0

I was running Spyware Doctor on my computer and it came across virtumonde. I told it t remove all traces and while it was removing a blue screen came up that mentioned an error with winlogon.exe. Every program that I've used to remove this virus ended up with the blue screen.

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:30:12 PM, on 12/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\csml.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\trkwksvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\qwhjsbus.exe
C:\Documents and Settings\Kris\Desktop\ht.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\csrml.exe
O2 - BHO: (no name) - {119E0F4A-CC2D-4040-9195-2DE9635A6356} - C:\WINDOWS\System32\awvtt.dll
O2 - BHO: {092e52db-278d-7af9-98f4-6ce29cddd094} - {490dddc9-2ec6-4f89-9fa7-d872bd25e290} - C:\WINDOWS\System32\faqprefn.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\ddcyvtt.dll
O2 - BHO: (no name) - {96E40B28-6305-4F0A-AAF5-DD57114999DB} - C:\WINDOWS\System32\mljgf.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DC276C01-97F0-44C6-B24F-062E8096C896} - C:\WINDOWS\System32\mlljk.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [EzButton] "C:\Program Files\EzButton\EzButton.EXE"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "G:\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O20 - Winlogon Notify: ddcyvtt - C:\WINDOWS\SYSTEM32\ddcyvtt.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Windows Client/Server Management Layer (CSML) - Unknown owner - C:\WINDOWS\system32\csml.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\qwhjsbus.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Local Service - Unknown owner - C:\WINDOWS\chfmon.exe (file missing)
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Microsoft Hosting Services - Unknown owner - C:\WINDOWS\System32\dllcache\mshosting.exe (file missing)
O23 - Service: msn_live - Unknown owner - C:\WINDOWS\msn_live.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe (file missing)

Any help would be much appreciated.

2
Contributors
10
Replies
11
Views
9 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to Daniweb forums :).

==

Please follow the instructions found here; http://www.daniweb.com/forums/thread83821.html

==

Please download ComboFix by sUBs from HERE or HERE

  • Save it to your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

    "%userprofile%\desktop\ComboFix.exe" /KillAll

    [IMG]http://i5.photobucket.com/albums/y153/crunchie1/RunBox_KillAll.jpg[/IMG]

  • Click OK and this will start ComboFix.
  • When finished, it will produce a log. Please save that log to a Notepad File and include it in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* Re-enable all the programs that were disabled prior to the running of ComboFix.

* Post the following logs/Reports:


  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

Okay i did exactly as you said and here are the files:

ComboFix 07-12-07.3 - Kris 2007-12-07 22:13:41.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.1.1252.1.1033.18.196 [GMT -8:00]
Running from: C:\Documents and Settings\Kris\desktop\ComboFix.exe
Command switches used :: /KillAll
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\bwdofwpk.dll
C:\Documents and Settings\Kris\Application Data\ezpinst.log
C:\Program Files\Common Files\{38878~1
C:\Program Files\Common Files\{38878~1\Uninst.exe
C:\Program Files\Common Files\{58878~1
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\asks~1\?asks\
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\crosof~1\??crosoft\
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\curity~1\??curity\
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\java\ntp2.ini
C:\WINDOWS\system32\1.txt
C:\WINDOWS\system32\2.txt
C:\WINDOWS\system32\appatc~1
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\components
C:\WINDOWS\system32\ddcyvtt.dll
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\eidafbpq.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\faqprefn.dll
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.ini2
C:\WINDOWS\system32\hrhrxmlm.dll
C:\WINDOWS\system32\javas.exe
C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\katzppd.exe
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mlmxrhrh.ini
C:\WINDOWS\system32\msvdprqe
C:\WINDOWS\system32\msvdprqe\bg1.gif
C:\WINDOWS\system32\msvdprqe\bgtop.gif
C:\WINDOWS\system32\msvdprqe\bottom1.gif
C:\WINDOWS\system32\msvdprqe\essentials.gif
C:\WINDOWS\system32\msvdprqe\icon1.ico
C:\WINDOWS\system32\msvdprqe\install1.gif
C:\WINDOWS\system32\msvdprqe\left1.gif
C:\WINDOWS\system32\msvdprqe\li.gif
C:\WINDOWS\system32\msvdprqe\logo.gif
C:\WINDOWS\system32\msvdprqe\main.htm
C:\WINDOWS\system32\msvdprqe\mainframe.htm
C:\WINDOWS\system32\msvdprqe\msvdprqe1.exe
C:\WINDOWS\system32\msvdprqe\msvdprqe2.exe
C:\WINDOWS\system32\msvdprqe\msvdprqe3.exe
C:\WINDOWS\system32\msvdprqe\reinstall1.gif
C:\WINDOWS\system32\msvdprqe\right1.gif
C:\WINDOWS\system32\msvdprqe\s1.htm
C:\WINDOWS\system32\msvdprqe\s2.htm
C:\WINDOWS\system32\msvdprqe\s3.htm
C:\WINDOWS\system32\msvdprqe\SMTop1.gif
C:\WINDOWS\system32\msvdprqe\SMTop2.gif
C:\WINDOWS\system32\msvdprqe\SMTop3.gif
C:\WINDOWS\system32\msvdprqe\SMTop4.gif
C:\WINDOWS\system32\msvdprqe\soft1_off.gif
C:\WINDOWS\system32\msvdprqe\soft1_off_ext.gif
C:\WINDOWS\system32\msvdprqe\soft1_on.gif
C:\WINDOWS\system32\msvdprqe\soft1_on_ext.gif
C:\WINDOWS\system32\msvdprqe\soft2_off.gif
C:\WINDOWS\system32\msvdprqe\soft2_off_ext.gif
C:\WINDOWS\system32\msvdprqe\soft2_on.gif
C:\WINDOWS\system32\msvdprqe\soft2_on_ext.gif
C:\WINDOWS\system32\msvdprqe\soft3_off.gif
C:\WINDOWS\system32\msvdprqe\soft3_off_ext.gif
C:\WINDOWS\system32\msvdprqe\soft3_on.gif
C:\WINDOWS\system32\msvdprqe\soft3_on_ext.gif
C:\WINDOWS\system32\msvdprqe\softbottom_off.gif
C:\WINDOWS\system32\msvdprqe\softbottom_on.gif
C:\WINDOWS\system32\msvdprqe\softleft_off.gif
C:\WINDOWS\system32\msvdprqe\softleft_on.gif
C:\WINDOWS\system32\msvdprqe\top1.gif
C:\WINDOWS\system32\msvdprqe\top2.gif
C:\WINDOWS\system32\msvdprqe\turnoff1.gif
C:\WINDOWS\system32\msvdprqe\turnon1.gif
C:\WINDOWS\system32\oTt02e
C:\WINDOWS\system32\qpbfadie.dll
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.bak2
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\ttvwa.tmp
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z2
C:\WINDOWS\tsks~1

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NET_AGENT
-------\DomainService


(((((((((((((((((((((((((   Files Created from 2007-11-08 to 2007-12-08  )))))))))))))))))))))))))))))))
.

