ok Heres the combo-fix log and i'm doing the next two steps now ComboFix 08-05-21.3 - Melanie 2008-05-23 11:31:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.394 [GMT 10:00]
Running from: C:\Documents and Settings\Melanie\Desktop\Combo-Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\downld
.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.
2008-05-21 23:54 . 2008-05-23 11:35 1,294,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-21 23:54 . 2008-05-23 01:44 15,524 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-21 23:51 . 2008-05-21 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-21 23:51 . 2008-04-02 20:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-05-21 23:51 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-21 23:51 . 2008-05-21 23:53 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-21 23:50 . 2008-05-21 23:50 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-21 23:36 . 2008-05-21 23:27 176,768 --a------ C:\FxBeagle.exe
2008-05-21 17:23 . 2008-05-21 17:23 3,728 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-21 15:20 . 2008-05-21 15:22 <DIR> d-------- C:\Program Files\True Sword 4
2008-05-21 15:20 . 2008-05-21 15:20 <DIR> d-------- C:\Documents and Settings\Melanie\Application Data\True Sword
2008-05-21 08:28 . 2008-05-22 23:17 13,312 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-05-20 19:38 . 2008-05-23 01:23 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-20 19:15 . 2008-05-22 22:01 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-20 19:15 . 2008-05-20 19:15 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-20 19:15 . 2008-05-20 19:15 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-20 17:03 . 2008-05-20 17:03 <DIR> d-------- C:\Documents and Settings\Melanie\Application Data\AVGTOOLBAR
2008-05-20 17:02 . 2008-05-20 17:02 <DIR> d-------- C:\Program Files\AVG
2008-05-20 17:02 . 2008-05-20 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-20 16:36 . 2008-05-20 16:42 3,957,875 --a------ C:\WINDOWS\system32\ZVYSCEG
2008-05-17 11:07 . 2008-05-17 11:04 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-17 11:07 . 2008-05-17 11:07 2,545 --a------ C:\WINDOWS\unins000.dat
2008-05-16 22:37 . 2008-05-22 22:07 <DIR> d-------- C:\Program Files\eMule
2008-05-14 22:31 . 2008-05-21 09:30 <DIR> d-------- C:\Program Files\Free Download Manager
2008-05-14 22:31 . 2008-05-14 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-05-10 16:09 . 2008-05-22 17:16 <DIR> d-------- C:\Documents and Settings\Melanie\Application Data\skypePM
2008-05-10 16:09 . 2008-05-10 16:09 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-10 16:08 . 2008-05-10 16:08 <DIR> d-------- C:\Program Files\Skype
2008-05-10 16:08 . 2008-05-10 16:08 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-10 16:08 . 2008-05-22 21:51 <DIR> d-------- C:\Documents and Settings\Melanie\Application Data\Skype
2008-05-10 16:07 . 2008-05-10 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-04 20:23 . 2008-05-04 20:30 <DIR> d-------- C:\Program Files\PacificPoker4
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 06:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 05:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-21 05:51 --------- d-----w C:\Documents and Settings\Melanie\Application Data\Free Download Manager
2008-05-20 23:31 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-20 23:30 --------- d-----w C:\Program Files\DivX
2008-05-20 22:31 --------- d-----w C:\Documents and Settings\Melanie\Application Data\DNA
2008-05-20 22:26 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-05-20 22:25 --------- d-----w C:\Program Files\QuickTime
2008-05-20 22:25 --------- d-----w C:\Program Files\LimeWire
2008-05-20 12:36 --------- d-----w C:\Program Files\Notebook Maximizer
2008-05-20 01:59 --------- d-----w C:\Program Files\Intel
2008-05-20 01:55 --------- d-----w C:\Documents and Settings\Melanie\Application Data\Intel
2008-05-20 01:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-20 01:39 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-20 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-19 00:30 --------- d-----w C:\Documents and Settings\Melanie\Application Data\LimeWire
2008-04-14 13:35 --------- d-----w C:\Program Files\CDBurnerXP
2008-04-02 10:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-21_10.41.59.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 00:36:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 01:18:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-07-19 05:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-04-02 10:07:36 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2008-05-20 13:27:28 65,446 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-21 00:40:54 65,446 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-20 13:27:28 411,142 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-21 00:40:55 411,142 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-02 10:07:40 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2008-04-02 10:08:00 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2008-04-02 10:07:40 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2008-04-02 10:07:40 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2008-04-02 10:07:40 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2008-04-02 10:07:42 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2008-04-02 10:07:42 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2008-04-02 10:07:42 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2008-04-02 10:07:42 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2008-04-02 10:07:44 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2008-04-02 10:07:44 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2008-04-02 10:07:32 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-30 14:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 04:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 14:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-30 14:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 14:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 14:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 14:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-19 13:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-12-03 04:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 08:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 14:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 14:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 14:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 14:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-12-03 04:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 08:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2008-04-02 10:07:32 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 02:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2008-04-02 10:07:34 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2008-04-02 10:07:34 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2008-04-02 10:07:34 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2008-04-02 10:08:02 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-05-21 14:12:55 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-04-02 