Avast! Success on the ComboFix! Here is the resulting ComboFix log, followed by a new HJT log:
ComboFix 09-02-19.01 - Seamonkey 2009-02-20 18:53:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1482 [GMT -6:00]
Running from: c:\documents and settings\Seamonkey\Desktop\JumbloMixer.exe
AV: Trend Micro PC-cillin Internet Security 2007 *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\cbXRJBrs.dll
c:\windows\system32\d3d8caps.dat
c:\windows\system32\drivers\UACqoiquwbp.sys
c:\windows\system32\srBJRXbc.ini
c:\windows\system32\srBJRXbc.ini2
c:\windows\system32\UACauoyiduy.dll
c:\windows\system32\UACavsdrnfk.dll
c:\windows\system32\UACjgrromet.dat
c:\windows\system32\UACjnmsfotv.dll
c:\windows\system32\UACrnreeayi.dll
c:\windows\system32\UACsmgnjyug.log
c:\windows\system32\UACwdldosnu.log
c:\windows\system32\UACxnkdylkv.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.
2009-02-20 19:38 . 2009-02-20 19:38 d--hs---- c:\documents and settings\TEMP
2009-02-19 17:40 . 2009-02-19 17:40 d-------- c:\program files\MeatBeatViralfesto
2009-02-19 12:57 . 2009-02-19 12:57 d-------- c:\documents and settings\Seamonkey\Application Data\jah
2009-02-18 01:28 . 2009-02-18 01:28 10,752 --a------ c:\windows\DCEBoot.exe
2009-02-17 18:17 . 2009-02-19 22:01 5,182 --a------ c:\windows\system32\uacinit.dll
2009-02-17 18:16 . 2009-02-17 18:16 d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-02-17 18:13 . 2009-02-17 18:13 434,202 --a------ c:\windows\system32\hjykslul.exe
2009-02-17 18:10 . 2009-02-17 18:10 7,922 --a------ c:\windows\system32\lhxhgdfq.dll
2009-02-17 18:07 . 2009-02-17 18:07 7,924 --a------ c:\windows\system32\mawptgbb.dll
2009-02-17 06:44 . 2009-02-17 06:44 7,924 --a------ c:\windows\system32\ltswpncs.dll
2009-02-17 06:05 . 2009-02-17 06:05 7,922 --a------ c:\windows\system32\dqargdkv.dll
2009-02-17 05:04 . 2009-02-17 05:04 8,412 --a------ c:\windows\system32\vtUliHxX.dll
2009-02-17 04:03 . 2009-02-17 04:03 8,412 --a------ c:\windows\system32\opnnOGvv.dll
2009-02-17 03:03 . 2009-02-17 03:03 8,412 --a------ c:\windows\system32\vtUmNDUl.dll
2009-02-17 02:02 . 2009-02-17 02:02 8,412 --a------ c:\windows\system32\mlJCrPFV.dll
2009-02-17 01:02 . 2009-02-17 01:02 8,412 --a------ c:\windows\system32\opnmKdab.dll
2009-02-17 00:01 . 2009-02-17 00:01 8,412 --a------ c:\windows\system32\ljJArpop.dll
2009-02-16 23:01 . 2009-02-16 23:01 8,412 --a------ c:\windows\system32\tuvUKAro.dll
2009-02-16 22:00 . 2009-02-16 22:00 8,412 --a------ c:\windows\system32\xxyyxuTj.dll
2009-02-16 21:00 . 2009-02-16 21:00 8,412 --a------ c:\windows\system32\byXNdBqP.dll
2009-02-16 19:59 . 2009-02-16 19:59 8,412 --a------ c:\windows\system32\geBrsRHW.dll
2009-02-16 18:59 . 2009-02-16 18:59 8,412 --a------ c:\windows\system32\tuvTkHBt.dll
2009-02-16 17:59 . 2009-02-16 17:59 8,412 --a------ c:\windows\system32\awtsQKEx.dll
2009-02-16 16:59 . 2009-02-16 16:59 8,412 --a------ c:\windows\system32\iifcDWPH.dll
2009-02-16 15:58 . 2009-02-16 15:58 8,412 --a------ c:\windows\system32\awtqoNDt.dll
2009-02-16 14:58 . 2009-02-16 14:58 8,412 --a------ c:\windows\system32\yayaYopq.dll
2009-02-16 13:57 . 2009-02-16 13:57 8,412 --a------ c:\windows\system32\hgGwXOfC.dll
2009-02-16 12:56 . 2009-02-16 12:56 8,412 --a------ c:\windows\system32\tuvUOGxw.dll
2009-02-16 11:56 . 2009-02-16 11:56 8,412 --a------ c:\windows\system32\ljJCvwus.dll
2009-02-16 10:56 . 2009-02-16 10:56 8,412 --a------ c:\windows\system32\ssqRIXNG.dll
2009-02-16 09:55 . 2009-02-16 09:55 8,412 --a------ c:\windows\system32\xxyxWpNh.dll
2009-02-16 08:54 . 2009-02-16 08:54 8,412 --a------ c:\windows\system32\jkkHYpQJ.dll
2009-02-16 07:53 . 2009-02-16 07:53 8,412 --a------ c:\windows\system32\nnnnKBUL.dll
2009-02-16 06:53 . 2009-02-16 06:53 8,412 --a------ c:\windows\system32\efcDWpqQ.dll
2009-02-16 05:52 . 2009-02-16 05:52 8,412 --a------ c:\windows\system32\iiffDwvU.dll
2009-02-16 04:51 . 2009-02-16 04:51 8,412 --a------ c:\windows\system32\hgGvspNH.dll
2009-02-16 03:50 . 2009-02-16 03:50 8,412 --a------ c:\windows\system32\wvUnMghe.dll
2009-02-16 02:50 . 2009-02-16 02:50 8,412 --a------ c:\windows\system32\urqPhIyx.dll
2009-02-16 01:49 . 2009-02-16 01:49 8,412 --a------ c:\windows\system32\cbXNFvwu.dll
2009-02-16 00:49 . 2009-02-16 00:49 8,412 --a------ c:\windows\system32\rqRIxxwx.dll
2009-02-15 23:48 . 2009-02-15 23:48 8,412 --a------ c:\windows\system32\awtqRKay.dll
2009-02-15 22:47 . 2009-02-15 22:47 8,412 --a------ c:\windows\system32\urqPhfff.dll