2007-12-07 20:15 . 2007-12-07 20:15 <DIR>    d--------   C:\Documents and Settings\Kris\.housecall6.6
2007-12-07 20:14 . 2007-12-07 20:14 172,032 --a------   C:\WINDOWS\system32\wmsoft47850.exe
2007-12-07 20:14 . 2007-12-07 20:14 79  --a------   C:\WINDOWS\system32\i
2007-12-05 18:59 . 2007-12-05 18:59 213,504 --a------   C:\WINDOWS\system32\wmsoft74468.exe
2007-12-05 18:13 . 2007-12-05 18:13 172,032 --a------   C:\WINDOWS\system32\wmsoft62428.exe
2007-12-04 22:58 . 2003-08-25 18:06 182,880 --a------   C:\WINDOWS\system32\iuengine.dll
2007-12-04 22:58 . 2003-08-25 18:06 182,880 --a--c---   C:\WINDOWS\system32\dllcache\iuengine.dll
2007-12-04 22:04 . 2007-12-04 22:06 213,504 --a------   C:\WINDOWS\system32\wmsoft60042.exe
2007-11-30 22:32 . 2007-11-30 22:32 213,504 --a------   C:\WINDOWS\system32\wmsoft54812.exe
2007-11-30 21:28 . 2007-11-30 21:28 <DIR>    d--------   C:\WINDOWS\SDFIX
2007-11-20 21:51 . 2007-11-20 21:51 <DIR>    d--------   C:\Documents and Settings\Kris\Application Data\vlc
2007-11-20 21:39 . 2007-11-20 21:39 <DIR>    d--------   C:\videooutput
2007-11-20 21:39 . 2007-03-07 00:45 3,086,336   --a------   C:\WINDOWS\system32\NCMedia.dll
2007-11-20 21:39 . 2007-03-07 00:45 3,086,336   --a------   C:\WINDOWS\system32\flvvideo.dll
2007-11-20 21:39 . 2006-11-01 14:52 765,952 --a------   C:\WINDOWS\system32\xvidcore.dll
2007-11-20 21:39 . 2007-02-25 15:36 383,238 --a------   C:\WINDOWS\system32\libmp3lame-0.dll
2007-11-20 20:40 . 2007-11-20 20:40 <DIR>    d--------   C:\WINDOWS\FLV Player
2007-11-13 23:25 . 2007-11-13 23:26 213,504 --a------   C:\WINDOWS\system32\wmsoft72204.exe
2007-11-13 18:32 . 2007-11-13 18:32 213,504 --a------   C:\WINDOWS\system32\wmsoft82482.exe
2007-11-13 17:26 . 2007-11-13 17:26 213,504 --a------   C:\WINDOWS\system32\wmsoft66286.exe
2007-11-09 15:47 . 2007-11-09 15:47 <DIR>    d--------   C:\Program Files\7-Zip
2007-11-09 15:37 . 2007-11-09 21:41 113,482 --a------   C:\WINDOWS\ldapdamonn.exe
2007-11-08 18:15 . 2007-12-08 21:55 143 --a------   C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 06:09    ---------   d-----w C:\Documents and Settings\Kris\Application Data\uTorrent
2007-12-08 03:59    ---------   d-----w C:\Program Files\InCode Solutions
2007-11-08 02:16    113,482 ----a-w C:\WINDOWS\navaupgi.exe
2007-11-08 01:27    113,482 ----a-w C:\WINDOWS\navaupgv.exe
2007-11-07 06:03    113,482 ----a-w C:\WINDOWS\avirtolp.exe
2007-11-07 06:01    113,482 ----a-w C:\WINDOWS\javirtolp.exe
2007-11-07 02:45    113,482 ----a-w C:\WINDOWS\javirtopl.exe
2007-11-06 06:26    113,682 ----a-w C:\WINDOWS\navaupgj.exe
2007-11-06 05:57    ---------   d-----w C:\Program Files\Ypmbqxze
2007-11-06 02:47    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2007-11-06 02:32    148,622 ----a-w C:\Documents and Settings\Kris\p4ck.exe
2007-10-27 00:20    113,537 ----a-w C:\WINDOWS\tftpdf.exe
2007-10-26 01:28    213,504 --sh--r C:\WINDOWS\trkwksvc.exe
2007-10-25 21:58    ---------   d-----w C:\Documents and Settings\Kris\Application Data\Apple Computer
2007-10-25 02:53    114,131 ----a-w C:\WINDOWS\tftp2.exe
2007-10-25 02:07    114,131 ----a-w C:\WINDOWS\tftp1.exe
2007-10-25 01:34    114,131 ----a-w C:\WINDOWS\tftp3.exe
2007-10-25 01:04    114,130 ----a-w C:\WINDOWS\windef32.exe
2007-10-25 00:26    114,130 ----a-w C:\WINDOWS\windefend.exe
2007-10-14 05:29    ---------   d-----w C:\Program Files\Common Files\xing shared
2007-10-14 05:28    ---------   d-----w C:\Program Files\Common Files\Real
2007-10-14 02:18    ---------   d-----w C:\Program Files\ImgBurn
2007-03-16 05:09    81,920  ----a-w C:\Documents and Settings\Kris\Application Data\ezpinst.exe
2007-03-16 05:09    47,360  ----a-w C:\Documents and Settings\Kris\Application Data\pcouffin.sys
2003-08-27 22:19    36,963  -c--a-r C:\Program Files\Common Files\SM1updtr.dll
2007-08-25 00:41    512,000 --sh--r C:\WINDOWS\cnmtmgr.exe
2005-07-14 19:31    27,648  --sha-r C:\WINDOWS\system32\AVSredirect.dll
2007-05-24 19:46    1,389,960   --sha-w C:\WINDOWS\system32\bccdd.ini2
2007-07-01 23:25    191,608 --sha-r C:\WINDOWS\system32\csml.exe
2007-08-01 04:39    201,336 --sha-r C:\WINDOWS\system32\csrml.exe
2005-06-22 05:37    45,568  --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06    163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2004-01-25 07:00    70,656  --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-10-10 22:38    336 --sha-w C:\WINDOWS\system32\ihhkj.ini2
2007-07-04 04:32    1,097   --sha-w C:\WINDOWS\system32\ijkkj.ini2
2007-02-21 10:47    31,232  --sh--r C:\WINDOWS\system32\msfDX.dll
2006-10-23 21:17    479 --sh--w C:\WINDOWS\system32\wybeg.ini2
2004-01-25 07:00    70,656  --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC276C01-97F0-44C6-B24F-062E8096C896}]
            C:\WINDOWS\System32\mlljk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 03:24]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 04:00]
"Veoh"="G:\VeohClient.exe" []
"RemoveIT Pro XT"="C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-04-21 01:04]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 21:10]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 15:43]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 16:46]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-05-14 10:29]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 13:12]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 11:17]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 14:47]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 17:45]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 09:21]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-12 18:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"!AVG Anti-Spyware"="C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-29 19:23]
"NDSTray.exe"="NDSTray.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 13:23:32]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2003-12-02 14:45:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

R1 ECioctl;ECioctl;C:\WINDOWS\System32\Drivers\ECioctl.sys
R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\System32\Drivers\EKIoMngr.sys
R1 SrvcEPIOMngr;SrvcEPIOMngr;C:\WINDOWS\System32\Drivers\EPIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\System32\Drivers\SSIoMngr.sys
R1 SrvcTPIOMngr;SrvcTPIOMngr;C:\WINDOWS\System32\Drivers\TPIoMngr.sys
R2 CSML;Windows Client/Server Management Layer;C:\WINDOWS\system32\csml.exe
R2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\System32\Drivers\LxrSII1d.sys
R2 NET Service;NET Service;"C:\WINDOWS\trkwksvc.exe"
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\System32\Drivers\DKbFltr.sys
R3 EMSCR;EMSCR;C:\WINDOWS\System32\DRIVERS\EMS7SK.sys
R3 EPOWER;Compal E-POWER Driver;C:\WINDOWS\System32\Drivers\hkdrv.sys
R3 ESDCR;ESDCR;C:\WINDOWS\System32\DRIVERS\ESD7SK.sys
R3 ESMCR;ESMCR;C:\WINDOWS\System32\DRIVERS\ESM7SK.sys
S2 Local Service;Local Service;"C:\WINDOWS\chfmon.exe"
S2 Microsoft Hosting Services;Microsoft Hosting Services;"C:\WINDOWS\System32\dllcache\mshosting.exe"
S2 msn_live;msn_live;"C:\WINDOWS\msn_live.exe"
S2 wms;Windows Management Service;C:\WINDOWS\System32\wms.exe
S3 mcemgr;mcemgr;\??\C:\WINDOWS\System32\obdwk.sys

.
Contents of the 'Scheduled Tasks' folder
"2005-12-13 02:28:42 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-12-07 22:21:48
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ... 

C:\WINDOWS\trkwksvc.exe [1940] 0x84A8E9E8

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-12-07 22:30:32 - machine was rebooted
.
    --- E O F ---

and the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:34 PM, on 12/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\csml.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Kris\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://google.com/[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DC276C01-97F0-44C6-B24F-062E8096C896} - C:\WINDOWS\System32\mlljk.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [EzButton] "C:\Program Files\EzButton\EzButton.EXE"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "G:\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Windows Client/Server Management Layer (CSML) - Unknown owner - C:\WINDOWS\system32\csml.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Local Service - Unknown owner - C:\WINDOWS\chfmon.exe (file missing)
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Microsoft Hosting Services - Unknown owner - C:\WINDOWS\System32\dllcache\mshosting.exe (file missing)
O23 - Service: msn_live - Unknown owner - C:\WINDOWS\msn_live.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe (file missing)

--
End of file - 7473 bytes

I hope that this took care of everything
EDIT: When my computer restarted there was a notice that Windows Explorer encountered a problem. I don't know if that has any relevance to this or not.

Edited by mike_2000_17: Fixed formatting

0

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\system32\wmsoft47850.exe
C:\WINDOWS\system32\wmsoft74468.exe
C:\WINDOWS\system32\wmsoft62428.exe
C:\WINDOWS\system32\iuengine.dll
C:\WINDOWS\system32\dllcache\iuengine.dll
C:\WINDOWS\system32\wmsoft60042.exe
C:\WINDOWS\system32\wmsoft54812.exe
C:\WINDOWS\system32\xvidcore.dll
C:\WINDOWS\system32\libmp3lame-0.dll
C:\WINDOWS\system32\wmsoft72204.exe
C:\WINDOWS\system32\wmsoft82482.exe
C:\WINDOWS\system32\wmsoft66286.exe
C:\WINDOWS\ldapdamonn.exe
C:\WINDOWS\navaupgi.exe
C:\WINDOWS\navaupgv.exe
C:\WINDOWS\avirtolp.exe
C:\WINDOWS\javirtolp.exe
C:\WINDOWS\javirtopl.exe
C:\WINDOWS\navaupgj.exe
C:\Program Files\Ypmbqxze
C:\Documents and Settings\Kris\p4ck.exe
C:\WINDOWS\tftp2.exe
C:\WINDOWS\tftp1.exe
C:\WINDOWS\tftp3.exe
C:\WINDOWS\windef32.exe
C:\WINDOWS\windefend.exe
C:\WINDOWS\system32\csml.exe
C:\WINDOWS\system32\csrml.exe
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\i420vfw.dll
C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\msfDX.dll
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\system32\yv12vfw.dll
C:\WINDOWS\System32\dllcache\mshosting.exe
C:\WINDOWS\System32\wms.exe

Just post back the results for the bad files.

==

A. Please RUN HijackThis

  1. Click the SCAN button to produce a log.
  2. Place a check mark beside each one of the following items:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O2 - BHO: (no name) - {DC276C01-97F0-44C6-B24F-062E8096C896} - C:\WINDOWS\System32\mlljk.dll (file missing)

    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe (file missing)
    O23 - Service: Local Service - Unknown owner - C:\WINDOWS\chfmon.exe (file missing)
    O23 - Service: Microsoft Hosting Services - Unknown owner - C:\WINDOWS\System32\dllcache\mshosting.exe (file missing)
    O23 - Service: msn_live - Unknown owner - C:\WINDOWS\msn_live.exe (file missing)

  3. Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

B. 1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

DirLook::
C:\videooutput
C:\Documents and Settings\Kris\Application Data\vlc

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Save the above as CFScript.txt

4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]


6. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

wmsoft47850.exe:

