Trojan Explosion! - Free Antivirus Forum

Trojan Explosion!

BullGuard Antivirus Forum > Virus > Virus Questions > Trojan Explosion!

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

MAGUS
New Member

Date Joined May 2008
Total Posts : 14

Posted 5-15-2008 7:42 (GMT +1)

I have probably 9 trojans and I can't get rid of them

They disabled my task manager and registry editing but I was able to get task manager to work I just cannot get registry editing to work :(
I tried this
www.bullguard.com/forum/8/Registry-editor-has-been-disab_38369.html

But I cannot merge any files because that is a part of registry editing so what do I do?!

MAGUS
New Member

Date Joined May 2008
Total Posts : 14

Posted 5-15-2008 7:57 (GMT +1)

Here is my log

ComboFix 08-05-12.1 - Tyler Weiss 2008-05-14 23:43:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1564 [GMT -7:00]
Running from: C:\Documents and Settings\Tyler Weiss\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\cftmon.exe
C:\Documents and Settings\Tyler Weiss\Application Data\ASKS~1
C:\Documents and Settings\Tyler Weiss\Application Data\ICROSO~1.NET
C:\Documents and Settings\Tyler Weiss\cftmon.exe
C:\smp.bat
C:\WINDOWS\b111.exe
C:\WINDOWS\icroso~1
C:\WINDOWS\icroso~1\?icrosoft\
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\dgOWxGgh.ini
C:\WINDOWS\system32\dgOWxGgh.ini2
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\hgGx!!!d.dll
C:\WINDOWS\system32\nnnoMGYr.dll
C:\WINDOWS\system32\version69ie7fix.dll
C:\WINDOWS\system32\wnstsicc.exe
C:\WINDOWS\system32\xidttihe.ini
C:\WINDOWS\system32\yayayxy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Schedule
-------\Service_Schedule