10:08:02 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-04-02 10:08:02 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-04-02 10:08:02 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-04-02 10:09:10 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-04-02 10:09:12 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-02-26 17:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2008-02-26 17:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2008-04-02 10:07:38 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2008-01-20 22:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-02-26 17:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2008-02-26 17:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2008-04-02 10:07:38 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2008-04-02 10:09:12 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-04-02 10:09:14 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-04 10:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-10-11 06:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2008-04-02 10:07:54 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 07:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2008-04-02 10:07:40 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2008-04-02 10:07:40 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2008-04-02 10:07:54 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2008-04-02 10:07:40 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2008-04-02 10:07:42 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2008-04-02 10:07:42 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2008-01-20 22:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2008-04-02 10:07:44 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2008-04-02 10:07:44 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2008-04-02 10:07:46 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2008-04-02 10:07:46 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
C:\WINDOWS\mpcodecplg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [ ]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 11:57 73728]
"TSkrMain"="C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2004-07-01 10:29 49152]
"TPSODDCtl"="TPSODDCtl.exe" [2004-12-28 13:32 110592 C:\WINDOWS\system32\TPSODDCtl.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 13:31 270336 C:\WINDOWS\system32\TPSMain.exe]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-22 12:00 126976]
"TosRotation"="C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2004-12-14 13:25 266240]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2005-01-19 08:18 126976]
"TMESBS.EXE"="C:\Program Files\TOSHIBA\TME3\TMESBS32.exe" [2003-08-02 08:56 86016]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2004-12-07 15:54 81920]
"TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2004-12-15 05:50 340032]
"TAcelMgr"="C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2004-12-17 05:56 90112]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 22:00 16384]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2004-08-04 22:00 271872]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-15 03:11 1388544]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-16 09:03 135168]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2004-11-04 05:12 147456]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 18:05 122939]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-20 19:15 1177368]
"CrossMenu"="C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe" [2005-01-07 11:37 798720]
"00THotkey"="C:\WINDOWS\system32\
00THotkey.exe" [2004-08-11 11:21 258048]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 20:07 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="%windir%\help\wizard.hta" [ ]
C:\Documents and Settings\Melanie\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-08 07:35:29 155648]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"System Patcher"= BTCPatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 22:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 21:41 11776 C:\WINDOWS\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 22:00 30208 C:\WINDOWS\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= usbkt1x1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Melanie^Start Menu^Programs^Startup^WordWeb.lnk]
backup=C:\WINDOWS\pss\WordWeb.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\
000StTHK]
--a------ 2001-06-24 14:28 24576 C:\WINDOWS\system32\
000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-03-24 16:40 196608 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-05-12 09:51 289088 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 22:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
C:\Program Files\Free Download Manager\FUM\fumoei.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-10-26 03:52 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-10-26 03:56 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-12-18 00:20 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2003-09-27 09:43 184320 C:\Program Files\ltmoh\Ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
--a------ 2004-05-26 08:35 28672 C:\Program Files\Notebook Maximizer\maximizer_startup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2004-06-29 04:16 73728 C:\WINDOWS\system32\TFNF5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough_server.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\STAR WARS Jedi Academy\\jamp.exe"=
"C:\\Robot arena 2\\RArena2\\Robot Arena 2\\Robot Arena 2.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-28 17:31]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-14 06:24]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-20 19:15]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-17 05:08]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-20 19:15]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
R2 Tmesbs;Tmesbs32;"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service []
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-13 16:48]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-12-01 10:04]
R3 TMicAry;Toshiba Audio Effect with MicArray;C:\WINDOWS\system32\DRIVERS\TMicAry.sys [2004-02-05 04:27]
R3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-04 09:04]
S3 UKS11LDR;M-Audio USB Keystation Loader;C:\WINDOWS\system32\drivers\uks11ldr.sys []
S3 USBKT1X1;M-Audio USB Keystation;C:\WINDOWS\system32\drivers\usbkt1x1.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3170c0-fad2-11dc-8c10-000e35cd1249}]
\Shell\AutoRun\command - E:\WD_Windows_Tools\setup.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 13:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-22 15:07:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-07 13:58:48 C:\WINDOWS\Tasks\shutdown.job"
- C:\WINDOWS\system32\shutdown.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-23 11:34:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-23 11:36:20
ComboFix-quarantined-files.txt 2008-05-23 01:36:07
ComboFix2.txt 2008-05-21 00:42:40
Pre-Run: 27,040,071,680 bytes free
Post-Run: 27,121,319,936 bytes free
303 --- E O F --- 2008-05-17 02:05:59
This topic is locked
Sign In
Create Account
