Alright, thanks!
Here's the new logs:
ComboFix log:
ComboFix 08-05-21.2 - Administrator 2008-05-22 21:02:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.854 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\WINDOWS\system32:ieupdate32.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.
2008-05-20 23:14 . 2008-05-20 23:14 <DIR> d-------- C:\VundoFix Backups
2008-05-20 20:26 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-20 20:26 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-05-20 20:26 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-20 20:26 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-05-20 20:26 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-05-20 20:26 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-05-20 20:25 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-20 20:21 . 2008-05-20 20:21 <DIR> d-------- C:\Program Files\Electronic Arts
2008-05-19 15:21 . 2008-05-19 15:41 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-19 10:52 . 2008-05-19 10:52 <DIR> d-------- C:\Program Files\BitDefender
2008-05-19 10:49 . 2008-05-19 10:52 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-18 15:05 . 2008-05-18 15:05 <DIR> d-------- C:\Program Files\Avast4
2008-05-16 03:35 . 2008-05-16 04:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-05-16 03:32 . 2008-05-16 03:32 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-05-16 03:32 . 2008-05-16 03:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-05-16 03:31 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-05-16 03:31 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-05-16 03:31 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-05-16 03:31 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-05-16 03:31 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-05-16 03:31 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-05-16 03:29 . 2008-05-16 03:29 <DIR> d-------- C:\Program Files\Ulead Systems
2008-05-16 03:29 . 2008-05-16 03:30 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-05-16 03:29 . 2008-05-16 03:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-16 03:27 . 2008-05-16 19:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-11 13:24 . 2005-03-03 13:32 86,094 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-05-09 02:34 . 2003-11-20 18:00 54,784 -rahs---- C:\WINDOWS\system32\RLAPEDec.ax
2008-05-09 02:34 . 2004-04-26 18:00 37,888 -rahs---- C:\WINDOWS\system32\RLMPCDec.ax
2008-05-09 02:34 . 2007-02-21 06:47 31,232 -rahs---- C:\WINDOWS\system32\msfDX.dll
2008-05-09 02:34 . 2007-12-17 08:43 27,648 --ahs---- C:\WINDOWS\system32\Smab0.dll
2008-05-09 02:33 . 2006-09-12 06:46 227,328 -rahs---- C:\WINDOWS\system32\ac3DX.ax
2008-05-09 02:33 . 2006-05-03 05:06 163,328 -rahs---- C:\WINDOWS\system32\flvDX.dll
2008-05-09 02:33 . 2006-01-12 18:23 123,904 -rahs---- C:\WINDOWS\system32\AVCDX.ax
2008-05-09 02:31 . 2008-05-09 02:31 <DIR> d-------- C:\Program Files\eRightSoft
2008-05-07 23:41 . 2008-05-07 23:43 <DIR> d-------- C:\Program Files\Dofus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 01:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA
2008-05-22 08:53 --------- d-----w C:\Program Files\Steam
2008-05-21 00:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-05-21 00:28 --------- d-----w C:\Program Files\Eset
2008-05-19 19:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2008-05-19 15:48 --------- d-----w C:\Program Files\Recover my Files
2008-05-18 04:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-05-18 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-05-17 05:41 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-05-16 23:15 --------- d-----w C:\Program Files\Last.fm
2008-05-16 23:11 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-16 22:17 --------- d-----w C:\Program Files\Hitman Pro
2008-05-16 22:14 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-16 22:14 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-16 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-16 07:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 06:45 --------- d-----w C:\Program Files\Soulseek
2008-04-26 19:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-04-19 23:21 --------- d-----w C:\Program Files\Azureus
2008-04-16 01:09 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-04-16 01:09 --------- d-----w C:\Program Files\Avanquest update
2008-04-16 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-15 01:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ArcSoft
2008-04-15 01:29 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-04-15 01:29 --------- d-----w C:\Program Files\ArcSoft
2008-04-15 01:28 --------- d-----w C:\Program Files\Common Files\snpstd3