((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-14 23:43 . 2008-05-14 23:43 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-14 23:39 . 2008-05-14 23:40 <DIR> d-------- C:\Program Files\CCleaner
2008-05-14 23:22 . 2008-05-14 23:22 328 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-05-14 23:15 . 2008-05-14 23:15 <DIR> d-------- C:\!KillBox
2008-05-14 22:57 . 2008-05-14 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-14 22:57 . 2008-05-14 18:48 217,088 --a------ C:\WINDOWS\fvowketqxfo.dll
2008-05-14 22:57 . 2008-05-14 18:47 176,128 --a------ C:\WINDOWS\mpfanvqg.dll
2008-05-14 22:57 . 2008-05-14 18:48 94,208 --a------ C:\WINDOWS\epfg.exe
2008-05-14 22:57 . 2008-05-14 18:49 81,920 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-14 22:57 . 2008-05-14 22:57 29,824 --a------ C:\WINDOWS\system32\tuvSmmmK.dll
2008-05-14 22:57 . 2008-05-14 22:57 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-14 22:56 . 2008-05-14 22:56 72,192 --a------ C:\mxuxc.exe
2008-05-14 22:56 . 2008-05-14 23:48 68,018 --a------ C:\WINDOWS\system32\iuzqpaf.sys
2008-05-14 22:56 . 2008-05-14 22:56 13,312 --a------ C:\kbvxxo.exe
2008-05-14 22:56 . 2008-05-14 22:56 10,000 --a------ C:\WINDOWS\system32\jfiehayd.dll
2008-05-14 22:56 . 2008-05-14 22:56 5,120 --a------ C:\jgkpt.exe
2008-05-14 22:56 . 2008-05-14 22:56 2 --a------ C:\539448514
2008-05-14 22:09 . 2008-05-14 22:19 8,467,474 --a------ C:\Documents and Settings\Tyler Weiss\Gears.of.War-Key Generator.exe
2008-05-14 13:53 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-14 13:49 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-14 13:49 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-14 13:49 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-14 13:49 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-14 13:49 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-14 13:49 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-13 23:41 . 2008-05-14 21:47 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\Microsoft Games
2008-05-13 23:01 . 2008-05-13 23:01 <DIR> d-------- C:\Program Files\Microsoft Games
2008-05-11 23:42 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-11 23:42 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-11 23:42 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-11 23:42 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-11 23:42 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-05-10 11:19 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-05-10 11:19 . 2008-05-10 11:19 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-05-10 11:19 . 2008-05-10 11:19 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-05-07 20:36 . 2008-05-07 20:37 <DIR> d-------- C:\3dsmax9Tutorials
2008-05-06 19:06 . 2008-05-06 19:06 0 --a------ C:\WINDOWS\DXT4E.tmp
2008-05-06 19:06 . 2008-05-06 19:06 0 --a------ C:\WINDOWS\DXT4D.tmp
2008-05-06 19:06 . 2008-05-06 19:06 0 --a------ C:\WINDOWS\DXT4C.tmp
2008-05-06 19:06 . 2008-05-06 19:06 0 --a------ C:\WINDOWS\DXT4B.tmp
2008-05-04 23:03 . 2008-05-05 13:43 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\Azureus
2008-05-04 23:03 . 2008-05-04 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-04 23:00 . 2008-05-04 23:01 <DIR> d-------- C:\Program Files\Azureus
2008-05-04 16:29 . 2008-05-04 16:40 <DIR> d-------- C:\Program Files\GStudio7
2008-05-04 16:29 . 2008-05-04 16:38 17,408 --a------ C:\psapi.dll
2008-05-04 13:39 . 2008-05-04 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-04 13:38 . 2008-05-04 13:41 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-02 22:40 . 2008-05-02 22:54 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\MilkShape 3D 1.x.x
2008-05-02 22:39 . 2008-05-02 22:40 <DIR> d-------- C:\Program Files\MilkShape 3D 1.8.2
2008-05-02 21:51 . 2008-05-02 21:51 <DIR> d-------- C:\Program Files\Torque
2008-05-01 20:07 . 2008-05-01 20:07 <DIR> d-------- C:\Program Files\TrueCrypt
2008-05-01 20:07 . 2008-05-01 20:07 223,424 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2008-05-01 20:06 . 2008-05-01 20:10 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\TrueCrypt
2008-04-28 09:46 . 2008-04-28 09:46 <DIR> d-------- C:\Program Files\ScummVM
2008-04-28 09:46 . 2008-04-28 09:46 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\ScummVM
2008-04-26 23:12 . 2008-04-26 23:12 <DIR> d-------- C:\Program Files\Datel
2008-04-26 22:57 . 2006-02-15 13:45 13,312 --a------ C:\WINDOWS\system32\VistaRundll.exe
2008-04-26 22:53 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-04-26 22:53 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-04-26 22:53 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-04-26 22:53 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-04-26 22:53 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-04-26 22:53 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-04-26 22:53 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-04-26 22:53 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-04-26 22:53 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-04-26 22:52 . 2008-04-26 22:52 <DIR> d-------- C:\Program Files\Apache Group
2008-04-25 22:35 . 2008-05-04 22:58 <DIR> d-------- C:\Program Files\mIRC
2008-04-25 22:35 . 2008-05-04 22:58 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\mIRC
2008-04-22 10:58 . 2008-04-22 10:58 <DIR> d-------- C:\Program Files\Solstar Games
2008-04-19 17:35 . 2008-04-19 17:35 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-04-19 17:35 . 2003-07-19 08:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-19 17:35 . 2005-01-02 23:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-19 17:23 . 2008-04-19 17:23 <DIR> d-------- C:\AeriaGames
2008-04-18 20:37 . 2008-05-14 13:54 <DIR> d-------- C:\WINDOWS\nview
2008-04-18 20:37 . 2008-05-14 23:48 176,979 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-18 19:29 . 2008-04-18 19:29 27 --a------ C:\WINDOWS\S3K.INI
2008-04-18 17:57 . 2005-05-08 17:56 55,808 --a------ C:\WINDOWS\system32\zlib1.dll
2008-04-18 12:29 . 2008-04-18 20:26 <DIR> d-------- C:\Program Files\SEGA
2008-04-17 22:46 . 2008-04-17 22:46 <DIR> d-------- C:\Program Files\iPod
2008-04-17 19:11 . 2008-04-17 19:11 1,112,288 --a------ C:\WINDOWS\system32\WdfCoInstaller01007.dll
2008-04-16 12:45 . 2008-04-16 12:45 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-16 12:22 . 2008-05-14 23:26 754 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 12:21 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-16 12:21 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-16 12:21 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-16 12:21 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-16 12:21 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-16 12:21 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-16 12:21 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 06:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-15 05:58 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-15 05:58 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\uTorrent
2008-05-15 05:56 --------- d-----w C:\Program Files\Google
2008-05-15 05:40 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\IGN_DLM
2008-05-14 20:54 --------- d-----w C:\Program Files\Steam
2008-05-14 20:48 --------- d-----w C:\Program Files\LucasArts
2008-05-14 05:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 05:54 --------- d-----w C:\Program Files\Bethesda Softworks
2008-05-07 17:31 --------- d-----w C:\Program Files\Corel
2008-05-07 17:31 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\Corel
2008-05-05 20:51 --------- d-----w C:\Program Files\BitLord
2008-05-05 20:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 05:47 --------- d-----w C:\Program Files\DivX
2008-05-04 20:41 --------- d-----w C:\Program Files\Autodesk
2008-05-03 05:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-04-27 06:14 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\Datel
2008-04-18 05:48 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 05:47 --------- d-----w C:\Program Files\iTunes
2008-04-18 05:46 --------- d-----w C:\Program Files\QuickTime
2008-04-14 04:58 115,416 ----a-w C:\hXjn.exe
2008-04-08 03:52 --------- d-----w C:\Program Files\CF3B5
2008-04-05 05:05 --------- d-----w C:\Program Files\AMD
2008-04-05 05:04 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\InstallShield
2008-04-03 04:49 --------- d-----w C:\Program Files\DVD Shrink
2008-04-03 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-02 16:53 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-02 16:52 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\SystemRequirementsLab
2008-03-27 23:27 503,008 ----a-w C:\WINDOWS\system32\drivers\wdf01000.sys
2008-03-27 23:27 35,040 ----a-w C:\WINDOWS\system32\drivers\wdfldr.sys
2008-03-26 18:50 --------- d-----w C:\Program Files\Nostalgia
2008-03-25 00:08 --------- d-----w C:\Program Files\Java
2008-03-23 23:04 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-23 23:04 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-19 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-03-05 08:28 52,736 ----a-w C:\WINDOWS\ipuninst.exe
2007-12-18 06:09 241,664 ----a-w C:\Documents and Settings\Tyler Weiss\msipl.bin
2007-12-18 05:01 0 ----a-w C:\Documents and Settings\Tyler Weiss\mspformat.exe
2007-12-07 21:00 22,328 ----a-w C:\Documents and Settings\Tyler Weiss\Application Data\PnkBstrK.sys
2007-11-26 04:51 10 ----a-w C:\Program Files\.autoreg
2007-10-13 17:11 5,818 ----a-w C:\Program Files\install.log
2007-08-23 01:02 32,768 ----a-w C:\Documents and Settings\Tyler Weiss\msinst.exe
2007-10-24 04:26 56 --sh--r C:\WINDOWS\system32\CE717F4393.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
2008-05-14 22:56 10000 --a------ C:\WINDOWS\system32\jfiehayd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4e26a3a-80e0-4467-b116-4f0dc4441c4a}]
2008-05-14 18:48 217088 --a------ C:\WINDOWS\fvowketqxfo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Jnskdfmf9eldfd"="C:\DOCUME~1\TYLERW~1\LOCALS~1\Temp\csrssc.exe" [2008-05-14 23:48 15505]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-26 21:21:01 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [2008-05-14 22:56 10000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"= {C6A376ED-1E78-4FD9-BC99-AEEEB3B07988} - C:\WINDOWS\mpfanvqg.dll [2008-05-14 18:47 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-24 13:30]
S3 pnicml;pnicml;C:\DOCUME~1\TYLERW~1\LOCALS~1\Temp\pnicml.sys []
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 14:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 05:43:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 23:48:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-14 23:51:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 06:51:45

