Thanks guys,
I know you're busy so i appreciate all the help i get.avast has found 37 viruses in the last day and a half.Thanks again
ComboFix 08-06-20.4 - mark robinson 2008-06-29 9:41:14.10 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.102 [GMT 1:00]
Running from: C:\Documents and Settings\mark robinson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\mark robinson\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\kmd.exe
C:\WINDOWS\BM22032fdd.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aevgpthp.ini
C:\WINDOWS\system32\cfNVxGgh.ini
C:\WINDOWS\SYSTEM32\cfNVxGgh.ini2
C:\WINDOWS\system32\ekagypdf.ini
C:\WINDOWS\system32\fqxegxuj.ini
C:\WINDOWS\system32\ixwjuffj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlholoiu.dll
C:\WINDOWS\system32\plwaocre.ini
C:\WINDOWS\system32\ppsru.ini
C:\WINDOWS\system32\rcyupaji.ini
C:\WINDOWS\system32\ryxebnlc.ini
C:\WINDOWS\system32\wvfwcabg.ini
C:\WINDOWS\system32\xurmpnkw.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2027-04-22 19:40 . 2027-04-22 19:40 <DIR> d-------- C:\Program Files\winmx
2027-02-13 21:53 . 2027-02-13 21:53 3,120 --a------ C:\WINDOWS\MF_C425.lfa
2027-02-13 21:53 . 2027-02-13 21:53 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2027-02-13 21:53 . 2027-02-13 21:53 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2027-02-09 19:23 . 2007-07-03 21:48 408 --a------ C:\WINDOWS\wininit.ini
2027-02-07 20:26 . 2027-02-07 20:26 <DIR> d--h----- C:\WINDOWS\$xpsp1hfm$
2027-02-07 00:37 . 2027-02-07 00:37 <DIR> d-------- C:\WINDOWS\Motive
2027-02-07 00:35 . 2027-02-07 00:35 <DIR> d-------- C:\Program Files\Common Files\Motive
2027-02-06 14:25 . 2001-11-06 08:06 15,399 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\netmotcm.sys
2026-04-09 19:09 . 1995-10-06 00:00 398,416 --------- C:\WINDOWS\SYSTEM32\VBRUN300.DLL
2026-04-09 19:09 . 1996-06-14 20:32 393,728 --------- C:\WINDOWS\SYSTEM32\MSVCRTD.DLL
2026-04-09 19:09 . 1995-07-31 13:44 212,480 --------- C:\WINDOWS\SYSTEM32\PCDLIB32.DLL
2026-04-09 19:09 . 1995-12-19 10:35 37,376 --------- C:\WINDOWS\SYSTEM32\VEN2232.OLB
2026-03-02 01:29 . 2026-03-02 01:29 3 --a------ C:\WINDOWS\dialer.ini
2026-02-11 13:54 . 2027-02-17 19:14 253 --a------ C:\WINDOWS\e-maxMgr.INI
2026-02-08 18:03 . 2004-08-04 06:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2026-02-08 18:03 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2026-02-08 18:03 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\dllcache\mouhid.sys
2026-02-08 18:01 . 2004-08-04 07:08 36,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidclass.sys
2026-02-08 18:01 . 2004-08-04 07:08 24,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidparse.sys
2026-02-08 18:01 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2026-02-08 18:01 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\dllcache\hidusb.sys
2026-02-08 18:00 . 2026-02-08 18:00 <DIR> d-------- C:\Program Files\Saitek
2026-02-08 18:00 . 2002-01-05 12:40 487,424 --a------ C:\WINDOWS\SYSTEM32\msvcp70.dll
2026-02-08 18:00 . 2002-01-05 12:37 344,064 --a------ C:\WINDOWS\SYSTEM32\msvcr70.dll
2026-02-08 18:00 . 2002-08-22 11:13 102,400 --a------ C:\WINDOWS\SYSTEM32\SaiCfg.dll
2026-02-08 18:00 . 2002-08-22 11:21 102,400 --a------ C:\WINDOWS\SYSTEM32\NX.exe
2026-02-08 18:00 . 2002-01-05 11:18 84,992 --a------ C:\WINDOWS\SYSTEM32\atl70.dll
2026-02-08 18:00 . 2002-08-22 07:24 45,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SaiNtHid.sys
2026-02-08 18:00 . 2002-08-22 07:23 23,168 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SaiNtBus.sys
2026-02-08 18:00 . 2002-08-22 07:24 19,456 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\saintsub.sys
2026-02-08 18:00 . 2002-08-22 07:23 16,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SaiMini.sys
2026-01-27 23:38 . 2026-01-27 23:38 <DIR> d-------- C:\WINDOWS\LogFiles
2026-01-27 21:57 . 2026-01-27 21:57 <DIR> d-------- C:\Program Files\Common Files\EPSON
2026-01-27 21:57 . 2001-08-23 01:04 139,264 --a------ C:\WINDOWS\SYSTEM32\EBAPI2.dll
2026-01-27 21:56 . 2026-01-27 21:56 <DIR> d-------- C:\Program Files\EPSON