2009-02-15 21:47 . 2009-02-15 21:47 8,412 --a------ c:\windows\system32\yaywxWoM.dll
2009-02-15 20:47 . 2009-02-15 20:47 8,412 --a------ c:\windows\system32\iiffGVLc.dll
2009-02-15 20:42 . 2009-02-15 20:42 7,812 --a------ c:\windows\system32\cbXoMDsS.dll
2009-02-15 20:41 . 2009-02-15 20:41 36,352 --a------ c:\windows\system32\opnMcDst.dll
2009-02-13 15:12 . 2009-02-13 15:12 d-------- c:\program files\Arturia
2009-02-13 15:01 . 2009-02-13 15:02 d-------- c:\windows\system32\NtmsData
2009-01-29 21:08 . 2009-01-29 21:08 d-------- c:\documents and settings\Seamonkette\PrivacIE
2009-01-29 21:08 . 2009-01-29 21:08 d-------- c:\documents and settings\Seamonkette\IETldCache
2009-01-29 19:43 . 2009-01-29 19:43 d--hs---- c:\documents and settings\Seamonkey\IECompatCache
2009-01-29 19:40 . 2009-01-29 19:40 d--hs---- c:\documents and settings\Seamonkey\IETldCache
2009-01-28 18:41 . 2009-01-28 18:41 d-------- c:\program files\WinAVI Video Converter
2009-01-28 09:28 . 2009-01-28 09:28 d-------- c:\program files\Maxtor
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 19:06 --------- d-----w c:\program files\Viewpoint
2009-02-19 19:00 --------- d-----w c:\documents and settings\Seamonkey\Application Data\Viewpoint
2009-02-19 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-19 18:56 --------- d-----w c:\program files\MemoriesOnTV3
2009-02-19 00:15 --------- d-----w c:\program files\BearShare
2009-02-19 00:05 --------- d-----w c:\documents and settings\Seamonkey\Application Data\DNA
2009-02-18 20:15 --------- d-----w c:\program files\PeerGuardian2
2009-02-18 20:14 --------- d-----w c:\program files\DNA
2009-02-18 18:26 --------- d-----w c:\program files\MSTpscre
2009-02-18 00:14 --------- d-----w c:\documents and settings\Seamonkey\Application Data\Walgreens
2009-02-13 15:06 --------- d-----w c:\program files\FileZilla FTP Client
2009-01-28 15:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-27 18:41 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-25 01:20 251 ----a-w c:\windows\Fonts\Lambda ASIO Debug.txt
2009-01-13 16:21 --------- d-----w c:\program files\Amazon
2009-01-06 16:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-06 16:06 --------- d-----w c:\program files\JRE
2008-12-26 01:16 --------- d-----w c:\program files\NewBlue
2008-12-26 00:55 --------- d-----w c:\program files\Sony
2008-12-26 00:52 --------- d-----w c:\program files\Vstplugins
2008-12-26 00:52 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-12-24 04:07 --------- d-----w c:\program files\Philips
2008-07-06 00:39 382,300,952 ----a-w c:\program files\gc_w01_ENU.exe
2007-05-02 03:16 87,608 ----a-w c:\documents and settings\Seamonkey\Application Data\ezpinst.exe
2007-05-02 03:16 47,360 ----a-w c:\documents and settings\Seamonkey\Application Data\pcouffin.sys
2008-08-05 02:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080805\index.dat
2008-09-24 00:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092320080924\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-12-29 3429904]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Seamonkey^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Seamonkey\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-01-15 16:14 147456 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-16 10:37 342848 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 10:08 397312 c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 04:42 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-07-17 10:03 868352 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDBitSet]
--------- 2003-12-18 15:37 184320 c:\program files\HP DVD\Umbrella\DVDBitSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
--------- 2004-09-03 11:14 57344 c:\program files\HP DVD\Umbrella\DVDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a------ 2008-07-21 16:54 169312 c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-04 17:14 8491008 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-04 17:14 81920 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