Pre-Run: 30,145,945,600 bytes free
Post-Run: 30,051,680,256 bytes free

261 --- E O F --- 2008-04-16 19:53:50

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 5-15-2008 8:01 (GMT +1)

Hello

Please post a hijackthis log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

MAGUS
New Member

Date Joined May 2008
Total Posts : 14

Posted 5-15-2008 8:02 (GMT +1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:12 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\TYLERW~1\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Documents and Settings\Tyler Weiss\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll
O2 - BHO: QXK Rhythm - {d4e26a3a-80e0-4467-b116-4f0dc4441c4a} - C:\WINDOWS\fvowketqxfo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\TYLERW~1\LOCALS~1\Temp\csrssc.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186595770484
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O21 - SSODL: mpfanvqg - {C6A376ED-1E78-4FD9-BC99-AEEEB3B07988} - C:\WINDOWS\mpfanvqg.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6233 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 5-15-2008 8:08 (GMT +1)

1. Download AVG Anti-Virus Free Edition

2. AVG Free Anti-Virus can be downloaded from: http://free.grisoft.com/ww.download?prd=afe

Scroll down the page and click Download Free Version. Under the Windows section, click to download the file under AVG Free for Windows installation files. Click OK to save the file to your PC.

Double-click the file you downloaded, and click Next on the welcome screen. Click Accept to agree to the License Agreement. Choose Standard Installation then click Next.

A window will now pop-up if there are any available updates. Click Update to download them. AVG will download and automatically install any updates. Click OK when finished.

Back on the First Run window, click Next to proceed. Leave the Daily Scanning settings as they are and click Next.

You now have the option to perform a scan to test your computer for viruses.

Click Scan computer!

Reboot, post new combofix log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Post Edited (Touch) : 15-05-2008 07:10:01 GMT

MAGUS
New Member

Date Joined May 2008
Total Posts : 14

Posted 5-15-2008 8:59 (GMT +1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:32 AM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Tyler Weiss\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AVG Security Toolbar - {a057a204-bacc-4d26-9990-79a187e2698e} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O2 - BHO: QXK Rhythm - {d4e26a3a-80e0-4467-b116-4f0dc4441c4a} - C:\WINDOWS\fvowketqxfo.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\TYLERW~1\LOCALS~1\Temp\csrssc.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186595770484
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: mpfanvqg - {C6A376ED-1E78-4FD9-BC99-AEEEB3B07988} - C:\WINDOWS\mpfanvqg.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6514 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 5-15-2008 10:02 (GMT +1)

Seems to you have missed this part - Reboot, post new combofix log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

MAGUS
New Member

Date Joined May 2008
Total Posts : 14

Posted 5-15-2008 5:41 (GMT +1)

Every time I run cleaner it does not give me a log file?