AhnLab-V3 2007.12.8.0 2007.12.07 Win32/Virut.D
AntiVir 7.6.0.40 2007.12.07 W32/Virut.Gen
Authentium 4.93.8 2007.12.08 W32/Virut.9264
Avast 4.7.1098.0 2007.12.08 Win32:Virut
AVG 7.5.0.503 2007.12.08 Win32/Virut
BitDefender 7.2 2007.12.09 Win32.Virtob.2.Gen
CAT-QuickHeal 9.00 2007.12.08 W32.Virut.D
ClamAV 0.91.2 2007.12.09 W32.Virut.ci
DrWeb 4.44.0.09170 2007.12.08 Win32.Virut.5
eSafe 7.0.15.0 2007.12.06 Suspicious File
eTrust-Vet 31.3.5361 2007.12.08 Win32/Virut.9276
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 W32/Virut.E
F-Prot 4.4.2.54 2007.12.08 W32/Virut.9264
F-Secure 6.70.13030.0 2007.12.08 Virus.Win32.Virut.d
Ikarus T3.1.1.12 2007.12.09 Virus.Win32.Virut.d
Kaspersky 7.0.0.125 2007.12.09 Virus.Win32.Virut.d
McAfee 5181 2007.12.08 W32/Virut.gen
Microsoft 1.3007 2007.12.09 Virus:Win32/Virut.C
NOD32v2 2711 2007.12.07 Win32/Virut.E
Norman 5.80.02 2007.12.07 W32/Virut.D
Panda 9.0.0.4 2007.12.09 W32/Virutas.G
Prevx1 V2 2007.12.09 Heuristic: Suspicious Self Modifying EXE
Rising 20.21.42.00 2007.12.07 Win32.Virut.GEN
Sophos 4.24.0 2007.12.09 W32/Vetor-A
Sunbelt 2.2.907.0 2007.12.07 VIPRE.Suspicious
Symantec 10 2007.12.08 W32.Virut.B
TheHacker 6.2.9.153 2007.12.07 W32/Virut.f
VBA32 3.12.2.5 2007.12.07 Virus.Win32.Virut.d
VirusBuster 4.3.26:9 2007.12.08 Win32.Virut.Gen
Webwasher-Gateway 6.6.2 2007.12.08 Win32.Virut.Gen

wmsoft74468.exe:
AhnLab-V3 2007.12.8.0 2007.12.07 Win-Trojan/Xema.variant
AntiVir 7.6.0.40 2007.12.07 W32/Virut.Gen
Authentium 4.93.8 2007.12.08 W32/Virut.9264
Avast 4.7.1098.0 2007.12.08 Win32:Virut
AVG 7.5.0.503 2007.12.08 Win32/Virut
BitDefender 7.2 2007.12.09 Win32.Virtob.4.Gen
CAT-QuickHeal 9.00 2007.12.08 Win95.SK
ClamAV 0.91.2 2007.12.09 W32.Virut.di
DrWeb 4.44.0.09170 2007.12.08 Win32.Virut.5
eSafe 7.0.15.0 2007.12.06 Suspicious File
eTrust-Vet 31.3.5361 2007.12.08 Win32/Virut.9276
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 W32/Virut.E
F-Prot 4.4.2.54 2007.12.08 W32/Virut.9264
F-Secure 6.70.13030.0 2007.12.08 Virus.Win32.Virut.n
Ikarus T3.1.1.12 2007.12.09 Virus.Win32.Cheburgen.a
Kaspersky 7.0.0.125 2007.12.09 Virus.Win32.Virut.n
McAfee 5181 2007.12.08 W32/Virut.gen
Microsoft 1.3007 2007.12.09 Virus:Win32/Virut.C
NOD32v2 2711 2007.12.07 Win32/Virut.E
Norman 5.80.02 2007.12.07 W32/Virut.D
Panda 9.0.0.4 2007.12.09 W32/Virutas.E
Prevx1 V2 2007.12.09 Heuristic: Suspicious Self Modifying EXE
Rising 20.21.42.00 2007.12.07 Win32.Virut.GEN
Sophos 4.24.0 2007.12.09 W32/Virut-L
Sunbelt 2.2.907.0 2007.12.07 VIPRE.Suspicious
Symantec 10 2007.12.09 W32.Virut.B
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 Virus.Win32.Virut.d
VirusBuster 4.3.26:9 2007.12.08 Win32.Virut.Gen
Webwasher-Gateway 6.6.2 2007.12.08 Win32.Virut.Gen

wmsoft62428.exe
AhnLab-V3 - - Win32/Virut.D
AntiVir - - W32/Virut.Gen
Authentium - - W32/Virut.9264
Avast - - Win32:Virut
AVG - - Win32/Virut
BitDefender - - Win32.Virtob.2.Gen
CAT-QuickHeal - - W32.Virut.D
ClamAV - - W32.Virut.ci
DrWeb - - Win32.Virut.5
eSafe - - Suspicious File
eTrust-Vet - - Win32/Virut.9276
Ewido - - -
FileAdvisor - - -
Fortinet - - W32/Virut.E
F-Prot - - W32/Virut.9264
F-Secure - - Virus.Win32.Virut.d
Ikarus - - Virus.Win32.Virut.d
Kaspersky - - Virus.Win32.Virut.d
McAfee - - W32/Virut.gen
Microsoft - - Virus:Win32/Virut.C
NOD32v2 - - Win32/Virut.E
Norman - - W32/Virut.D
Panda - - W32/Virutas.G
Prevx1 - - Heuristic: Suspicious Self Modifying EXE
Rising - - Win32.Virut.GEN
Sophos - - W32/Vetor-A
Sunbelt - - VIPRE.Suspicious
Symantec - - W32.Virut.B
TheHacker - - W32/Virut.f
VBA32 - - Virus.Win32.Virut.d
VirusBuster - - Win32.Virut.Gen
Webwasher-Gateway - - Win32.Virut.Gen

wmsoft60042.exe
AhnLab-V3 2007.12.8.0 2007.12.07 Win-Trojan/Xema.variant
AntiVir 7.6.0.40 2007.12.07 W32/Virut.Gen
Authentium 4.93.8 2007.12.08 W32/Virut.9264
Avast 4.7.1098.0 2007.12.08 Win32:Virut
AVG 7.5.0.503 2007.12.08 Win32/Virut
BitDefender 7.2 2007.12.09 Win32.Virtob.4.Gen
CAT-QuickHeal 9.00 2007.12.08 Win95.SK
ClamAV 0.91.2 2007.12.09 W32.Virut.ci
DrWeb 4.44.0.09170 2007.12.08 Win32.Virut.5
eSafe 7.0.15.0 2007.12.06 Suspicious File
eTrust-Vet 31.3.5361 2007.12.08 Win32/Virut.9276
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 W32/Virut.E
F-Prot 4.4.2.54 2007.12.08 W32/Virut.9264
F-Secure 6.70.13030.0 2007.12.08 Virus.Win32.Virut.n
Ikarus T3.1.1.12 2007.12.09 Virus.Win32.Cheburgen.a
Kaspersky 7.0.0.125 2007.12.09 Virus.Win32.Virut.n
McAfee 5181 2007.12.08 W32/Virut.gen
Microsoft 1.3007 2007.12.09 Virus:Win32/Virut.C
NOD32v2 2711 2007.12.07 Win32/Virut.E
Norman 5.80.02 2007.12.07 W32/Virut.D
Panda 9.0.0.4 2007.12.09 W32/Virutas.E
Prevx1 V2 2007.12.09 Heuristic: Suspicious Self Modifying EXE
Rising 20.21.42.00 2007.12.07 Win32.Virut.GEN
Sophos 4.24.0 2007.12.09 W32/Virut-L
Sunbelt 2.2.907.0 2007.12.07 VIPRE.Suspicious
Symantec 10 2007.12.09 W32.Virut.B
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 Virus.Win32.Virut.d
VirusBuster 4.3.26:9 2007.12.08 Win32.Virut.Gen
Webwasher-Gateway 6.6.2 2007.12.08 Win32.Virut.Gen

wmsoft54812.exe
AhnLab-V3 2007.12.8.0 2007.12.07 Win-Trojan/Xema.variant
AntiVir 7.6.0.40 2007.12.07 W32/Virut.Gen
Authentium 4.93.8 2007.12.08 W32/Virut.9264
Avast 4.7.1098.0 2007.12.08 Win32:Virut
AVG 7.5.0.503 2007.12.08 Win32/Virut
BitDefender 7.2 2007.12.09 Win32.Virtob.4.Gen
CAT-QuickHeal 9.00 2007.12.08 Win95.SK
ClamAV 0.91.2 2007.12.09 W32.Virut.di
DrWeb 4.44.0.09170 2007.12.08 Win32.Virut.5
eSafe 7.0.15.0 2007.12.06 Suspicious File
eTrust-Vet 31.3.5361 2007.12.08 Win32/Virut.9276
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 W32/Virut.E
F-Prot 4.4.2.54 2007.12.08 W32/Virut.9264
F-Secure 6.70.13030.0 2007.12.08 Virus.Win32.Virut.n
Ikarus T3.1.1.12 2007.12.09 Virus.Win32.Cheburgen.a
Kaspersky 7.0.0.125 2007.12.09 Virus.Win32.Virut.n
McAfee 5181 2007.12.08 W32/Virut.gen
Microsoft 1.3007 2007.12.09 Virus:Win32/Virut.C
NOD32v2 2711 2007.12.07 Win32/Virut.E
Norman 5.80.02 2007.12.07 W32/Virut.D
Panda 9.0.0.4 2007.12.09 W32/Virutas.E
Prevx1 V2 2007.12.09 -
Rising 20.21.42.00 2007.12.07 Win32.Virut.GEN
Sophos 4.24.0 2007.12.09 W32/Virut-L
Sunbelt 2.2.907.0 2007.12.07 VIPRE.Suspicious
Symantec 10 2007.12.09 W32.Virut.B
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 Virus.Win32.Virut.d
VirusBuster 4.3.26:9 2007.12.08 Win32.Virut.Gen
Webwasher-Gateway 6.6.2 2007.12.08 Win32.Virut.Gen

wmsoft66286.exe
AhnLab-V3 2007.12.8.0 2007.12.07 Win-Trojan/Xema.variant
AntiVir 7.6.0.40 2007.12.07 W32/Virut.Gen
Authentium 4.93.8 2007.12.08 W32/Virut.9264
Avast 4.7.1098.0 2007.12.08 Win32:Virut
AVG 7.5.0.503 2007.12.08 Win32/Virut
BitDefender 7.2 2007.12.09 Win32.Virtob.4.Gen
CAT-QuickHeal 9.00 2007.12.08 Win95.SK
ClamAV 0.91.2 2007.12.09 W32.Virut.di
DrWeb 4.44.0.09170 2007.12.08 Win32.Virut.5
eSafe 7.0.15.0 2007.12.06 Suspicious File
eTrust-Vet 31.3.5361 2007.12.08 Win32/Virut.9276
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 W32/Virut.E
F-Prot 4.4.2.54 2007.12.08 W32/Virut.9264
F-Secure 6.70.13030.0 2007.12.08 Virus.Win32.Virut.n
Ikarus T3.1.1.12 2007.12.09 Virus.Win32.Cheburgen.a
Kaspersky 7.0.0.125 2007.12.09 Virus.Win32.Virut.n
McAfee 5181 2007.12.08 W32/Virut.gen
Microsoft 1.3007 2007.12.09 Virus:Win32/Virut.C
NOD32v2 2711 2007.12.07 Win32/Virut.E
Norman 5.80.02 2007.12.07 W32/Virut.D
Panda 9.0.0.4 2007.12.09 W32/Virutas.E
Prevx1 V2 2007.12.09 Heuristic: Suspicious Self Modifying EXE
Rising 20.21.42.00 2007.12.07 Win32.Virut.GEN
Sophos 4.24.0 2007.12.09 W32/Virut-L
Sunbelt 2.2.907.0 2007.12.07 VIPRE.Suspicious
Symantec 10 2007.12.09 W32.Virut.B
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 Virus.Win32.Virut.d
VirusBuster 4.3.26:9 2007.12.08 Win32.Virut.Gen
Webwasher-Gateway 6.6.2 2007.12.08 Win32.Virut.Gen

