Member Panel

Pancake

AntiSpyware 2008 is corrupt anti spyware tool. It is widely promoted as a security application, but it is nothing more than a scam. AntiSpyware2008 (also known simply as AntiSpyware) is available at Antispyware.com and Antispyware2008.info. It is also distributed on other malicious websites that sells other fake anti spyware tools. Antispyware 2008 is unreliable program that displays exaggerated scan results in order to gain a purchase. Uninstall it................................

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer and also those in the registry.
Please visit this webpage for download links, and instructions for running ComboFix
When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Cobracon

Didn't know that about Antispyware 2008. The one I have is from Systweak and has never given me problems on either of my 3 computers. You're the expert, so I'll remove it and follow your other directions. Thanks.......

Cobracon

ComboFix Log:

ComboFix 08-06-03.1 - Brian Lowe 2008-06-04 19:15:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1625 [GMT -5:00]
Running from: C:\Documents and Settings\Brian Lowe\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
2008-06-04 08:02 . 2008-06-04 08:02 <DIR> d-------- C:\Deckard
2008-06-02 17:53 . 2008-06-02 17:54 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Application Data\DassaultSystemes
2008-06-02 17:52 . 2008-06-02 17:52 <DIR> d-------- C:\Program Files\Dassault Systemes
2008-06-02 17:49 . 2008-06-04 05:39 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-06-02 15:14 . 2008-06-02 15:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-01 16:55 . 2008-06-01 16:55 <DIR> d-------- C:\WINDOWS\Sun
2008-05-29 19:13 . 2008-06-02 18:34 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2008-05-28 15:27 . 2008-06-04 09:50 39 --a------ C:\WINDOWS\popcinfot.dat
2008-05-28 14:32 . 2008-06-04 09:25 <DIR> d-------- C:\Program Files\Steam
2008-05-28 04:19 . 2008-05-28 04:19 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-28 03:56 . 2001-07-05 11:19 164 --------- C:\WINDOWS\avrack.ini
2008-05-28 03:47 . 2004-07-01 02:02 584 --------- C:\WINDOWS\system32\drivers\alcxinit.dat
2008-05-28 03:46 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-28 03:00 . 2008-05-28 03:00 <DIR> d-------- C:\Program Files\Lavalys
2008-05-28 03:00 . 2008-05-28 03:00 4,179,293 --a------ C:\Program Files\everesthome220.exe
2008-05-28 02:50 . 2008-05-28 02:50 <DIR> d-------- C:\Program Files\RivaTuner v2.08
2008-05-28 02:27 . 2008-05-28 02:27 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-05-28 02:27 . 2008-05-28 02:27 <DIR> d-------- C:\Program Files\Futuremark
2008-05-28 02:27 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2008-05-28 02:27 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys
2008-05-27 09:38 . 2008-05-27 09:38 <DIR> d-------- C:\Program Files\Unlocker
2008-05-27 08:32 . 2008-06-02 17:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 08:32 . 2008-05-27 08:32 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Application Data\Malwarebytes
2008-05-27 08:32 . 2008-05-27 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 08:32 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-27 08:32 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-21 11:58 . 2008-05-21 11:58 <DIR> d-------- C:\Program Files\ClockGen_1.0.5.3
2008-05-21 11:54 . 2008-05-21 11:54 <DIR> d-------- C:\Program Files\PC Wizard 2008
2008-05-21 11:54 . 2008-05-21 11:54 2,770,045 --a------ C:\Program Files\PC Wizard 2008 v1.84.exe
2008-05-21 11:54 . 2007-09-15 15:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2008-05-21 11:51 . 2008-05-21 11:51 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3 Installation Files
2008-05-21 11:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-21 11:48 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-18 15:21 . 2008-06-04 05:39 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-18 13:34 . 2008-05-18 13:34 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-18 13:27 . 2008-05-18 13:27 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-05-18 13:20 . 2008-05-18 13:20 <DIR> d-------- C:\Program Files\CleanCache 3.0
2008-05-18 13:19 . 2008-05-18 13:20 1,302,325 --a------ C:\Program Files\CleanCache v3.5.exe
2008-05-18 13:17 . 2008-05-18 13:17 <DIR> d-------- C:\Program Files\PConPoint
2008-05-18 09:55 . 2008-05-18 09:55 <DIR> d-------- C:\Program Files\CCleaner
2008-05-18 09:54 . 2008-05-18 09:54 2,897,456 --a------ C:\Program Files\CCleaner v2.07.575.exe
2008-05-18 09:49 . 2008-05-18 09:50 <DIR> d-------- C:\Program Files\CrystalCPUID414
2008-05-18 09:48 . 2008-05-18 09:48 575,663 --a------ C:\Program Files\CrystalCPUID414.zip
2008-05-18 09:24 . 2008-05-01 16:02 561,152 --------- C:\WINDOWS\system32\MJ12.exe
2008-05-18 09:24 . 2007-09-14 11:53 53,248 --------- C:\WINDOWS\system32\BBInstaller.exe
2008-05-18 09:21 . 2008-05-18 09:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-18 09:21 . 2008-05-18 09:22 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-18 09:20 . 2008-05-18 09:20 <DIR> d-------- C:\Program Files\J River
2008-05-18 09:20 . 2008-05-18 09:20 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Application Data\J River
2008-05-18 09:20 . 2008-05-18 09:20 12,998,008 --a------ C:\Program Files\MediaJukebox12 (Freeware).exe
2008-05-18 09:17 . 2008-05-18 09:17 268 --ah----- C:\sqmdata00.sqm
2008-05-18 09:17 . 2008-05-18 09:17 244 --ah----- C:\sqmnoopt00.sqm
2008-05-18 09:02 . 2008-05-18 09:07 <DIR> d-------- C:\Program Files\RightMark Memory Analyzer