MAGUS
New Member

Date Joined May 2008
Total Posts : 14

Posted 5-15-2008 5:46 (GMT +1)

ComboFix 08-05-12.1 - Tyler Weiss 2008-05-15 9:38:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1544 [GMT -7:00]
Running from: C:\Documents and Settings\Tyler Weiss\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\rs.txt

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-15 00:09 . 2008-05-15 09:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-15 00:07 . 2008-05-15 09:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-15 00:07 . 2008-05-15 00:07 <DIR> d-------- C:\Program Files\AVG
2008-05-15 00:07 . 2008-05-15 00:14 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\AVGTOOLBAR
2008-05-15 00:07 . 2008-05-15 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-15 00:07 . 2008-05-15 00:07 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-15 00:07 . 2008-05-15 00:07 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-15 00:07 . 2008-05-15 00:07 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-14 23:43 . 2008-05-14 23:43 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-14 23:39 . 2008-05-14 23:40 <DIR> d-------- C:\Program Files\CCleaner
2008-05-14 23:15 . 2008-05-14 23:15 <DIR> d-------- C:\!KillBox
2008-05-14 22:57 . 2008-05-14 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-14 22:57 . 2008-05-14 18:47 176,128 --a------ C:\WINDOWS\mpfanvqg.dll
2008-05-14 22:57 . 2008-05-14 18:48 94,208 --a------ C:\WINDOWS\epfg.exe
2008-05-14 22:57 . 2008-05-14 18:49 81,920 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-14 22:57 . 2008-05-14 22:57 29,824 --a------ C:\WINDOWS\system32\tuvSmmmK.dll
2008-05-14 22:57 . 2008-05-14 22:57 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-14 22:56 . 2008-05-15 09:40 68,018 --a------ C:\WINDOWS\system32\iuzqpaf.sys
2008-05-14 22:56 . 2008-05-14 22:56 13,312 --a------ C:\kbvxxo.exe
2008-05-14 22:56 . 2008-05-14 22:56 2 --a------ C:\539448514
2008-05-14 22:09 . 2008-05-14 22:19 8,467,474 --a------ C:\Documents and Settings\Tyler Weiss\Gears.of.War-Key Generator.exe
2008-05-14 13:53 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-14 13:49 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-14 13:49 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-14 13:49 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-14 13:49 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-14 13:49 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-14 13:49 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-13 23:41 . 2008-05-15 00:01 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\Microsoft Games
2008-05-11 23:42 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-11 23:42 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-11 23:42 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-11 23:42 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-11 23:42 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-05-10 11:19 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-05-10 11:19 . 2008-05-10 11:19 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-05-10 11:19 . 2008-05-10 11:19 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-05-07 20:36 . 2008-05-07 20:37 <DIR> d-------- C:\3dsmax9Tutorials
2008-05-06 19:06 . 2008-05-06 19:06 0 --a------ C:\WINDOWS\DXT4E.tmp
2008-05-06 19:06 . 2008-05-06 19:06 0 --a------ C:\WINDOWS\DXT4D.tmp
2008-05-06 19:06 . 2008-05-06 19:06 0 --a------ C:\WINDOWS\DXT4C.tmp
2008-05-06 19:06 . 2008-05-06 19:06 0 --a------ C:\WINDOWS\DXT4B.tmp
2008-05-04 23:03 . 2008-05-05 13:43 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\Azureus
2008-05-04 23:03 . 2008-05-04 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-04 23:00 . 2008-05-04 23:01 <DIR> d-------- C:\Program Files\Azureus
2008-05-04 16:29 . 2008-05-04 16:40 <DIR> d-------- C:\Program Files\GStudio7
2008-05-04 16:29 . 2008-05-04 16:38 17,408 --a------ C:\psapi.dll
2008-05-04 13:39 . 2008-05-04 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-04 13:38 . 2008-05-04 13:41 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-02 22:40 . 2008-05-02 22:54 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\MilkShape 3D 1.x.x
2008-05-02 22:39 . 2008-05-02 22:40 <DIR> d-------- C:\Program Files\MilkShape 3D 1.8.2
2008-05-02 21:51 . 2008-05-02 21:51 <DIR> d-------- C:\Program Files\Torque
2008-05-01 20:07 . 2008-05-01 20:07 <DIR> d-------- C:\Program Files\TrueCrypt
2008-05-01 20:07 . 2008-05-01 20:07 223,424 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2008-05-01 20:06 . 2008-05-01 20:10 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\TrueCrypt
2008-04-28 09:46 . 2008-04-28 09:46 <DIR> d-------- C:\Program Files\ScummVM
2008-04-28 09:46 . 2008-04-28 09:46 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\ScummVM
2008-04-26 23:12 . 2008-04-26 23:12 <DIR> d-------- C:\Program Files\Datel
2008-04-26 22:57 . 2006-02-15 13:45 13,312 --a------ C:\WINDOWS\system32\VistaRundll.exe
2008-04-26 22:53 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-04-26 22:53 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-04-26 22:53 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-04-26 22:53 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-04-26 22:53 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-04-26 22:53 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-04-26 22:53 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-04-26 22:53 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-04-26 22:53 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-04-26 22:52 . 2008-04-26 22:52 <DIR> d-------- C:\Program Files\Apache Group
2008-04-25 22:35 . 2008-05-04 22:58 <DIR> d-------- C:\Program Files\mIRC
2008-04-25 22:35 . 2008-05-04 22:58 <DIR> d-------- C:\Documents and Settings\Tyler Weiss\Application Data\mIRC
2008-04-22 10:58 . 2008-04-22 10:58 <DIR> d-------- C:\Program Files\Solstar Games
2008-04-19 17:35 . 2008-04-19 17:35 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-04-19 17:35 . 2003-07-19 08:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-19 17:35 . 2005-01-02 23:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-19 17:23 . 2008-04-19 17:23 <DIR> d-------- C:\AeriaGames