wmsoft82482.exe
AhnLab-V3 2007.12.8.0 2007.12.07 Win-Trojan/Xema.variant
AntiVir 7.6.0.40 2007.12.07 W32/Virut.Gen
Authentium 4.93.8 2007.12.08 W32/Virut.9264
Avast 4.7.1098.0 2007.12.08 Win32:Virut
AVG 7.5.0.503 2007.12.08 Win32/Virut
BitDefender 7.2 2007.12.09 Win32.Virtob.4.Gen
CAT-QuickHeal 9.00 2007.12.08 Win95.SK
ClamAV 0.91.2 2007.12.09 W32.Virut.di
DrWeb 4.44.0.09170 2007.12.08 Win32.Virut.5
eSafe 7.0.15.0 2007.12.06 Suspicious File
eTrust-Vet 31.3.5361 2007.12.08 Win32/Virut.9276
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 W32/Virut.E
F-Prot 4.4.2.54 2007.12.08 W32/Virut.9264
F-Secure 6.70.13030.0 2007.12.08 Virus.Win32.Virut.n
Ikarus T3.1.1.12 2007.12.09 Virus.Win32.Cheburgen.a
Kaspersky 7.0.0.125 2007.12.09 Virus.Win32.Virut.n
McAfee 5181 2007.12.08 W32/Virut.gen
Microsoft 1.3007 2007.12.09 Virus:Win32/Virut.C
NOD32v2 2711 2007.12.07 Win32/Virut.E
Norman 5.80.02 2007.12.07 W32/Virut.D
Panda 9.0.0.4 2007.12.09 W32/Virutas.E
Prevx1 V2 2007.12.09 Heuristic: Suspicious Self Modifying EXE
Rising 20.21.42.00 2007.12.07 Win32.Virut.GEN
Sophos 4.24.0 2007.12.09 W32/Virut-L
Sunbelt 2.2.907.0 2007.12.07 VIPRE.Suspicious
Symantec 10 2007.12.09 W32.Virut.B
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 Virus.Win32.Virut.d
VirusBuster 4.3.26:9 2007.12.08 Win32.Virut.Gen
Webwasher-Gateway 6.6.2 2007.12.08 Win32.Virut.Gen

wmsoft72204.exe
AhnLab-V3 2007.12.8.0 2007.12.07 Win-Trojan/Xema.variant
AntiVir 7.6.0.40 2007.12.07 W32/Virut.Gen
Authentium 4.93.8 2007.12.08 W32/Virut.9264
Avast 4.7.1098.0 2007.12.08 Win32:Virut
AVG 7.5.0.503 2007.12.08 Win32/Virut
BitDefender 7.2 2007.12.09 Win32.Virtob.4.Gen
CAT-QuickHeal 9.00 2007.12.08 Win95.SK
ClamAV 0.91.2 2007.12.09 W32.Virut.ci
DrWeb 4.44.0.09170 2007.12.08 Win32.Virut.5
eSafe 7.0.15.0 2007.12.06 Suspicious File
eTrust-Vet 31.3.5361 2007.12.08 Win32/Virut.9276
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 W32/Virut.E
F-Prot 4.4.2.54 2007.12.08 W32/Virut.9264
F-Secure 6.70.13030.0 2007.12.08 Virus.Win32.Virut.n
Ikarus T3.1.1.12 2007.12.09 Virus.Win32.Cheburgen.a
Kaspersky 7.0.0.125 2007.12.09 Virus.Win32.Virut.n
McAfee 5181 2007.12.08 W32/Virut.gen
Microsoft 1.3007 2007.12.09 Virus:Win32/Virut.C
NOD32v2 2711 2007.12.07 Win32/Virut.E
Norman 5.80.02 2007.12.07 W32/Virut.D
Panda 9.0.0.4 2007.12.09 W32/Virutas.E
Prevx1 V2 2007.12.09 Heuristic: Suspicious Self Modifying EXE
Rising 20.21.42.00 2007.12.07 Win32.Virut.GEN
Sophos 4.24.0 2007.12.09 W32/Virut-L
Sunbelt 2.2.907.0 2007.12.07 VIPRE.Suspicious
Symantec 10 2007.12.09 W32.Virut.B
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 Virus.Win32.Virut.d
VirusBuster 4.3.26:9 2007.12.08 Win32.Virut.Gen
Webwasher-Gateway 6.6.2 2007.12.08 Win32.Virut.Gen

C:\WINDOWS\navaupgv.exe
AhnLab-V3 2007.12.8.0 2007.12.07 -
AntiVir 7.6.0.40 2007.12.07 -
Authentium 4.93.8 2007.12.08 -
Avast 4.7.1098.0 2007.12.08 -
AVG 7.5.0.503 2007.12.08 -
BitDefender 7.2 2007.12.09 -
CAT-QuickHeal 9.00 2007.12.08 AdWare.Thespacezone.b (Not a Virus)
ClamAV 0.91.2 2007.12.09 -
DrWeb 4.44.0.09170 2007.12.08 -
eSafe 7.0.15.0 2007.12.06 suspicious Trojan/Worm
eTrust-Vet 31.3.5361 2007.12.08 -
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 -
F-Prot 4.4.2.54 2007.12.08 -
F-Secure 6.70.13030.0 2007.12.08 -
Ikarus T3.1.1.12 2007.12.09 -
Kaspersky 7.0.0.125 2007.12.09 -
McAfee 5181 2007.12.08 -
Microsoft 1.3007 2007.12.09 -
NOD32v2 2711 2007.12.07 -
Norman 5.80.02 2007.12.07 -
Panda 9.0.0.4 2007.12.09 Suspicious file
Prevx1 V2 2007.12.09 Heuristic: Suspicious File With Persistence
Rising 20.21.42.00 2007.12.07 -
Sophos 4.24.0 2007.12.09 -
Sunbelt 2.2.907.0 2007.12.07 -
Symantec 10 2007.12.09 -
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 -
VirusBuster 4.3.26:9 2007.12.08 -
Webwasher-Gateway 6.6.2 2007.12.08 -

navaupgi.exe
AhnLab-V3 2007.12.8.0 2007.12.07 -
AntiVir 7.6.0.40 2007.12.07 -
Authentium 4.93.8 2007.12.08 -
Avast 4.7.1098.0 2007.12.08 -
AVG 7.5.0.503 2007.12.08 -
BitDefender 7.2 2007.12.09 -
CAT-QuickHeal 9.00 2007.12.08 AdWare.Thespacezone.b (Not a Virus)
ClamAV 0.91.2 2007.12.09 -
DrWeb 4.44.0.09170 2007.12.08 -
eSafe 7.0.15.0 2007.12.06 suspicious Trojan/Worm
eTrust-Vet 31.3.5361 2007.12.08 -
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 -
F-Prot 4.4.2.54 2007.12.08 -
F-Secure 6.70.13030.0 2007.12.08 -
Ikarus T3.1.1.12 2007.12.09 -
Kaspersky 7.0.0.125 2007.12.09 -
McAfee 5181 2007.12.08 -
Microsoft 1.3007 2007.12.09 -
NOD32v2 2711 2007.12.07 -
Norman 5.80.02 2007.12.07 -
Panda 9.0.0.4 2007.12.09 Suspicious file
Prevx1 V2 2007.12.09 Heuristic: Suspicious File With Persistence
Rising 20.21.42.00 2007.12.07 -
Sophos 4.24.0 2007.12.09 -
Sunbelt 2.2.907.0 2007.12.07 -
Symantec 10 2007.12.09 -
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 -
VirusBuster 4.3.26:9 2007.12.08 -
Webwasher-Gateway 6.6.2 2007.12.08 -

ldapdamonn.exe
AhnLab-V3 2007.12.8.0 2007.12.07 -
AntiVir 7.6.0.40 2007.12.07 -
Authentium 4.93.8 2007.12.08 -
Avast 4.7.1098.0 2007.12.08 -
AVG 7.5.0.503 2007.12.08 -
BitDefender 7.2 2007.12.09 -
CAT-QuickHeal 9.00 2007.12.08 AdWare.Thespacezone.b (Not a Virus)
ClamAV 0.91.2 2007.12.09 -
DrWeb 4.44.0.09170 2007.12.08 -
eSafe 7.0.15.0 2007.12.06 suspicious Trojan/Worm
eTrust-Vet 31.3.5361 2007.12.08 -
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 -
F-Prot 4.4.2.54 2007.12.08 -
F-Secure 6.70.13030.0 2007.12.08 -
Ikarus T3.1.1.12 2007.12.09 -
Kaspersky 7.0.0.125 2007.12.09 -
McAfee 5181 2007.12.08 -
Microsoft 1.3007 2007.12.09 -
NOD32v2 2711 2007.12.07 -
Norman 5.80.02 2007.12.07 -
Panda 9.0.0.4 2007.12.09 Suspicious file
Prevx1 V2 2007.12.09 Heuristic: Suspicious File With Persistence
Rising 20.21.42.00 2007.12.07 -
Sophos 4.24.0 2007.12.09 -
Sunbelt 2.2.907.0 2007.12.07 -
Symantec 10 2007.12.09 -
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 -
VirusBuster 4.3.26:9 2007.12.08 -
Webwasher-Gateway 6.6.2 2007.12.08 -

avirtolp.exe
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - AdWare.Thespacezone.b (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Heuristic: Suspicious File With Persistence
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

javirtolp.exe
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - AdWare.Thespacezone.b (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Heuristic: Suspicious File With Persistence
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

javirtopl.exe
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - AdWare.Thespacezone.b (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Heuristic: Suspicious File With Persistence
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

navaupgj.exe
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - AdWare.Thespacezone.b (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Heuristic: Suspicious File With Persistence
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

tftp1.exe
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - AdWare.Thespacezone.b (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Heuristic: Suspicious File With Persistence
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

tftp2.exe
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - AdWare.Thespacezone.b (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Heuristic: Suspicious File With Persistence
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