2026-01-27 21:56 . 2002-02-14 02:20 68,748 --a------ C:\WINDOWS\SYSTEM32\EBPMON2.DLL
2026-01-27 21:56 . 2001-11-21 02:22 56,832 --a------ C:\WINDOWS\SYSTEM32\ECBTEG.DLL
2026-01-27 21:56 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\SYSTEM32\EBPCHP.DLL
2026-01-27 21:56 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\SYSTEM32\EBPPORT.DAT
2026-01-27 21:49 . 1999-12-01 23:31 10,000 --a------ C:\WINDOWS\SYSTEM32\KSVPINTF.AX
2026-01-27 21:49 . 1999-12-01 23:30 7,952 --a------ C:\WINDOWS\SYSTEM32\KSINTERF.AX
2026-01-27 21:49 . 1999-12-01 23:31 7,440 --a------ C:\WINDOWS\SYSTEM32\KSCLOCKF.AX
2026-01-27 21:49 . 1999-12-01 23:30 6,928 --a------ C:\WINDOWS\SYSTEM32\KSDATA.AX
2026-01-27 21:31 . 2004-08-04 08:56 294,912 --a------ C:\WINDOWS\SYSTEM32\msh263.drv
2026-01-27 21:31 . 2004-08-04 08:56 53,760 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll
2026-01-27 21:31 . 2004-08-04 08:56 47,616 --a------ C:\WINDOWS\SYSTEM32\iyuv_32.dll
2026-01-27 21:31 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\SYSTEM32\tsbyuv.dll
2026-01-27 21:31 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\SYSTEM32\dllcache\tsbyuv.dll
2026-01-27 21:26 . 2001-03-13 09:37 153,355 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dgmax50v.sys
2026-01-27 21:26 . 2001-02-21 05:31 12,277 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\DGMAX50B.SYS
2026-01-27 21:21 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2026-01-27 21:11 . 2026-01-27 21:11 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2026-01-27 21:11 . 2026-01-27 21:11 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2026-01-27 21:11 . 2002-09-12 18:26 21,630 --a------ C:\WINDOWS\netflix.ico
2026-01-27 21:11 . 2002-09-12 18:26 7,358 --a------ C:\WINDOWS\DirectTVIcon.ico
2026-01-27 21:09 . 2000-09-25 00:54 69,632 --a------ C:\WINDOWS\SYSTEM32\GkSui18.EXE
2026-01-27 20:50 . 2026-01-27 20:50 <DIR> d-------- C:\Program Files\coverXP
2026-01-27 20:50 . 2026-01-27 20:50 738 --a------ C:\WINDOWS\cdc_mods.ini
2026-01-27 20:49 . 2026-01-27 20:48 532,480 --------- C:\WINDOWS\SYSTEM32\imagx5.dll
2026-01-27 20:49 . 2026-01-27 20:48 507,904 --------- C:\WINDOWS\SYSTEM32\imagr5.dll
2026-01-27 20:49 . 2026-01-27 20:48 275,312 --------- C:\WINDOWS\SYSTEM32\ImagXpr5.dll
2026-01-27 20:49 . 2026-01-27 20:48 106,496 --------- C:\WINDOWS\SYSTEM32\TwnLib20.dll
2026-01-27 20:49 . 2026-01-27 20:49 49,152 --------- C:\WINDOWS\SYSTEM32\MultiSZ.dll
2026-01-27 20:49 . 2026-01-27 20:48 35,328 --------- C:\WINDOWS\SYSTEM32\picn20.dll
2026-01-27 20:25 . 2026-01-27 20:25 <DIR> d--hs---- C:\Documents and Settings\mark robinson\UserData
2026-01-27 20:16 . 2026-01-27 20:16 <DIR> d--hs---- C:\Recycled
2026-01-27 19:43 . 2026-01-27 19:43 <DIR> d---s---- C:\WINDOWS\SYSTEM32\Microsoft
2026-01-27 19:43 . 2026-01-27 19:43 <DIR> d--hs---- C:\WINDOWS\Installer
2026-01-27 19:41 . 2026-01-27 19:41 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2026-01-27 19:38 . 2001-08-18 12:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\dllcache\msir3jp.lex
2026-01-27 19:37 . 2001-08-18 12:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2026-01-27 19:36 . 2026-01-27 19:36 <DIR> d-------- C:\WINDOWS\SYSTEM32\xircom
2026-01-27 19:36 . 2026-01-27 19:36 <DIR> d-------- C:\Program Files\microsoft frontpage
2026-01-27 19:35 . 2026-01-27 19:35 152,576 --a------ C:\WINDOWS\SYSTEM32\migicons.exe
2026-01-27 19:34 . 2026-01-27 19:34 299,552 --a------ C:\WINDOWS\WMSysPrx.prx
2026-01-27 19:34 . 2026-01-27 19:43 25,065 --a------ C:\WINDOWS\SYSTEM32\wmpscheme.xml
2026-01-27 19:34 . 2007-03-19 15:12 23,392 --a------ C:\WINDOWS\SYSTEM32\nscompat.tlb
2026-01-27 19:34 . 2007-03-19 15:12 16,832 --a------ C:\WINDOWS\SYSTEM32\amcompat.tlb
2026-01-27 19:34 . 2008-06-28 13:39 2,626 --a------ C:\WINDOWS\SYSTEM32\CONFIG.NT
2026-01-27 19:32 . 2026-01-27 19:32 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2026-01-27 19:32 . 2026-01-27 19:32 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2026-01-27 19:32 . 2026-01-27 19:32 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2026-01-27 19:32 . 2026-01-27 19:32 749 -rah----- C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