2008-04-18 20:37 . 2008-05-14 13:54 <DIR> d-------- C:\WINDOWS\nview
2008-04-18 20:37 . 2008-05-15 09:33 176,979 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-18 19:29 . 2008-04-18 19:29 27 --a------ C:\WINDOWS\S3K.INI
2008-04-18 17:57 . 2005-05-08 17:56 55,808 --a------ C:\WINDOWS\system32\zlib1.dll
2008-04-18 12:29 . 2008-04-18 20:26 <DIR> d-------- C:\Program Files\SEGA
2008-04-17 22:46 . 2008-04-17 22:46 <DIR> d-------- C:\Program Files\iPod
2008-04-17 19:11 . 2008-04-17 19:11 1,112,288 --a------ C:\WINDOWS\system32\WdfCoInstaller01007.dll
2008-04-16 12:45 . 2008-04-16 12:45 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-16 12:22 . 2008-05-14 23:26 754 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 12:21 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-16 12:21 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-16 12:21 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-16 12:21 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-16 12:21 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-16 12:21 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-16 12:21 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 07:51 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-15 06:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-15 05:58 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-15 05:58 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\uTorrent
2008-05-15 05:56 --------- d-----w C:\Program Files\Google
2008-05-15 05:40 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\IGN_DLM
2008-05-14 20:54 --------- d-----w C:\Program Files\Steam
2008-05-14 20:48 --------- d-----w C:\Program Files\LucasArts
2008-05-14 05:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 05:54 --------- d-----w C:\Program Files\Bethesda Softworks
2008-05-07 17:31 --------- d-----w C:\Program Files\Corel
2008-05-07 17:31 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\Corel
2008-05-07 17:30 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-07 04:21 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-05 20:51 --------- d-----w C:\Program Files\BitLord
2008-05-05 20:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 05:47 --------- d-----w C:\Program Files\DivX
2008-05-04 20:41 --------- d-----w C:\Program Files\Autodesk
2008-05-01 00:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-27 06:14 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\Datel
2008-04-18 05:48 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 05:47 --------- d-----w C:\Program Files\iTunes
2008-04-18 05:46 --------- d-----w C:\Program Files\QuickTime
2008-04-14 04:58 93,400 ----a-w C:\WINDOWS\system32\makecab.dll
2008-04-08 03:52 --------- d-----w C:\Program Files\CF3B5
2008-04-05 05:05 --------- d-----w C:\Program Files\AMD
2008-04-05 05:04 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\InstallShield
2008-04-03 04:49 --------- d-----w C:\Program Files\DVD Shrink
2008-04-03 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-02 16:53 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-02 16:52 --------- d-----w C:\Documents and Settings\Tyler Weiss\Application Data\SystemRequirementsLab
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 23:27 503,008 ----a-w C:\WINDOWS\system32\drivers\wdf01000.sys
2008-03-27 23:27 35,040 ----a-w C:\WINDOWS\system32\drivers\wdfldr.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 18:50 --------- d-----w C:\Program Files\Nostalgia
2008-03-26 18:36 164,352 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-25 00:08 --------- d-----w C:\Program Files\Java
2008-03-23 23:04 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-23 23:04 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-22 00:39 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-03-22 00:39 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2008-03-21 20:57 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-03-05 08:28 52,736 ----a-w C:\WINDOWS\ipuninst.exe
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 04:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-26 08:00 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-02-26 08:00 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-12-18 06:09 241,664 ----a-w C:\Documents and Settings\Tyler Weiss\msipl.bin
2007-12-18 05:01 0 ----a-w C:\Documents and Settings\Tyler Weiss\mspformat.exe
2007-12-07 21:00 22,328 ----a-w C:\Documents and Settings\Tyler Weiss\Application Data\PnkBstrK.sys
2007-11-26 04:51 10 ----a-w C:\Program Files\.autoreg
2007-10-13 17:11 5,818 ----a-w C:\Program Files\install.log
2007-08-23 01:02 32,768 ----a-w C:\Documents and Settings\Tyler Weiss\msinst.exe
2007-10-24 04:26 56 --sh--r C:\WINDOWS\system32\CE717F4393.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a057a204-bacc-4d26-9990-79a187e2698e}]
2008-05-15 00:07 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
C:\WINDOWS\system32\jfiehayd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4e26a3a-80e0-4467-b116-4f0dc4441c4a}]
C:\WINDOWS\fvowketqxfo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-15 00:07 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-15 00:07 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-15 00:07 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-26 21:21:01 113664]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"= {C6A376ED-1E78-4FD9-BC99-AEEEB3B07988} - C:\WINDOWS\mpfanvqg.dll [2008-05-14 18:47 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 avgldx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-15 00:07]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-15 00:07]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-15 00:07]
R2 avgtdix;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-15 00:07]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-24 13:30]
S3 pnicml;pnicml;C:\DOCUME~1\TYLERW~1\LOCALS~1\Temp\pnicml.sys []
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 14:50]