p4ck.exe
AhnLab-V3 2007.12.8.0 2007.12.07 Win32/Virut.D
AntiVir 7.6.0.40 2007.12.07 W32/Virut.Gen
Authentium 4.93.8 2007.12.08 W32/Virut.9264
Avast 4.7.1098.0 2007.12.08 Win32:FriJoiner-G
AVG 7.5.0.503 2007.12.08 Dropper.FreeJoiner
BitDefender 7.2 2007.12.09 Win32.Virtob.2.Gen
CAT-QuickHeal 9.00 2007.12.08 W32.Virut.E
ClamAV 0.91.2 2007.12.09 W32.Virut.di
DrWeb 4.44.0.09170 2007.12.08 Win32.Virut.5
eSafe 7.0.15.0 2007.12.06 -
eTrust-Vet 31.3.5361 2007.12.08 Win32/Virut.9276
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 W32/Virut.EPO
F-Prot 4.4.2.54 2007.12.08 W32/Virut.9264
F-Secure 6.70.13030.0 2007.12.08 Trojan-Dropper.Win32.FriJoiner.bg
Ikarus T3.1.1.12 2007.12.09 Virus.Win32.Virut.d
Kaspersky 7.0.0.125 2007.12.09 Trojan-Dropper.Win32.FriJoiner.bg
McAfee 5181 2007.12.08 W32/Virut.gen
Microsoft 1.3007 2007.12.09 Virus:Win32/Virut.C
NOD32v2 2711 2007.12.07 Win32/Virut.E
Norman 5.80.02 2007.12.07 -
Panda 9.0.0.4 2007.12.09 W32/Virutas.E
Prevx1 V2 2007.12.09 -
Rising 20.21.42.00 2007.12.07 Dropper.Win32.FriJoiner.bg
Sophos 4.24.0 2007.12.09 W32/Vetor-A
Sunbelt 2.2.907.0 2007.12.07 VIPRE.Suspicious
Symantec 10 2007.12.09 W32.Virut.B
TheHacker 6.2.9.153 2007.12.07 W32/Virut.gen
VBA32 3.12.2.5 2007.12.07 Virus.Win32.Virut.d
VirusBuster 4.3.26:9 2007.12.08 Win32.Virut.Gen
Webwasher-Gateway 6.6.2 2007.12.08 Win32.Virut.Gen

tftp3.exe
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - AdWare.Thespacezone.b (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Heuristic: Suspicious File With Persistence
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

csml.exe
AhnLab-V3 2007.12.8.0 2007.12.07 Win32/Virut.D
AntiVir 7.6.0.40 2007.12.07 W32/Virut.Gen
Authentium 4.93.8 2007.12.08 W32/Virut.9264
Avast 4.7.1098.0 2007.12.08 Win32:Virut
AVG 7.5.0.503 2007.12.08 Win32/Virut
BitDefender 7.2 2007.12.09 Win32.Virtob.2.Gen
CAT-QuickHeal 9.00 2007.12.08 W32.Virut.D
ClamAV 0.91.2 2007.12.09 W32.Virut.ci
DrWeb 4.44.0.09170 2007.12.08 Win32.Virut.5
eSafe 7.0.15.0 2007.12.06 Suspicious File
eTrust-Vet 31.3.5361 2007.12.08 Win32/Virut.9276
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 W32/Virut.E
F-Prot 4.4.2.54 2007.12.08 W32/Virut.9264
F-Secure 6.70.13030.0 2007.12.08 Virus.Win32.Virut.d
Ikarus T3.1.1.12 2007.12.09 Virus.Win32.Virut.d
Kaspersky 7.0.0.125 2007.12.09 Virus.Win32.Virut.d
McAfee 5181 2007.12.08 W32/Virut.gen
Microsoft 1.3007 2007.12.09 Virus:Win32/Virut.C
NOD32v2 2711 2007.12.07 Win32/Virut.E
Norman 5.80.02 2007.12.07 W32/Virut.D
Panda 9.0.0.4 2007.12.09 W32/Virutas.G.dam
Prevx1 V2 2007.12.09 -
Rising 20.21.42.00 2007.12.07 Win32.Virut.GEN
Sophos 4.24.0 2007.12.09 W32/Virut-L
Sunbelt 2.2.907.0 2007.12.07 -
Symantec 10 2007.12.09 W32.Virut.B
TheHacker 6.2.9.153 2007.12.07 W32/Virut.gen
VBA32 3.12.2.5 2007.12.07 Virus.Win32.Virut.d
VirusBuster 4.3.26:9 2007.12.08 Win32.Virut.Gen
Webwasher-Gateway 6.6.2 2007.12.08 Win32.Virut.Gen

windef32.exe
AhnLab-V3 2007.12.8.0 2007.12.07 -
AntiVir 7.6.0.40 2007.12.07 -
Authentium 4.93.8 2007.12.08 -
Avast 4.7.1098.0 2007.12.08 -
AVG 7.5.0.503 2007.12.08 -
BitDefender 7.2 2007.12.09 -
CAT-QuickHeal 9.00 2007.12.08 AdWare.Thespacezone.b (Not a Virus)
ClamAV 0.91.2 2007.12.09 -
DrWeb 4.44.0.09170 2007.12.08 -
eSafe 7.0.15.0 2007.12.06 suspicious Trojan/Worm
eTrust-Vet 31.3.5361 2007.12.08 -
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 -
F-Prot 4.4.2.54 2007.12.08 -
F-Secure 6.70.13030.0 2007.12.08 -
Ikarus T3.1.1.12 2007.12.09 -
Kaspersky 7.0.0.125 2007.12.09 -
McAfee 5181 2007.12.08 -
Microsoft 1.3007 2007.12.09 -
NOD32v2 2711 2007.12.07 -
Norman 5.80.02 2007.12.07 -
Panda 9.0.0.4 2007.12.09 Suspicious file
Prevx1 V2 2007.12.09 Heuristic: Suspicious File With Persistence
Rising 20.21.42.00 2007.12.07 -
Sophos 4.24.0 2007.12.09 -
Sunbelt 2.2.907.0 2007.12.07 -
Symantec 10 2007.12.09 -
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 -
VirusBuster 4.3.26:9 2007.12.08 -
Webwasher-Gateway 6.6.2 2007.12.08 -

windefend.exe
AhnLab-V3 2007.12.8.0 2007.12.07 -
AntiVir 7.6.0.40 2007.12.07 -
Authentium 4.93.8 2007.12.08 -
Avast 4.7.1098.0 2007.12.08 -
AVG 7.5.0.503 2007.12.08 -
BitDefender 7.2 2007.12.09 -
CAT-QuickHeal 9.00 2007.12.08 AdWare.Thespacezone.b (Not a Virus)
ClamAV 0.91.2 2007.12.09 -
DrWeb 4.44.0.09170 2007.12.08 -
eSafe 7.0.15.0 2007.12.06 suspicious Trojan/Worm
eTrust-Vet 31.3.5361 2007.12.08 -
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 -
F-Prot 4.4.2.54 2007.12.08 -
F-Secure 6.70.13030.0 2007.12.08 -
Ikarus T3.1.1.12 2007.12.09 -
Kaspersky 7.0.0.125 2007.12.09 -
McAfee 5181 2007.12.08 -
Microsoft 1.3007 2007.12.09 -
NOD32v2 2711 2007.12.07 -
Norman 5.80.02 2007.12.07 -
Panda 9.0.0.4 2007.12.09 Suspicious file
Prevx1 V2 2007.12.09 Heuristic: Suspicious File With Persistence
Rising 20.21.42.00 2007.12.07 -
Sophos 4.24.0 2007.12.09 -
Sunbelt 2.2.907.0 2007.12.07 -
Symantec 10 2007.12.09 -
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 -
VirusBuster 4.3.26:9 2007.12.08 -
Webwasher-Gateway 6.6.2 2007.12.08 -

cygz.dll
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - PUA.Packed.TeLock
DrWeb - - -
eSafe - - -989951120
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - Low threat detected
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.Malware.gen!88 (suspicious)

flvDX.dll
Webwasher-Gateway - - Win32.UPXpacked.gen!94 (suspicious)

csrml.exe
AhnLab-V3 2007.12.8.0 2007.12.07 Win32/Virut.D
AntiVir 7.6.0.40 2007.12.07 W32/Virut.Gen
Authentium 4.93.8 2007.12.08 W32/Virut.9264
Avast 4.7.1098.0 2007.12.08 Win32:Virut
AVG 7.5.0.503 2007.12.08 Win32/Virut
BitDefender 7.2 2007.12.09 Win32.Virtob.2.Gen
CAT-QuickHeal 9.00 2007.12.08 W32.Virut.D
ClamAV 0.91.2 2007.12.09 W32.Virut.ba
DrWeb 4.44.0.09170 2007.12.08 Win32.Virut.5
eSafe 7.0.15.0 2007.12.06 suspicious Trojan/Worm
eTrust-Vet 31.3.5361 2007.12.08 Win32/Virut.9276
Ewido 4.0 2007.12.08 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.08 W32/Virut.E
F-Prot 4.4.2.54 2007.12.08 W32/Virut.9264
F-Secure 6.70.13030.0 2007.12.08 Virus.Win32.Virut.d
Ikarus T3.1.1.12 2007.12.09 Virus.Win32.Virut.d
Kaspersky 7.0.0.125 2007.12.09 Virus.Win32.Virut.d
McAfee 5181 2007.12.08 W32/Virut.gen
Microsoft 1.3007 2007.12.09 Virus:Win32/Virut.C
NOD32v2 2711 2007.12.07 Win32/Virut.E
Norman 5.80.02 2007.12.07 W32/Virut.D
Panda 9.0.0.4 2007.12.09 W32/Virutas.G.dam
Prevx1 V2 2007.12.09 -
Rising 20.21.42.00 2007.12.07 Win32.Virut.GEN
Sophos 4.24.0 2007.12.09 W32/Vetor-A
Sunbelt 2.2.907.0 2007.12.07 VIPRE.Suspicious
Symantec 10 2007.12.09 W32.Virut.B
TheHacker 6.2.9.153 2007.12.07 -
VBA32 3.12.2.5 2007.12.07 Virus.Win32.Virut.d
VirusBuster 4.3.26:9 2007.12.08 Win32.Virut.Gen
Webwasher-Gateway 6.6.2 2007.12.08 Win32.Virut.Gen

yv12vfw.dll
eSafe - - suspicious Trojan/Worm

msfDX.dll
Sunbelt - - VIPRE.Suspicious

0

New Combofix file:

ComboFix 07-12-07.3 - Kris 2007-12-08 15:01:59.2 - NTFSx86
Running from: C:\Documents and Settings\Kris\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-11-08 to 2007-12-08  )))))))))))))))))))))))))))))))
.