2008-04-15 01:26 --------- d-----w C:\Program Files\Dynex
2008-04-04 14:54 --------- d-----w C:\Program Files\iTunes
2008-04-04 14:54 --------- d-----w C:\Program Files\iPod
2008-04-04 14:52 --------- d-----w C:\Program Files\QuickTime Alternative
2008-04-03 03:20 --------- d-----w C:\Program Files\Trillian Pro
2007-10-31 04:41 20,856 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [ ]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-19 15:25 289088]
"Steam"="c:\program files\steam\steam.exe" [2008-03-30 19:17 1271032]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-12-31 08:00 1694208]
"catsrv"="C:\Documents and Settings\Administrator\Policies\catsrv.exe" [2007-04-09 18:26 626176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 04:50 155648]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 10:54 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 11:32 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 11:31 61440]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 02:45 90112 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2006-10-16 21:20 398944]
"catsrv"="C:\Documents and Settings\Administrator\Policies\catsrv.exe" [2007-04-09 18:26 626176]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-22 02:19 949376]
"PKVOLUME"="C:\Program Files\PKVolume\PKVOLUME.exe" [ ]
"Pepsi Volume Controller 3.0"="C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe" [ ]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-03-29 00:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 11:36 267048]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-11-29 16:28 262144]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 14:12 843776]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-09-06 06:06 79224]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 13:16:50 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-06-29 16:54:04 169472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-13 02:05:00 692224]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing]
--a------ 2005-12-21 11:47 917504 C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Trillian Pro\\trillian.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Documents and Settings\\Administrator\\Policies\\catsrv.exe"=
"C:\\Program Files\\Steam\\steamapps\\bishopmac\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
R3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 08:19]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 06:06]
R3 rpfun;Conexant Riptide Dummy Driver;C:\WINDOWS\system32\drivers\rpfun.sys [2001-08-17 08:19]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;C:\WINDOWS\system32\drivers\rthwcls.sys [2001-08-17 08:19]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-09-27 00:21]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;C:\WINDOWS\system32\DRIVERS\superwebcam.sys [2006-06-27 08:56]
S3 SampleScanner;Ultima2000 Scanner;C:\WINDOWS\system32\DRIVERS\GT680x.sys [2001-06-07 10:56]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TCCpuInfo.sys []
S3 UnlockerDriver4;UnlockerDriver4 Driver;C:\WINDOWS\system32\UnlockerDriver4.sys [2005-04-23 22:08]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-22 21:04:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-22 21:05:23
ComboFix-quarantined-files.txt 2008-05-23 01:05:11
ComboFix2.txt 2008-05-22 08:56:28
Pre-Run: 63,976,603,648 bytes free
Post-Run: 63,961,538,560 bytes free
208
Kaspersky report:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 23, 2008 3:18:11 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/05/2008
Kaspersky Anti-Virus database records: 796694
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 317506
Number of viruses found: 9
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 04:56:07
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\4chan_main.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ea1ge6u.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008052220080523\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Policies\fxset\001.part Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Eset\cache\CACHE.NDB Object is locked skipped
C:\Program Files\Eset\logs\virlog.dat Object is locked skipped
C:\Program Files\Eset\logs\warnlog.dat Object is locked skipped