*Newly Created Service* - catchme
.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 05:43:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 09:40:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-15 9:41:30
ComboFix-quarantined-files.txt 2008-05-15 16:41:27
ComboFix2.txt 2008-05-15 06:51:48

Pre-Run: 40,315,600,896 bytes free
Post-Run: 40,301,883,392 bytes free

286 --- E O F --- 2008-05-15 07:56:58

MAGUS
New Member

Date Joined May 2008
Total Posts : 14

Posted 5-15-2008 5:53 (GMT +1)

Also I now cannot right click my desktop and it changed my backround!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 5-17-2008 2:35 (GMT +1)

Open notepad and copy/paste the text in the quote box below into it:

Quote:

-----------------------------------------------------

KILLALL::

Snapshot::

File::

C:\WINDOWS\mpfanvqg.dll

C:\WINDOWS\epfg.exe
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\tuvSmmmK.dll

C:\WINDOWS\system32\iuzqpaf.sys
C:\kbvxxo.exe
C:\Documents and Settings\Tyler Weiss\Gears.of.War-Key Generator.exe

C:\WINDOWS\system32\jfiehayd.dll

C:\WINDOWS\fvowketqxfo.dll

C:\WINDOWS\privacy_danger\index.htm

Folder::

C:\Documents and Settings\Tyler Weiss\Application Data\Azureus
C:\Documents and Settings\All Users\Application Data\Azureus
C:\Program Files\Azureus

C:\539448514

C:\Program Files\BitLord

C:\WINDOWS\system32\kr_done1de

Driver::

Gdrv

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4e26a3a-80e0-4467-b116-4f0dc4441c4a}]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source=-

----------------------------------------------

Save this as CFScript.txt

[url]http://www.fromsej.saknet.dk/billeder/cfscript.gif[/url]

At this point, You MUST EXIT ALL BROWSERS NOW before continuing!

Referring to the picture above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system.

It may reboot your system when it finishes. This is normal.

Post new hijackthis log along with fresh combofix log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

MAGUS
New Member

Date Joined May 2008
Total Posts : 14

Posted 5-17-2008 7:12 (GMT +1)