2007-12-07 20:15 . 2007-12-07 20:15 <DIR>    d--------   C:\Documents and Settings\Kris\.housecall6.6
2007-12-07 20:14 . 2007-12-07 20:14 172,032 --a------   C:\WINDOWS\system32\wmsoft47850.exe
2007-12-07 20:14 . 2007-12-07 20:14 79  --a------   C:\WINDOWS\system32\i
2007-12-05 18:59 . 2007-12-05 18:59 213,504 --a------   C:\WINDOWS\system32\wmsoft74468.exe
2007-12-05 18:13 . 2007-12-05 18:13 172,032 --a------   C:\WINDOWS\system32\wmsoft62428.exe
2007-12-04 22:58 . 2003-08-25 18:06 182,880 --a------   C:\WINDOWS\system32\iuengine.dll
2007-12-04 22:58 . 2003-08-25 18:06 182,880 --a--c---   C:\WINDOWS\system32\dllcache\iuengine.dll
2007-12-04 22:04 . 2007-12-04 22:06 213,504 --a------   C:\WINDOWS\system32\wmsoft60042.exe
2007-11-30 22:32 . 2007-11-30 22:32 213,504 --a------   C:\WINDOWS\system32\wmsoft54812.exe
2007-11-30 21:28 . 2007-11-30 21:28 <DIR>    d--------   C:\WINDOWS\SDFIX
2007-11-20 21:51 . 2007-11-20 21:51 <DIR>    d--------   C:\Documents and Settings\Kris\Application Data\vlc
2007-11-20 21:39 . 2007-11-20 21:39 <DIR>    d--------   C:\videooutput
2007-11-20 21:39 . 2007-03-07 00:45 3,086,336   --a------   C:\WINDOWS\system32\NCMedia.dll
2007-11-20 21:39 . 2007-03-07 00:45 3,086,336   --a------   C:\WINDOWS\system32\flvvideo.dll
2007-11-20 21:39 . 2006-11-01 14:52 765,952 --a------   C:\WINDOWS\system32\xvidcore.dll
2007-11-20 21:39 . 2007-02-25 15:36 383,238 --a------   C:\WINDOWS\system32\libmp3lame-0.dll
2007-11-20 20:40 . 2007-11-20 20:40 <DIR>    d--------   C:\WINDOWS\FLV Player
2007-11-13 23:25 . 2007-11-13 23:26 213,504 --a------   C:\WINDOWS\system32\wmsoft72204.exe
2007-11-13 18:32 . 2007-11-13 18:32 213,504 --a------   C:\WINDOWS\system32\wmsoft82482.exe
2007-11-13 17:26 . 2007-11-13 17:26 213,504 --a------   C:\WINDOWS\system32\wmsoft66286.exe
2007-11-09 15:47 . 2007-11-09 15:47 <DIR>    d--------   C:\Program Files\7-Zip
2007-11-09 15:37 . 2007-11-09 21:41 113,482 --a------   C:\WINDOWS\ldapdamonn.exe
2007-11-08 18:15 . 2007-12-08 21:55 143 --a------   C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 07:09    ---------   d-----w C:\Documents and Settings\Kris\Application Data\uTorrent
2007-12-08 03:59    ---------   d-----w C:\Program Files\InCode Solutions
2007-11-08 02:16    113,482 ----a-w C:\WINDOWS\navaupgi.exe
2007-11-08 01:27    113,482 ----a-w C:\WINDOWS\navaupgv.exe
2007-11-07 06:03    113,482 ----a-w C:\WINDOWS\avirtolp.exe
2007-11-07 06:01    113,482 ----a-w C:\WINDOWS\javirtolp.exe
2007-11-07 02:45    113,482 ----a-w C:\WINDOWS\javirtopl.exe
2007-11-06 06:26    113,682 ----a-w C:\WINDOWS\navaupgj.exe
2007-11-06 05:57    ---------   d-----w C:\Program Files\Ypmbqxze
2007-11-06 02:47    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2007-11-06 02:32    148,622 ----a-w C:\Documents and Settings\Kris\p4ck.exe
2007-11-06 02:09    104,960 ----a-w C:\WINDOWS\system32\drvxot.dll
2007-10-27 00:20    113,537 ----a-w C:\WINDOWS\tftpdf.exe
2007-10-26 23:26    213,504 ----a-w C:\WINDOWS\system32\wmsoft27575.exe
2007-10-26 02:00    213,504 ----a-w C:\WINDOWS\system32\wmsoft44037.exe
2007-10-26 01:28    213,504 --sh--r C:\WINDOWS\trkwksvc.exe
2007-10-25 21:58    ---------   d-----w C:\Documents and Settings\Kris\Application Data\Apple Computer
2007-10-25 02:53    114,131 ----a-w C:\WINDOWS\tftp2.exe
2007-10-25 02:07    114,131 ----a-w C:\WINDOWS\tftp1.exe
2007-10-25 01:34    114,131 ----a-w C:\WINDOWS\tftp3.exe
2007-10-25 01:18    114,131 ----a-w C:\WINDOWS\system32\ftp3.exe
2007-10-25 01:04    114,130 ----a-w C:\WINDOWS\windef32.exe
2007-10-25 00:26    114,130 ----a-w C:\WINDOWS\windefend.exe
2007-10-24 05:03    ---------   d-----w C:\Program Files\BBLACK
2007-10-21 23:05    24,576  ----a-w C:\WINDOWS\system32\msxml3a.dll
2007-10-21 22:39    114,131 ----a-w C:\WINDOWS\system32\jasan.exe
2007-10-20 04:24    114,131 ----a-w C:\WINDOWS\system32\Winasp.exe
2007-10-20 01:02    ---------   d-----w C:\Program Files\uTorrent
2007-10-19 21:57    114,130 ----a-w C:\WINDOWS\system32\jvp.exe
2007-10-18 03:34    507,392 ----a-w C:\WINDOWS\system32\msoft34320.exe
2007-10-17 02:29    114,131 ----a-w C:\WINDOWS\system32\jd.exe
2007-10-17 02:29    114,130 ----a-w C:\WINDOWS\system32\vcrr.exe
2007-10-16 04:22    114,131 ----a-w C:\WINDOWS\system32\jda.exe
2007-10-16 01:23    114,131 ----a-w C:\WINDOWS\system32\jxh.exe
2007-10-15 23:43    507,392 ----a-w C:\WINDOWS\system32\msoft72040.exe
2007-10-14 05:29    ---------   d-----w C:\Program Files\Common Files\xing shared
2007-10-14 05:28    ---------   d-----w C:\Program Files\Common Files\Real
2007-10-14 02:18    ---------   d-----w C:\Program Files\ImgBurn
2007-10-12 22:36    114,131 ----a-w C:\WINDOWS\system32\jdev.exe
2007-10-12 22:33    114,131 ----a-w C:\WINDOWS\system32\jx.exe
2007-10-12 22:33    114,131 ----a-w C:\WINDOWS\system32\jsda.exe
2007-10-12 03:01    507,392 ----a-w C:\WINDOWS\system32\msoft26488.exe
2007-10-12 02:50    507,392 ----a-w C:\WINDOWS\system32\msoft37546.exe
2007-10-11 04:31    507,392 ----a-w C:\WINDOWS\system32\msoft07835.exe
2007-03-16 05:09    81,920  ----a-w C:\Documents and Settings\Kris\Application Data\ezpinst.exe
2007-03-16 05:09    47,360  ----a-w C:\Documents and Settings\Kris\Application Data\pcouffin.sys
2003-08-27 22:19    36,963  -c--a-r C:\Program Files\Common Files\SM1updtr.dll
2007-08-25 00:41    512,000 --sh--r C:\WINDOWS\cnmtmgr.exe
2005-07-14 19:31    27,648  --sha-r C:\WINDOWS\system32\AVSredirect.dll
2007-05-24 19:46    1,389,960   --sha-w C:\WINDOWS\system32\bccdd.ini2
2007-07-01 23:25    201,336 --sha-r C:\WINDOWS\system32\csml.exe
2007-08-01 04:39    201,336 --sha-r C:\WINDOWS\system32\csrml.exe
2005-06-22 05:37    45,568  --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06    163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2004-01-25 07:00    70,656  --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-10-10 22:38    336 --sha-w C:\WINDOWS\system32\ihhkj.ini2
2007-07-04 04:32    1,097   --sha-w C:\WINDOWS\system32\ijkkj.ini2
2007-02-21 10:47    31,232  --sh--r C:\WINDOWS\system32\msfDX.dll
2006-10-23 21:17    479 --sh--w C:\WINDOWS\system32\wybeg.ini2
2004-01-25 07:00    70,656  --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Kris\Application Data\vlc ----

2007-12-08 22:04    46376   --a------   C:\Documents and Settings\Kris\Application Data\vlc\vlcrc 
2007-12-08 22:04    302173  --a------   C:\Documents and Settings\Kris\Application Data\vlc\cache\plugins-04041e.dat 
2007-11-30 22:18    193 --a------   C:\Documents and Settings\Kris\Application Data\vlc\cache\CACHEDIR.TAG 