--a------ 2007-01-30 00:39 1432064 c:\program files\PeerGuardian2\pg2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-04 10:11 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-11-10 12:23 157312 c:\program files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 04:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-04 17:14 1626112 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-05-18 00:27 16207872 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 04:04 2879488 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steinberg\\Cubase LE\\Cubasele.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AT&T_Homezone\\mediascout.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-08-04 2368]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-09-16 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-09-16 288848]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-12-29 480784]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-12-29 943696]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-12-29 566872]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-01 17920]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [2007-05-06 10880]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-01-06 18432]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Launch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22eda8f3-17e2-11dd-853d-0016178f9eb0}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{233f9399-0769-11dd-8538-0016178f9eb0}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ed83fb4-ab84-11dc-8517-0016178f9eb0}]
\Shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ed83fb5-ab84-11dc-8517-0016178f9eb0}]
\Shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b855cdee-d170-11dd-85b9-0016178f9eb0}]
\Shell\AutoRun\command - G:\Nextar.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4476d3-bb3a-11dc-8519-0016178f9eb0}]
\Shell\AutoRun\command - G:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2009-02-21 c:\windows\Tasks\User_Feed_Synchronization-{EAF954AA-1768-4486-8480-FC91C7A949A5}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
- - - - ORPHANS REMOVED - - - -
BHO-{A91D5358-6BC0-4E19-868A-57EA09C33F8A} - c:\windows\system32\cbXRJBrs.dll
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
Notify-kq - (no file)
MSConfigStartUp-PRISMSVR - c:\windows\system32\PRISMSVR.EXE
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Seamonkey\Application Data\Mozilla\Firefox\Profiles\sv2m9t76.default\
FF - component: c:\documents and settings\Seamonkey\Application Data\Mozilla\Firefox\Profiles\sv2m9t76.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 20:43:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,1d,6f,58,aa,31,
e0,a4,42,e2,63,26,f1,3f,c8,ff,68,2b,c2,f9,06,43,1f,83,52,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,ae,b5,dd,e5,ec,
8f,05,c8,6a,9c,d6,61,af,45,84,18,9a,00,39,18,a4,3d,f6,3d,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,a6,34,44,24,94,
05,52,c9,ff,7c,85,e0,43,d4,0e,fe,72,f9,6e,54,15,00,09,47,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,63,87,b2,f6,75,
43,51,7b,86,8c,21,01,be,91,eb,e7,34,91,c6,53,17,9d,f4,1b,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e9,e9,11,32,a2,
7c,51,5f,f5,1d,4d,73,a8,13,5c,05,3e,12,e4,d0,b1,2e,ff,be,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,4f,0e,78,44,00,
de,2b,9e,df,20,58,62,78,6b,cf,c8,13,c6,80,e3,ac,dd,c9,44,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,34,35,e7,f9,f0,
98,c1,57,fb,a7,78,e6,12,2f,9a,ea,23,d8,2d,76,2a,a1,ea,11,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,bf,46,22,7f,a0,
34,c5,6d,01,3a,48,fc,e8,04,4a,f1,7e,c1,db,88,36,03,58,33,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,cb,9d,12,15,e5,
00,0e,d4,f6,0f,4e,58,98,5b,89,c9,72,0f,dc,50,fd,7e,4f,17,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,60,f7,00,73,94,
75,56,da,3d,ce,ea,26,2d,45,aa,78,89,2d,19,91,de,cd,3d,2a,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,d7,6c,6f,84,8f,
19,a1,c1,2a,b7,cc,b5,b9,7f,41,e7,4b,6e,bd,3a,f6,b7,ac,c3,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,f5,55,c8,3d,5c,
71,e1,fb,6c,43,2d,1e,aa,22,2f,9c,ca,e5,94,30,f1,a2,d0,ea,6c,43,2d,1e,aa,22,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RioMSC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Zune\ZuneNss.exe
.
**************************************************************************
.
Completion time: 2009-02-20 20:47:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-21 02:47:22
Pre-Run: 15,055,175,680 bytes free
Post-Run: 29,306,613,760 bytes free
352 --- E O F --- 2009-02-12 09:04:26
Now the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:54 PM, on 2/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Seamonkey\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
--
End of file - 6268 bytes
Crunchie, you're a saint to provide all this help!