2026-01-27 19:32 . 2026-01-27 19:32 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2026-01-27 19:32 . 2026-01-27 19:32 749 -rah----- C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest
2026-01-27 19:32 . 2026-01-27 19:32 488 -rah----- C:\WINDOWS\SYSTEM32\WindowsLogon.manifest
2026-01-27 19:32 . 2026-01-27 19:32 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2026-01-27 19:31 . 2026-01-27 19:31 <DIR> d-------- C:\WINDOWS\srchasst
2026-01-27 19:31 . 2001-08-18 12:00 4,399,505 --a------ C:\WINDOWS\SYSTEM32\dllcache\nls302en.lex
2026-01-27 19:31 . 2001-08-18 12:00 520,192 --a------ C:\WINDOWS\SYSTEM32\dllcache\wmpvis.dll
2026-01-27 19:31 . 2007-03-29 12:56 409,600 --a------ C:\WINDOWS\SYSTEM32\qmgr.dll
2026-01-27 19:31 . 2001-08-18 12:00 319,551 --a------ C:\WINDOWS\SYSTEM32\dllcache\wmmres.dll
2026-01-27 19:31 . 2001-08-18 12:00 163,906 --a------ C:\WINDOWS\SYSTEM32\dllcache\wmmutil.dll
2026-01-27 19:31 . 2001-08-18 12:00 110,657 --a------ C:\WINDOWS\SYSTEM32\dllcache\wmmfilt.dll
2026-01-27 19:29 . 2026-01-27 19:29 21,640 --a------ C:\WINDOWS\SYSTEM32\emptyregdb.dat
2026-01-27 19:29 . 2026-01-27 19:29 37 --a------ C:\WINDOWS\vbaddin.ini
2026-01-27 19:29 . 2026-01-27 19:29 36 --a------ C:\WINDOWS\vb.ini
2026-01-27 19:27 . 2026-01-27 19:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\Com
2026-01-27 19:21 . 2006-06-14 08:47 172,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys
2026-01-27 19:21 . 2006-02-15 00:22 142,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys
2026-01-27 19:21 . 2006-06-14 09:00 82,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys
2026-01-27 19:21 . 2004-08-04 07:15 60,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys
2026-01-27 19:21 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys
2026-01-27 19:21 . 2004-08-04 07:07 52,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\DMusic.sys
2026-01-27 19:21 . 2006-06-14 08:47 6,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2026-01-27 19:21 . 2004-08-04 07:07 2,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys
2026-01-27 19:20 . 2004-08-04 06:59 57,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2026-01-27 19:20 . 2004-08-04 07:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2026-01-27 19:20 . 2001-08-17 13:59 3,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\audstub.sys
2026-01-27 19:19 . 2001-08-17 12:20 297,728 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ac97sis.sys
2026-01-27 19:19 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\SYSTEM32\sis300iv.dll
2026-01-27 19:19 . 2004-08-04 07:15 145,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys
2026-01-27 19:19 . 2001-08-17 12:50 101,760 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sis300ip.sys
2026-01-27 19:19 . 2004-08-04 08:56 74,240 --a------ C:\WINDOWS\SYSTEM32\usbui.dll
2026-01-27 19:19 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\s3legacy.dll
2026-01-27 19:19 . 2001-08-17 13:57 65,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\s3legacy.sys
2026-01-27 19:19 . 2004-08-04 07:07 60,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys
2026-01-27 19:19 . 2004-08-04 07:08 10,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys
2026-01-27 19:18 . 2001-08-17 14:56 198,400 --a------ C:\WINDOWS\SYSTEM32\s3sav4.dll
2026-01-27 19:18 . 2001-08-17 12:50 77,824 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\s3sav4m.sys
2026-01-27 19:18 . 2004-08-04 07:07 41,088 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys
2026-01-27 19:18 . 2001-08-17 12:12 16,074 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\FA312nd5.sys
2026-01-27 19:15 . 2026-01-27 19:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot2
2026-01-27 19:15 . 2026-01-27 19:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2026-01-26 20:26 93,271 ----a-w C:\WINDOWS\JAVA\Packages\YKGZ9N13.ZIP
2026-01-26 20:26 558,142 ----a-w C:\WINDOWS\JAVA\Packages\WNDBZPVL.ZIP
2026-01-26 20:26 266 --sh--w C:\Program Files\desktop.ini
2008-06-28 18:47 8,187 ----a-w C:\Program Files\hijackthis.log