ComboFix 08-05-12.1 - Tyler Weiss 2008-05-16 22:58:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1623 [GMT -7:00]
Running from: C:\Documents and Settings\Tyler Weiss\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tyler Weiss\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Tyler Weiss\Gears.of.War-Key Generator.exe
C:\kbvxxo.exe
C:\WINDOWS\epfg.exe
C:\WINDOWS\fvowketqxfo.dll
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\iuzqpaf.sys
C:\WINDOWS\system32\jfiehayd.dll
C:\WINDOWS\system32\tuvSmmmK.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\539448514\
C:\Documents and Settings\All Users\Application Data\Azureus
C:\Documents and Settings\All Users\Application Data\Azureus\azCID.txt
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\.keystore
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\active\50324A2C92AD50C701A379E13CEB0877338E41C1.dat
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\active\50324A2C92AD50C701A379E13CEB0877338E41C1.dat.bak
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\active\77AFDE3C80709E40F118048E55418068407E57BD.dat
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\active\77AFDE3C80709E40F118048E55418068407E57BD.dat.bak
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\active\cache.dat
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\azureus.config
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\azureus.config.bak
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\azureus.statistics
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\azureus.statistics.bak
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\dht\addresses.dat
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\dht\contacts.dat
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\dht\diverse.dat
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\dht\general.dat
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\downloads.config
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\downloads.config.bak
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\filters.config
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\ipfilter.cache
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\alerts_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\AutoSpeed_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\debug_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\NetStatus_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\seltrace_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\SpeedMan_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\thread_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\v3.ads_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\v3.CMsgr_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\v3.PMsgr_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\logs\v3.Stream_1.log
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\net\pm_10311.dat
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\net\pm_default.dat
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tables.config
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tables.config.bak
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tmp\AZU22317.tmp
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tmp\AZU22318.tmp
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tmp\AZU22319.tmp
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tmp\AZU22320.tmp
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tmp\AZU22321.tmp
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tmp\AZU22322.tmp
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tmp\AZU22323.tmp
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tmp\AZU22324.tmp
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\torrents\NesterDC SE full no-intro.rar.torrent
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\torrents\Prima eGuides-1.torrent
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tracker.config
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\tracker.config.bak
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\unsentdata.config
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\unsentdata.config.bak
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\VuzeActivities.config
C:\Documents and Settings\Tyler Weiss\Application Data\Azureus\VuzeActivities.config.bak
C:\Documents and Settings\Tyler Weiss\Gears.of.War-Key Generator.exe
C:\Program Files\Azureus
C:\Program Files\Azureus\.install4j\_shfoldr.dll
C:\Program Files\Azureus\.install4j\autoUninstall.0
C:\Program Files\Azureus\.install4j\files.log
C:\Program Files\Azureus\.install4j\i4j_extf_0_5p83tu.utf8
C:\Program Files\Azureus\.install4j\i4j_extf_1_5p83tu_jhp9vg.png
C:\Program Files\Azureus\.install4j\i4j_extf_2_5p83tu.txt
C:\Program Files\Azureus\.install4j\i4j_extf_3_5p83tu_1kde336.ico
C:\Program Files\Azureus\.install4j\i4j_extf_4_5p83tu_62t8mu.icns
C:\Program Files\Azureus\.install4j\i4jdel.exe
C:\Program Files\Azureus\.install4j\i4jinst.dll
C:\Program Files\Azureus\.install4j\i4jparams.conf
C:\Program Files\Azureus\.install4j\i4jruntime.jar
C:\Program Files\Azureus\.install4j\inst_jre.cfg
C:\Program Files\Azureus\.install4j\install.prop
C:\Program Files\Azureus\.install4j\installation.log
C:\Program Files\Azureus\.install4j\installer16.png
C:\Program Files\Azureus\.install4j\installer32.png
C:\Program Files\Azureus\.install4j\installerHeader.png
C:\Program Files\Azureus\.install4j\MessagesDefault
C:\Program Files\Azureus\.install4j\response.varfile
C:\Program Files\Azureus\.install4j\unicows.dll
C:\Program Files\Azureus\.install4j\uninstallerHeader.png
C:\Program Files\Azureus\.install4j\user.jar
C:\Program Files\Azureus\aereg.dll
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Azureus\Azureus.exe.manifest
C:\Program Files\Azureus\Azureus.properties
C:\Program Files\Azureus\Azureus2.jar
C:\Program Files\Azureus\AzureusUpdater.exe
C:\Program Files\Azureus\GPL.txt
C:\Program Files\Azureus\installer.log
C:\Program Files\Azureus\msvcr71.dll
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.14.jar
C:\Program Files\Azureus\plugins\azemp\azmplay.exe
C:\Program Files\Azureus\plugins\azemp\azureus.sig