2008-05-18 09:00 . 2008-05-18 09:00 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-05-18 08:56 . 2008-04-13 19:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-18 08:46 . 2008-05-18 08:46 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-18 08:46 . 2008-05-18 08:46 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-18 08:46 . 2008-05-18 08:46 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-18 08:46 . 2008-05-18 08:46 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-18 08:44 . 2008-05-18 08:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-18 08:36 . 2008-04-13 19:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-05-18 08:24 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-18 08:09 . 2008-06-04 18:38 61 --a------ C:\WINDOWS\WININIT.INI
2008-05-18 08:06 . 2008-05-18 08:06 <DIR> d-------- C:\Program Files\X-Cleaner
2008-05-18 07:49 . 2008-06-04 19:01 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Application Data\Systweak
2008-05-18 07:49 . 2008-06-04 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Systweak
2008-05-18 07:45 . 2008-05-18 07:45 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-18 07:45 . 2008-05-18 08:12 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Contacts
2008-05-18 07:44 . 2008-05-18 07:45 <DIR> d-------- C:\Program Files\Windows Live
2008-05-18 07:44 . 2008-05-18 07:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-18 07:44 . 2008-05-18 07:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-18 07:24 . 2008-05-18 07:24 <DIR> d-------- C:\Program Files\RMClock
2008-05-18 07:13 . 2008-05-18 09:00 <DIR> d-------- C:\Program Files\Java
2008-05-18 07:13 . 2008-05-18 07:13 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-18 07:07 . 2008-05-18 07:09 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-18 06:50 . 2008-05-18 06:50 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-18 06:48 . 2008-05-18 06:48 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-18 06:48 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-18 06:48 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-18 06:43 . 2008-05-18 06:43 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 06:33 . 2008-06-04 05:41 <DIR> d-------- C:\Program Files\StumbleUpon
2008-05-18 06:33 . 2008-05-18 06:33 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Application Data\StumbleUpon
2008-05-18 06:18 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-18 06:18 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-18 06:18 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-18 06:18 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-18 06:18 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-18 06:18 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-18 06:18 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-18 06:18 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-18 06:18 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-18 06:05 . 2008-05-18 06:05 <DIR> d--hs---- C:\Documents and Settings\Brian Lowe\UserData
2008-05-18 06:00 . 2008-05-18 06:00 13,732 --a------ C:\WINDOWS\system32\wpa.bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-05 00:26 5,334,816 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-05 00:25 283,680 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-04 23:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-04 23:39 78,776 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-04 23:39 29,444 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-30 00:08 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 19:13 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 19:13 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-28 08:56 --------- d-----w C:\Program Files\AvRack
2008-05-28 07:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 10:55 --------- d-----w C:\Documents and Settings\Brian Lowe\Application Data\MSNInstaller
2008-05-18 10:41 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-05-18 10:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-18 10:24 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-18 10:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-04_ 6.20.31.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 10:48:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 23:39:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-04 10:40:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-06-04 23:40:05 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2008-06-04 10:40:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-04 23:40:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-04 23:40:05 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-18 11:45:44 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
+ 2008-06-04 13:48:28 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 12:19 15872]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 03:10 2691072]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 07:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adi alhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 cpuz129;cpuz129;C:\Program Files\PC Wizard 2008\pcwiz32.sys [2008-01-25 12:23]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 RTCore32;RTCore32;C:\Program Files\RMClock\RTCore32.sys [2005-05-25 10:39]
R3 SASPROT;Systweak AntiSpyware 2008;C:\Program Files\Systweak AntiSpyware\sasprot.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a25d710a-2490-11dd-8e42-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.EXE
*Newly Created Service* - CPUZ129
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 19:25:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-06-04 19:31:25
ComboFix-quarantined-files.txt 2008-06-05 00:31:16
ComboFix2.txt 2008-06-04 11:24:55
Pre-Run: 71,257,370,624 bytes free
Post-Run: 71,259,426,816 bytes free
271 --- E O F --- 2008-05-23 03:03:09

