savage 2 - A Tortured Soul\\savage2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10541:TCP"= 10541:TCP:BitComet 10541 TCP
"10541:UDP"= 10541:UDP:BitComet 10541 UDP
"5555:TCP"= 5555:TCP:*:Disabled:x
"7777:UDP"= 7777:UDP:*:Disabled:x
"3776:UDP"= 3776:UDP:*:Disabled:x
"3390:TCP"= 3390:TCP:*:Disabled:x
"3932:TCP"= 3932:TCP:*:Disabled:x


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 20:49:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-22 13:05:53 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 13:32:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2008-04-26 13:37:25 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-04-26 18:37:17

Pre-Run: 28,475,998,208 bytes free
Post-Run: 30,040,891,392 bytes free

291 --- E O F --- 2008-04-26 08:01:25