C:\Program Files\Azureus\plugins\azemp\cp1250-a.raw
C:\Program Files\Azureus\plugins\azemp\cp1250-b.raw
C:\Program Files\Azureus\plugins\azemp\osd-mplayer-a.raw
C:\Program Files\Azureus\plugins\azemp\osd-mplayer-b.raw
C:\Program Files\Azureus\plugins\azemp\plugin.properties
C:\Program Files\Azureus\plugins\azplugins\azplugins_2.1.6.jar
C:\Program Files\Azureus\plugins\azrating\azrating_1.3.1.jar
C:\Program Files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
C:\Program Files\Azureus\plugins\azupdater\azureus.sig
C:\Program Files\Azureus\plugins\azupdater\plugin.properties
C:\Program Files\Azureus\plugins\azupdater\Updater.jar
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
C:\Program Files\Azureus\plugins\azupnpav\azureus.sig
C:\Program Files\Azureus\plugins\azupnpav\plugin.properties
C:\Program Files\Azureus\swt.jar
C:\Program Files\Azureus\TOS.txt
C:\Program Files\Azureus\uninstall.exe
C:\Program Files\BitLord
C:\Program Files\BitLord\BitLord.xml
C:\Program Files\BitLord\Downloads.xml
C:\Program Files\BitLord\Downloads\[PSP]Warriors of The Lost Empire [USA][ESP-RIP][ESPALPSP.com]\ESPALNDS.com - Tu portal de descargas para Nintendo DS.url
C:\Program Files\BitLord\Downloads\[PSP]Warriors of The Lost Empire [USA][ESP-RIP][ESPALPSP.com]\ESPALPSP.com - Tu portal de descargas para PSP.url
C:\Program Files\BitLord\Downloads\[PSP]Warriors of The Lost Empire [USA][ESP-RIP][ESPALPSP.com]\ESPALWii.com - Tu portal de descargas para Wii.url
C:\Program Files\BitLord\Downloads\[PSP]Warriors of The Lost Empire [USA][ESP-RIP][ESPALPSP.com]\Leeme.txt
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.nfo
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r00
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r01.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r02.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r03.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r04.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r05.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r06.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r07
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r08.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r09.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r10.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r11.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r12
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r13.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r14.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r15.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r16.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r17.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r18.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r19.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r20
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r21.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r22
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r23.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r24.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r25.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r26.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r27.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r28.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r29.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r30.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.r31
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.rar.bc!
C:\Program Files\BitLord\Downloads\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP\psy-gama.sfv
C:\Program Files\BitLord\Downloads\PSP 145 Iso Games\PSP - 300 March To Glory.iso.bc!
C:\Program Files\BitLord\Downloads\PSP 145 Iso Games\PSP - CrashTagTeamRacing.ISO.bc!
C:\Program Files\BitLord\Downloads\PSP 145 Iso Games\PSP - Key Of Heaven.iso.bc!
C:\Program Files\BitLord\Downloads\PSP 145 Iso Games\PSP - Passport To London.iso.bc!
C:\Program Files\BitLord\Downloads\PSP 145 Iso Games\PSP - ReelFishing.iso.bc!
C:\Program Files\BitLord\Downloads\PSP 145 Iso Games\PSP - Snoopy Red Baron.iso.bc!
C:\Program Files\BitLord\Downloads\PSP 145 Iso Games\PSP - Star Trek Tactical Assault.iso.bc!
C:\Program Files\BitLord\lang\lang_ar_ae.xml
C:\Program Files\BitLord\lang\lang_bg_bg.xml
C:\Program Files\BitLord\lang\lang_ca_es.xml
C:\Program Files\BitLord\lang\lang_cz_cz.xml
C:\Program Files\BitLord\lang\lang_da_dk.xml
C:\Program Files\BitLord\lang\lang_de_de.xml
C:\Program Files\BitLord\lang\lang_el_gr.xml
C:\Program Files\BitLord\lang\lang_en_us.xml
C:\Program Files\BitLord\lang\lang_es_ar.xml
C:\Program Files\BitLord\lang\lang_es_es.xml
C:\Program Files\BitLord\lang\lang_et_ee.xml
C:\Program Files\BitLord\lang\lang_fi_fi.xml
C:\Program Files\BitLord\lang\lang_fr_fr.xml
C:\Program Files\BitLord\lang\lang_gl_es.xml
C:\Program Files\BitLord\lang\lang_he_il.xml
C:\Program Files\BitLord\lang\lang_hu_hu.xml
C:\Program Files\BitLord\lang\lang_it_it.xml
C:\Program Files\BitLord\lang\lang_jp_jp.xml
C:\Program Files\BitLord\lang\lang_ko_kr.xml
C:\Program Files\BitLord\lang\lang_nb_no.xml
C:\Program Files\BitLord\lang\lang_nl_nl.xml
C:\Program Files\BitLord\lang\lang_pl_pl.xml
C:\Program Files\BitLord\lang\lang_pt_br.xml
C:\Program Files\BitLord\lang\lang_pt_pt.xml
C:\Program Files\BitLord\lang\lang_ro_ro.xml
C:\Program Files\BitLord\lang\lang_ru_ru.xml
C:\Program Files\BitLord\lang\lang_sk_sk.xml
C:\Program Files\BitLord\lang\lang_sl_si.xml
C:\Program Files\BitLord\lang\lang_sr_sr.xml
C:\Program Files\BitLord\lang\lang_sv_se.xml
C:\Program Files\BitLord\lang\lang_th_th.xml
C:\Program Files\BitLord\lang\lang_tr_tr.xml
C:\Program Files\BitLord\lang\lang_va_es.xml
C:\Program Files\BitLord\lang\lang_zh_tw.xml
C:\Program Files\BitLord\rules\ipfilter.dat
C:\Program Files\BitLord\Torrents\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP.torrent
C:\Program Files\BitLord\Torrents\Gurumin_A_Monstrous_Adventure_USA_PSP-pSyPSP.xml
C:\WINDOWS\epfg.exe
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\iuzqpaf.sys
C:\WINDOWS\system32\kr_done1de\
C:\WINDOWS\system32\tuvSmmmK.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GDRV
-------\Service_gdrv
-------\Service