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:35 PM, on 6/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\PC Wizard 2008\PC Wizard.exe
C:\Program Files\PC Wizard 2008\pcwizard.dll
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = AT&T
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O3 - Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1211116646937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
--
End of file - 4266 bytes

Pancake

Ok.Just this to fix....

Before we can carry on with your cleanup we need to install your Recovery Console.
Go to Microsoft's website => How to obtain Windows XP Setup boot disks
Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Drag the setup package onto ComboFix.exe and drop it.
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
At the next prompt, click 'Yes' to run the full ComboFix scan.
When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review

=========================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

Killall::
Driver:

File::
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
Folder::
C:\Documents and Settings\Brian Lowe\Application Data\Systweak
C:\Documents and Settings\All Users\Application Data\Systweak

Registry::

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

Cobracon

ComboFix 08-06-03.1 - Brian Lowe 2008-06-04 21:26:23.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1622 [GMT -5:00]
Running from: C:\Documents and Settings\Brian Lowe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brian Lowe\Desktop\CFScript
* Created a new restore point
FILE ::
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
2008-06-04 08:02 . 2008-06-04 08:02 <DIR> d-------- C:\Deckard
2008-06-02 17:53 . 2008-06-02 17:54 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Application Data\DassaultSystemes
2008-06-02 17:52 . 2008-06-02 17:52 <DIR> d-------- C:\Program Files\Dassault Systemes
2008-06-02 17:49 . 2008-06-04 05:39 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-06-02 15:14 . 2008-06-02 15:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-01 16:55 . 2008-06-01 16:55 <DIR> d-------- C:\WINDOWS\Sun
2008-05-29 19:13 . 2008-06-02 18:34 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2008-05-28 15:27 . 2008-06-04 09:50 39 --a------ C:\WINDOWS\popcinfot.dat
2008-05-28 14:32 . 2008-06-04 09:25 <DIR> d-------- C:\Program Files\Steam
2008-05-28 04:19 . 2008-05-28 04:19 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-28 03:56 . 2001-07-05 11:19 164 --------- C:\WINDOWS\avrack.ini
2008-05-28 03:47 . 2004-07-01 02:02 584 --------- C:\WINDOWS\system32\drivers\alcxinit.dat
2008-05-28 03:46 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-28 03:00 . 2008-05-28 03:00 <DIR> d-------- C:\Program Files\Lavalys
2008-05-28 03:00 . 2008-05-28 03:00 4,179,293 --a------ C:\Program Files\everesthome220.exe
2008-05-28 02:50 . 2008-05-28 02:50 <DIR> d-------- C:\Program Files\RivaTuner v2.08
2008-05-28 02:27 . 2008-05-28 02:27 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-05-28 02:27 . 2008-05-28 02:27 <DIR> d-------- C:\Program Files\Futuremark
2008-05-28 02:27 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2008-05-28 02:27 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys
2008-05-27 09:38 . 2008-05-27 09:38 <DIR> d-------- C:\Program Files\Unlocker
2008-05-27 08:32 . 2008-06-02 17:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 08:32 . 2008-05-27 08:32 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Application Data\Malwarebytes
2008-05-27 08:32 . 2008-05-27 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 08:32 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-27 08:32 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-21 11:58 . 2008-05-21 11:58 <DIR> d-------- C:\Program Files\ClockGen_1.0.5.3
2008-05-21 11:54 . 2008-05-21 11:54 <DIR> d-------- C:\Program Files\PC Wizard 2008
2008-05-21 11:54 . 2008-05-21 11:54 2,770,045 --a------ C:\Program Files\PC Wizard 2008 v1.84.exe