---- Directory of C:\videooutput ----



(((((((((((((((((((((((((((((   snapshot@2007-12-07_22.23.26.67   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 11:58:11   140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-27 11:58:11   150,016 ----a-w C:\WINDOWS\catchme.exe
- 2003-03-31 12:00:00   1,004,032   ----a-w C:\WINDOWS\explorer.exe
+ 2003-03-31 12:00:00   1,013,760   ----a-w C:\WINDOWS\explorer.exe
- 2001-12-07 17:32:04   1,081,344   -c--a-w C:\WINDOWS\Help\SBSI\Training\orun32.exe
+ 2001-12-07 17:32:04   1,093,632   -c--a-w C:\WINDOWS\Help\SBSI\Training\orun32.exe
- 2002-11-09 12:47:56   10,752  ----a-w C:\WINDOWS\hh.exe
+ 2002-11-09 12:47:56   20,480  ----a-w C:\WINDOWS\hh.exe
- 2006-10-09 23:27:46   65,536  ----a-r C:\WINDOWS\Installer\{15EE79F4-4ED1-4267-9B0F-351009325D7D}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
+ 2006-10-09 23:27:46   77,824  ----a-r C:\WINDOWS\Installer\{15EE79F4-4ED1-4267-9B0F-351009325D7D}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
- 2006-10-09 23:29:59   65,536  ----a-r C:\WINDOWS\Installer\{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2006-10-09 23:29:59   77,824  ----a-r C:\WINDOWS\Installer\{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
- 2003-12-02 21:19:21   167,936 -c--a-r C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_85BA426DBE00_44A3_969E_C7BDF2F6C986.exe
+ 2003-12-02 21:19:21   180,224 -c--a-r C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_85BA426DBE00_44A3_969E_C7BDF2F6C986.exe
- 2003-12-02 21:19:21   65,536  -c--a-r C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_A003BF363149_4FEF_8E7E_E9C39A5B9A96.exe
+ 2003-12-02 21:19:21   77,824  -c--a-r C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_A003BF363149_4FEF_8E7E_E9C39A5B9A96.exe
- 2003-12-02 21:19:21   65,536  -c--a-r C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_D545A9F0ED09_444B_A962_2628559DCDE6.exe
+ 2003-12-02 21:19:21   77,824  -c--a-r C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_D545A9F0ED09_444B_A962_2628559DCDE6.exe
- 2003-12-02 21:21:27   12,288  -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2003-12-02 21:21:27   22,016  -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2003-12-02 21:21:27   135,168 -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2003-12-02 21:21:27   147,456 -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2003-12-02 21:21:27   11,264  -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2003-12-02 21:21:27   20,992  -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2003-12-02 21:21:27   27,136  -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2003-12-02 21:21:27   36,864  -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2003-12-02 21:21:27   4,096   -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2003-12-02 21:21:27   13,824  -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2003-12-02 21:21:27   794,624 -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2003-12-02 21:21:27   806,912 -c--a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2003-12-02 21:21:27   249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2003-12-02 21:21:27   262,144 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2003-12-02 21:21:27   286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2003-12-02 21:21:27   299,008 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2003-12-02 21:21:27   409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2003-12-02 21:21:27   421,888 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2003-12-02 21:14:47   57,344  -c--a-r C:\WINDOWS\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\joticon.exe
+ 2003-12-02 21:14:47   69,632  -c--a-r C:\WINDOWS\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\joticon.exe
- 2003-02-21 03:19:38   32,768  -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-21 03:19:38   45,056  -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2007-06-17 08:11:58   51,200  ----a-w C:\WINDOWS\NirCmd.exe
+ 2007-06-17 08:11:58   60,928  ----a-w C:\WINDOWS\NirCmd.exe
- 2003-03-31 12:00:00   134,144 ----a-w C:\WINDOWS\regedit.exe
+ 2003-03-31 12:00:00   143,872 ----a-w C:\WINDOWS\regedit.exe
- 2003-08-27 22:20:00   94,208  -c--a-r C:\WINDOWS\SM1bg.exe
+ 2003-08-27 22:20:00   106,496 -c--a-r C:\WINDOWS\SM1bg.exe
- 2003-03-31 12:00:00   375,808 ----a-w C:\WINDOWS\system32\cmd.exe
+ 2003-03-31 12:00:00   385,536 ----a-w C:\WINDOWS\system32\cmd.exe
- 2007-12-08 04:14:19   16,384  ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-08 22:45:30   16,384  ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-08 04:14:19   16,384  ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-08 22:45:30   16,384  ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-08 04:14:19   32,768  ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-08 22:45:30   32,768  ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2003-05-23 21:38:26   106,496 ----a-w C:\WINDOWS\system32\DVDRAMSV.exe
+ 2003-05-23 21:38:26   118,784 ----a-w C:\WINDOWS\system32\DVDRAMSV.exe
- 2003-03-31 12:00:00   504,320 ----a-w C:\WINDOWS\system32\logonui.exe
+ 2003-03-31 12:00:00   514,048 ----a-w C:\WINDOWS\system32\logonui.exe
- 2003-03-31 12:00:00   774,144 ----a-w C:\WINDOWS\system32\mmc.exe
+ 2003-03-31 12:00:00   783,872 ----a-w C:\WINDOWS\system32\mmc.exe
- 2003-03-31 12:00:00   32,768  ----a-w C:\WINDOWS\system32\mnmsrvc.exe
+ 2003-03-31 12:00:00   45,056  ----a-w C:\WINDOWS\system32\mnmsrvc.exe
- 2003-03-31 12:00:00   6,144   ----a-w C:\WINDOWS\system32\msdtc.exe
+ 2003-03-31 12:00:00   15,872  ----a-w C:\WINDOWS\system32\msdtc.exe
- 2003-03-31 12:00:00   126,976 ----a-w C:\WINDOWS\system32\mshearts.exe
+ 2003-03-31 12:00:00   136,704 ----a-w C:\WINDOWS\system32\mshearts.exe
- 2005-05-04 21:45:36   78,848  ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 21:45:36   88,576  ----a-w C:\WINDOWS\system32\msiexec.exe
- 2003-03-31 12:00:00   339,968 ----a-w C:\WINDOWS\system32\mspaint.exe
+ 2003-03-31 12:00:00   349,696 ----a-w C:\WINDOWS\system32\mspaint.exe
- 2003-03-31 12:00:00   388,608 ----a-w C:\WINDOWS\system32\mstsc.exe
+ 2003-03-31 12:00:00   398,336 ----a-w C:\WINDOWS\system32\mstsc.exe
- 2002-11-20 18:50:52   51,200  ----a-w C:\WINDOWS\system32\narrator.exe
+ 2002-11-20 18:50:52   60,928  ----a-w C:\WINDOWS\system32\narrator.exe
- 2003-03-31 12:00:00   39,424  ----a-w C:\WINDOWS\system32\net.exe
+ 2003-03-31 12:00:00   49,152  ----a-w C:\WINDOWS\system32\net.exe
- 2003-03-31 12:00:00   115,200 ----a-w C:\WINDOWS\system32\net1.exe
+ 2003-03-31 12:00:00   124,928 ----a-w C:\WINDOWS\system32\net1.exe
- 2003-03-31 12:00:00   105,984 ----a-w C:\WINDOWS\system32\netdde.exe
+ 2003-03-31 12:00:00   115,712 ----a-w C:\WINDOWS\system32\netdde.exe
- 2003-03-31 12:00:00   66,048  ----a-w C:\WINDOWS\system32\notepad.exe
+ 2003-03-31 12:00:00   75,776  ----a-w C:\WINDOWS\system32\notepad.exe
- 2003-03-31 12:00:00   32,768  ----a-w C:\WINDOWS\system32\odbcad32.exe
+ 2003-03-31 12:00:00   45,056  ----a-w C:\WINDOWS\system32\odbcad32.exe
- 2003-03-14 19:38:12   155,648 ----a-w C:\WINDOWS\system32\RAMASST.exe
+ 2003-03-14 19:38:12   167,936 ----a-w C:\WINDOWS\system32\RAMASST.exe
- 2003-03-31 12:00:00   370,688 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
+ 2003-03-31 12:00:00   380,416 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
- 2003-03-31 12:00:00   19,968  ----a-w C:\WINDOWS\system32\route.exe
+ 2003-03-31 12:00:00   29,696  ----a-w C:\WINDOWS\system32\route.exe
- 2003-03-31 12:00:00   132,608 ----a-w C:\WINDOWS\system32\rsvp.exe
+ 2003-03-31 12:00:00   142,336 ----a-w C:\WINDOWS\system32\rsvp.exe
- 2003-03-31 12:00:00   31,744  ----a-w C:\WINDOWS\system32\rundll32.exe
+ 2003-03-31 12:00:00   41,472  ----a-w C:\WINDOWS\system32\rundll32.exe
- 2003-03-31 12:00:00   93,184  ----a-w C:\WINDOWS\system32\scardsvr.exe
+ 2003-03-31 12:00:00   102,912 ----a-w C:\WINDOWS\system32\scardsvr.exe
- 2003-03-31 12:00:00   129,024 ----a-w C:\WINDOWS\system32\sessmgr.exe
+ 2003-03-31 12:00:00   138,752 ----a-w C:\WINDOWS\system32\sessmgr.exe
- 2003-03-31 12:00:00   33,280  ----a-w C:\WINDOWS\system32\shmgrate.exe
+ 2003-03-31 12:00:00   43,008  ----a-w C:\WINDOWS\system32\shmgrate.exe
- 2003-03-31 12:00:00   82,944  ----a-w C:\WINDOWS\system32\smlogsvc.exe
+ 2003-03-31 12:00:00   92,672  ----a-w C:\WINDOWS\system32\smlogsvc.exe
- 2003-03-31 12:00:00   124,416 ----a-w C:\WINDOWS\system32\sndrec32.exe
+ 2003-03-31 12:00:00   134,144 ----a-w C:\WINDOWS\system32\sndrec32.exe
- 2003-03-31 12:00:00   138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
+ 2003-03-31 12:00:00   148,480 ----a-w C:\WINDOWS\system32\sndvol32.exe
- 2003-03-31 12:00:00   56,832  ----a-w C:\WINDOWS\system32\sol.exe
+ 2003-03-31 12:00:00   66,560  ----a-w C:\WINDOWS\system32\sol.exe
- 2003-03-31 12:00:00   23,552  ----a-w C:\WINDOWS\system32\sort.exe
+ 2003-03-31 12:00:00   33,280  ----a-w C:\WINDOWS\system32\sort.exe
- 2003-03-31 12:00:00   534,016 ----a-w C:\WINDOWS\system32\spider.exe
+ 2003-03-31 12:00:00   543,744 ----a-w C:\WINDOWS\system32\spider.exe
- 2003-03-31 12:00:00   51,200  ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2003-03-31 12:00:00   60,928  ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2007-07-23 02:39:27   279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-23 02:39:27   289,280 ----a-w C:\WINDOWS\system32\swreg.exe
- 2003-03-31 12:00:00   128,512 ----a-w C:\WINDOWS\system32\taskmgr.exe
+ 2003-03-31 12:00:00   138,240 ----a-w C:\WINDOWS\system32\taskmgr.exe
- 2003-03-31 12:00:00   16,384  ----a-w C:\WINDOWS\system32\ups.exe
+ 2003-03-31 12:00:00   26,112  ----a-w C:\WINDOWS\system32\ups.exe
- 2003-03-31 12:00:00   22,016  ----a-w C:\WINDOWS\system32\userinit.exe
+ 2003-03-31 12:00:00   31,744  ----a-w C:\WINDOWS\system32\userinit.exe
- 2002-11-20 19:22:36   230,400 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2002-11-20 19:22:36   240,128 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
- 2003-03-31 12:00:00   47,616  ----a-w C:\WINDOWS\system32\utilman.exe
+ 2003-03-31 12:00:00   57,344  ----a-w C:\WINDOWS\system32\utilman.exe
- 2006-11-27 10:34:46   49,152  ----a-w C:\WINDOWS\system32\VFind.exe
+ 2006-11-27 10:34:46   61,440  ----a-w C:\WINDOWS\system32\VFind.exe
- 2003-03-31 12:00:00   275,456 ----a-w C:\WINDOWS\system32\vssvc.exe
+ 2003-03-31 12:00:00   285,184 ----a-w C:\WINDOWS\system32\vssvc.exe
- 2007-07-01 23:24:45   24,576  ----a-w C:\WINDOWS\system32\VundoFixSVC.exe
+ 2007-07-01 23:24:45   36,864  ----a-w C:\WINDOWS\system32\VundoFixSVC.exe
- 2003-03-31 12:00:00   117,248 ----a-w C:\WINDOWS\system32\wbem\wmiapsrv.exe
+ 2003-03-31 12:00:00   126,976 ----a-w C:\WINDOWS\system32\wbem\wmiapsrv.exe
- 1998-06-12 07:00:00   30,720  ----a-w C:\WINDOWS\system32\WINDBVER.EXE
+ 1998-06-12 07:00:00   40,448  ----a-w C:\WINDOWS\system32\WINDBVER.EXE
- 2003-03-31 12:00:00   119,808 ----a-w C:\WINDOWS\system32\winmine.exe
+ 2003-03-31 12:00:00   129,536 ----a-w C:\WINDOWS\system32\winmine.exe
- 2003-10-14 06:50:15   26,112  ----a-w C:\WINDOWS\system32\xpsp1hfm.exe
+ 2003-10-14 06:50:15   35,840  ----a-w C:\WINDOWS\system32\xpsp1hfm.exe
- 2003-05-16 01:47:22   131,072 -c--a-w C:\WINDOWS\UNINST32.EXE
+ 2003-05-16 01:47:22   143,360 -c--a-w C:\WINDOWS\UNINST32.EXE
- 2003-03-31 12:00:00   266,752 ----a-w C:\WINDOWS\winhlp32.exe
+ 2003-03-31 12:00:00   276,480 ----a-w C:\WINDOWS\winhlp32.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 03:24]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 04:00]
"Veoh"="G:\VeohClient.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-04-21 01:04]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 21:10]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 15:43]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 16:46]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-05-14 10:29]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 13:12]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 11:17]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 14:47]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 17:45]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 09:21]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-12 18:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"!AVG Anti-Spyware"="C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-29 19:23]
"NDSTray.exe"="NDSTray.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 13:23:32]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2003-12-02 14:45:18]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