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 22:29 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
2008-05-06 13:44 --------- d-----w C:\Program Files\CCleaner
2008-04-23 21:16 3,591,680 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2007-06-28 13:36 401,720 ----a-w C:\Program Files\HijackThis.exe
2008-01-16 18:15 2 --sha-r C:\WINDOWS\winstart.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Sl owFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-26 03:34 8460288 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"BM22032fdd"="C:\WINDOWS\system32\hjyvonkd.dll " [ ]
C:\Documents and Settings\mark robinson\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 22:32:57 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"VIDC.AP41"= APmpg4v1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^blueyonder Instant Support Tool.lnk]
backup=C:\WINDOWS\pss\blueyonder Instant Support Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^mark robinson^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2008-03-18 21:24 587568 C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cosmi Firewall]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series]
--a------ 2002-02-19 03:03 74240 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series (Copy 1)]
--a------ 2002-02-19 03:03 74240 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSearch]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scrnsize]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sncntr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyBlocs]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 17:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\websx]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"StarWindService"=2 (0x2)
"EPSONStatusAgent2"=2 (0x2)
"dvpapi"=2 (0x2)
"CLTNetCnService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-05-16 00:16]
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 12:12]
R3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\ s3sav4m.sys [2001-08-17 12:50]
R3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiN tBus.sys [2002-08-22 07:23]
S2 MXBULK
igimax50 Duo Still Mode;C:\WINDOWS\system32\Drivers\DGMAX50B.SYS [2001-02-21 05:31]
S2 MXCap
igimax50 Duo Video Mode;C:\WINDOWS\system32\Drivers\DGMAX50V.SYS [2001-03-13 09:37]
S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3le gacy.sys [2001-08-17 13:57]
S3 SaiNtHid;SaiNtHid;C:\WINDOWS\system32\DRIVERS\SaiN tHid.sys [2002-08-22 07:24]
S3 SaiNtSub;SaiNtSub;C:\WINDOWS\system32\DRIVERS\SaiN tSub.sys [2002-08-22 07:24]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-19 10:18:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-27 13:38:34 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-29 09:56:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\SFCTLCOM.EXE
C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICE.EXE
C:\WINDOWS\SYSTEM32\UASERVICE7.EXE
C:\PROGRAM FILES\TREND MICRO\BM\TMBMSRV.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2008-06-29 10:03:00 - machine was rebooted [mark robinson]
ComboFix2.txt 2008-02-28 22:35:46
ComboFix-quarantined-files.txt 2008-06-29 09:02:24
Pre-Run: 1,782,841,344 bytes free
Post-Run: 1,772,257,280 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
314 --- E O F --- 2008-06-28 12:16:19
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08, on 2008-06-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BM22032fdd] Rundll32.exe "C:\WINDOWS\system32\hjyvonkd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) -
http://catalog.update.microsoft.com/...?1187797378184
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsu...?1153278426357
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1163715586482
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
http://www.blueyonder.co.uk/assets/t...ivePreQual.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
--
End of file - 7569 bytes
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
Somebody PLEASE HELP!!loadsa Viruses
Somebody PLEASE HELP!!loadsa Viruses
Re: Somebody PLEASE HELP!!loadsa Viruses