2008-05-21 11:54 . 2007-09-15 15:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2008-05-21 11:51 . 2008-05-21 11:51 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3 Installation Files
2008-05-21 11:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-21 11:48 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-18 15:21 . 2008-06-04 05:39 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-18 13:34 . 2008-05-18 13:34 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-18 13:27 . 2008-05-18 13:27 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-05-18 13:20 . 2008-05-18 13:20 <DIR> d-------- C:\Program Files\CleanCache 3.0
2008-05-18 13:19 . 2008-05-18 13:20 1,302,325 --a------ C:\Program Files\CleanCache v3.5.exe
2008-05-18 13:17 . 2008-05-18 13:17 <DIR> d-------- C:\Program Files\PConPoint
2008-05-18 09:55 . 2008-05-18 09:55 <DIR> d-------- C:\Program Files\CCleaner
2008-05-18 09:54 . 2008-05-18 09:54 2,897,456 --a------ C:\Program Files\CCleaner v2.07.575.exe
2008-05-18 09:49 . 2008-05-18 09:50 <DIR> d-------- C:\Program Files\CrystalCPUID414
2008-05-18 09:48 . 2008-05-18 09:48 575,663 --a------ C:\Program Files\CrystalCPUID414.zip
2008-05-18 09:24 . 2008-05-01 16:02 561,152 --------- C:\WINDOWS\system32\MJ12.exe
2008-05-18 09:24 . 2007-09-14 11:53 53,248 --------- C:\WINDOWS\system32\BBInstaller.exe
2008-05-18 09:21 . 2008-05-18 09:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-18 09:21 . 2008-05-18 09:22 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-18 09:20 . 2008-05-18 09:20 <DIR> d-------- C:\Program Files\J River
2008-05-18 09:20 . 2008-05-18 09:20 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Application Data\J River
2008-05-18 09:20 . 2008-05-18 09:20 12,998,008 --a------ C:\Program Files\MediaJukebox12 (Freeware).exe
2008-05-18 09:02 . 2008-05-18 09:07 <DIR> d-------- C:\Program Files\RightMark Memory Analyzer
2008-05-18 09:00 . 2008-05-18 09:00 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-05-18 08:56 . 2008-04-13 19:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-18 08:46 . 2008-05-18 08:46 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-18 08:46 . 2008-05-18 08:46 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-18 08:46 . 2008-05-18 08:46 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-18 08:46 . 2008-05-18 08:46 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-18 08:44 . 2008-05-18 08:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-18 08:36 . 2008-04-13 19:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-05-18 08:24 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-18 08:09 . 2008-06-04 18:38 61 --a------ C:\WINDOWS\WININIT.INI
2008-05-18 08:06 . 2008-05-18 08:06 <DIR> d-------- C:\Program Files\X-Cleaner
2008-05-18 07:49 . 2008-06-04 19:01 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Application Data\Systweak
2008-05-18 07:49 . 2008-06-04 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Systweak
2008-05-18 07:45 . 2008-05-18 07:45 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-18 07:45 . 2008-05-18 08:12 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Contacts
2008-05-18 07:44 . 2008-05-18 07:45 <DIR> d-------- C:\Program Files\Windows Live
2008-05-18 07:44 . 2008-05-18 07:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-18 07:44 . 2008-05-18 07:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-18 07:24 . 2008-05-18 07:24 <DIR> d-------- C:\Program Files\RMClock
2008-05-18 07:13 . 2008-05-18 09:00 <DIR> d-------- C:\Program Files\Java
2008-05-18 07:13 . 2008-05-18 07:13 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-18 07:07 . 2008-05-18 07:09 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-18 06:50 . 2008-05-18 06:50 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-18 06:48 . 2008-05-18 06:48 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-18 06:48 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-18 06:48 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-18 06:43 . 2008-05-18 06:43 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 06:33 . 2008-06-04 05:41 <DIR> d-------- C:\Program Files\StumbleUpon