C:\Program Files\Steam\logs\connection_log.txt Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 binaries.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 shared materials.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 shared models.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 shared sounds.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source materials.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source models.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source sounds.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\team fortress 2 client content.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\team fortress 2 content.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\team fortress 2 materials.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9123CF55-EF70-48D4-8FC7-8358422C0AF6}\RP357\A0083150.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sbz skipped
C:\System Volume Information\_restore{9123CF55-EF70-48D4-8FC7-8358422C0AF6}\RP357\A0083151.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{9123CF55-EF70-48D4-8FC7-8358422C0AF6}\RP357\A0083152.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sce skipped
C:\System Volume Information\_restore{9123CF55-EF70-48D4-8FC7-8358422C0AF6}\RP360\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SB Insta.evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_658.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Installers\Internet\HideIPSetup.exe Infected: not-a-virus:AdWare.Win32.EShoper.j skipped
D:\Installers\Media\FLV2Video_Lite_Setup.exe/file27/file09 Infected: not-a-virus:AdWare.Win32.AdMoke.agg skipped
D:\Installers\Media\FLV2Video_Lite_Setup.exe/file27 Infected: not-a-virus:AdWare.Win32.AdMoke.agg skipped
D:\Installers\Media\FLV2Video_Lite_Setup.exe Inno: infected - 2 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{9123CF55-EF70-48D4-8FC7-8358422C0AF6}\RP351\A0080366.exe/data0008 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
D:\System Volume Information\_restore{9123CF55-EF70-48D4-8FC7-8358422C0AF6}\RP351\A0080366.exe/data0009 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\System Volume Information\_restore{9123CF55-EF70-48D4-8FC7-8358422C0AF6}\RP351\A0080366.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{9123CF55-EF70-48D4-8FC7-8358422C0AF6}\RP360\change.log Object is locked skipped
E:\Azureus Downloads\Ulead VideoStudio Video Studio 11.5 Plus English ( Dolby ) + Unlock Patch\Ulead VideoStudio Video Studio 11.5 Plus English ( Dolby ) + Unlock Patch\UVS11Plus_TBYB_EUS.exe/data0000.cab/is153927.exe Infected: Trojan.Win32.Pakes.cwe skipped
E:\Azureus Downloads\Ulead VideoStudio Video Studio 11.5 Plus English ( Dolby ) + Unlock Patch\Ulead VideoStudio Video Studio 11.5 Plus English ( Dolby ) + Unlock Patch\UVS11Plus_TBYB_EUS.exe/data0000.cab Infected: Trojan.Win32.Pakes.cwe skipped
E:\Azureus Downloads\Ulead VideoStudio Video Studio 11.5 Plus English ( Dolby ) + Unlock Patch\Ulead VideoStudio Video Studio 11.5 Plus English ( Dolby ) + Unlock Patch\UVS11Plus_TBYB_EUS.exe Rsrc-Package: infected - 2 skipped
E:\RECYCLER\S-1-5-21-448539723-562591055-725345543-500\De4.2\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
E:\RECYCLER\S-1-5-21-448539723-562591055-725345543-500\De4.2\XPize\Backup\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
E:\RECYCLER\S-1-5-21-448539723-562591055-725345543-500\De4.2\XPize\NewFiles\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{2F05451B-BC29-470D-BB71-A959CBB282F6}\RP9\A0000689.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
E:\System Volume Information\_restore{A93AC888-E4A2-4071-BFB0-E4A75C5BADCB}\RP15\A0003262.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
E:\System Volume Information\_restore{A93AC888-E4A2-4071-BFB0-E4A75C5BADCB}\RP9\A0001306.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
E:\System Volume Information\_restore{A93AC888-E4A2-4071-BFB0-E4A75C5BADCB}\RP9\A0001502.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
F:\$OEM$\$1\INSTALL\WPI\Tools\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
F:\I386\RVMUPPCK.CAB/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
F:\I386\RVMUPPCK.CAB CAB: infected - 1 skipped
Scan process completed.
New HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:14 AM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Documents and Settings\Administrator\Policies\catsrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\DNA\btdna.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon
O4 - HKLM\..\Run: [catsrv] "C:\Documents and Settings\Administrator\Policies\catsrv.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PKVOLUME] C:\Program Files\PKVolume\PKVOLUME.exe
O4 - HKLM\..\Run: [Pepsi Volume Controller 3.0] C:\Program Files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Administrator\Policies\catsrv.exe -AutoStart
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) -
http://earthcaller.c...serAgentCAB.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0446776D-2BEE-4894-A738-63FF7EF2A586}: NameServer = 208.67.220.220,4.2.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9943 bytes