2008-05-18 06:33 . 2008-05-18 06:33 <DIR> d-------- C:\Documents and Settings\Brian Lowe\Application Data\StumbleUpon
2008-05-18 06:18 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-18 06:18 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-18 06:18 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-18 06:18 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-18 06:18 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-18 06:18 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-18 06:18 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-18 06:18 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-18 06:18 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-18 06:05 . 2008-05-18 06:05 <DIR> d--hs---- C:\Documents and Settings\Brian Lowe\UserData
2008-05-18 06:00 . 2008-05-18 06:00 13,732 --a------ C:\WINDOWS\system32\wpa.bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-05 02:32 5,553,440 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-05 02:32 293,920 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-05 02:30 82,712 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-05 02:30 30,644 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-05 02:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-30 00:08 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 19:13 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 19:13 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-28 08:56 --------- d-----w C:\Program Files\AvRack
2008-05-28 07:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 10:55 --------- d-----w C:\Documents and Settings\Brian Lowe\Application Data\MSNInstaller
2008-05-18 10:41 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-05-18 10:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-18 10:24 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-18 10:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2008-04-13 18:39 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys
2008-04-13 18:39 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 18:39 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-04_ 6.20.31.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 10:48:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 02:31:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-04 10:40:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-06-05 02:31:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2008-06-04 10:40:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-05 02:31:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-05 02:31:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-18 11:45:44 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
+ 2008-06-04 13:48:28 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2007-09-22 20:45 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 12:19 15872]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 03:10 2691072]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 07:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adi alhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 cpuz129;cpuz129;C:\Program Files\PC Wizard 2008\pcwiz32.sys [2008-01-25 12:23]
S3 SASPROT;Systweak AntiSpyware 2008;C:\Program Files\Systweak AntiSpyware\sasprot.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a25d710a-2490-11dd-8e42-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.EXE
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 21:32:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\devldr32.exe
.
************************************************** ************************
.
Completion time: 2008-06-04 21:41:50 - machine was rebooted [Brian Lowe]
ComboFix-quarantined-files.txt 2008-06-05 02:41:42
ComboFix2.txt 2008-06-05 02:02:35
ComboFix3.txt 2008-06-05 01:35:05
ComboFix4.txt 2008-06-05 00:31:33
ComboFix5.txt 2008-06-04 11:24:55
Pre-Run: 71,214,665,728 bytes free
Post-Run: 71,199,428,608 bytes free
288 --- E O F --- 2008-05-23 03:03:09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:01 PM, on 6/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\syste

Member Panel

Sponsors and Ads

Noticeboard