R1 ECioctl;ECioctl;C:\WINDOWS\System32\Drivers\ECioctl.sys
R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\System32\Drivers\EKIoMngr.sys
R1 SrvcEPIOMngr;SrvcEPIOMngr;C:\WINDOWS\System32\Drivers\EPIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\System32\Drivers\SSIoMngr.sys
R1 SrvcTPIOMngr;SrvcTPIOMngr;C:\WINDOWS\System32\Drivers\TPIoMngr.sys
R2 CSML;Windows Client/Server Management Layer;C:\WINDOWS\system32\csml.exe
R2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\System32\Drivers\LxrSII1d.sys
R2 NET Service;NET Service;"C:\WINDOWS\trkwksvc.exe"
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\System32\Drivers\DKbFltr.sys
R3 EMSCR;EMSCR;C:\WINDOWS\System32\DRIVERS\EMS7SK.sys
R3 EPOWER;Compal E-POWER Driver;C:\WINDOWS\System32\Drivers\hkdrv.sys
R3 ESDCR;ESDCR;C:\WINDOWS\System32\DRIVERS\ESD7SK.sys
R3 ESMCR;ESMCR;C:\WINDOWS\System32\DRIVERS\ESM7SK.sys
S2 wms;Windows Management Service;C:\WINDOWS\System32\wms.exe
S3 mcemgr;mcemgr;\??\C:\WINDOWS\System32\obdwk.sys
S4 Local Service;Local Service;"C:\WINDOWS\chfmon.exe"
S4 Microsoft Hosting Services;Microsoft Hosting Services;"C:\WINDOWS\System32\dllcache\mshosting.exe"
S4 msn_live;msn_live;"C:\WINDOWS\msn_live.exe"

.
Contents of the 'Scheduled Tasks' folder
"2005-12-13 02:28:42 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-12-08 15:04:30
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ... 

C:\WINDOWS\trkwksvc.exe [308] 0x84596320

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-12-08 15:05:17
C:\ComboFix2.txt ... 2007-12-07 22:30
.
    --- E O F ---

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:10 PM, on 12/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\csml.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\trkwksvc.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Kris\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://google.com/[/url]
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [EzButton] "C:\Program Files\EzButton\EzButton.EXE"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "G:\VeohClient.exe" /VeohHide
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Windows Client/Server Management Layer (CSML) - Unknown owner - C:\WINDOWS\system32\csml.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe (file missing)

--
End of file - 6318 bytes

Edited by mike_2000_17: Fixed formatting

0

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:


File::
C:\WINDOWS\system32\wmsoft47850.exe
C:\WINDOWS\system32\wmsoft74468.exe
C:\WINDOWS\system32\wmsoft62428.exe
C:\WINDOWS\system32\wmsoft60042.exe
C:\WINDOWS\system32\wmsoft54812.exe
C:\WINDOWS\system32\xvidcore.dll
C:\WINDOWS\system32\libmp3lame-0.dll
C:\WINDOWS\system32\wmsoft72204.exe
C:\WINDOWS\system32\wmsoft82482.exe
C:\WINDOWS\system32\wmsoft66286.exe
C:\WINDOWS\navaupgv.exe
C:\WINDOWS\navaupgi.exe
C:\WINDOWS\ldapdamonn.exe
C:\WINDOWS\avirtolp.exe
C:\WINDOWS\javirtolp.exe
C:\WINDOWS\javirtopl.exe
C:\WINDOWS\navaupgj.exe
C:\Documents and Settings\Kris\p4ck.exe
C:\WINDOWS\tftp2.exe
C:\WINDOWS\tftp1.exe
C:\WINDOWS\tftp3.exe
C:\WINDOWS\windef32.exe
C:\WINDOWS\windefend.exe
C:\WINDOWS\system32\csml.exe
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\csrml.exe
C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\msfDX.dll
C:\WINDOWS\system32\yv12vfw.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

  • Combofix.txt
  • A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

Okay i did everything you said and these are the results

Combofix log:

ComboFix 07-12-07.3 - Kris 2007-12-08 18:49:50.3 - NTFSx86
Running from: C:\Documents and Settings\Kris\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
 * Created a new restore point

FILE
C:\Documents and Settings\Kris\p4ck.exe
C:\WINDOWS\avirtolp.exe
C:\WINDOWS\javirtolp.exe
C:\WINDOWS\javirtopl.exe
C:\WINDOWS\ldapdamonn.exe
C:\WINDOWS\navaupgi.exe
C:\WINDOWS\navaupgj.exe
C:\WINDOWS\navaupgv.exe
C:\WINDOWS\system32\csml.exe
C:\WINDOWS\system32\csrml.exe
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\libmp3lame-0.dll
C:\WINDOWS\system32\msfDX.dll
C:\WINDOWS\system32\wmsoft47850.exe
C:\WINDOWS\system32\wmsoft54812.exe
C:\WINDOWS\system32\wmsoft60042.exe
C:\WINDOWS\system32\wmsoft62428.exe
C:\WINDOWS\system32\wmsoft66286.exe
C:\WINDOWS\system32\wmsoft72204.exe
C:\WINDOWS\system32\wmsoft74468.exe
C:\WINDOWS\system32\wmsoft82482.exe
C:\WINDOWS\system32\xvidcore.dll
C:\WINDOWS\system32\yv12vfw.dll
C:\WINDOWS\tftp1.exe
C:\WINDOWS\tftp2.exe
C:\WINDOWS\tftp3.exe
C:\WINDOWS\windef32.exe
C:\WINDOWS\windefend.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kris\p4ck.exe
C:\U.exe
C:\WINDOWS\avirtolp.exe
C:\WINDOWS\javirtolp.exe
C:\WINDOWS\javirtopl.exe
C:\WINDOWS\ldapdamonn.exe
C:\WINDOWS\navaupgi.exe
C:\WINDOWS\navaupgj.exe
C:\WINDOWS\navaupgv.exe
C:\WINDOWS\system32\csml.exe
C:\WINDOWS\system32\csrml.exe
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\libmp3lame-0.dll
C:\WINDOWS\system32\msfDX.dll
C:\WINDOWS\system32\wmsoft47850.exe
C:\WINDOWS\system32\wmsoft54812.exe
C:\WINDOWS\system32\wmsoft60042.exe
C:\WINDOWS\system32\wmsoft62428.exe
C:\WINDOWS\system32\wmsoft66286.exe
C:\WINDOWS\system32\wmsoft72204.exe
C:\WINDOWS\system32\wmsoft74468.exe
C:\WINDOWS\system32\wmsoft82482.exe
C:\WINDOWS\system32\xvidcore.dll
C:\WINDOWS\system32\yv12vfw.dll
C:\WINDOWS\tftp1.exe
C:\WINDOWS\tftp2.exe
C:\WINDOWS\tftp3.exe
C:\WINDOWS\windef32.exe
C:\WINDOWS\windefend.exe

.
(((((((((((((((((((((((((   Files Created from 2007-11-09 to 2007-12-09  )))))))))))))))))))))))))))))))
.

2007-12-07 20:15 . 2007-12-07 20:15 <DIR>    d--------   C:\Documents and Settings\Kris\.housecall6.6
2007-12-07 20:14 . 2007-12-07 20:14 79  --a------   C:\WINDOWS\system32\i
2007-12-04 22:58 . 2003-08-25 18:06 182,880 --a------   C:\WINDOWS\system32\iuengine.dll
2007-12-04 22:58 . 2003-08-25 18:06 182,880 --a--c---   C:\WINDOWS\system32\dllcache\iuengine.dll
2007-11-30 21:28 . 2007-11-30 21:28 <DIR>    d--------   C:\WINDOWS\SDFIX
2007-11-20 21:51 . 2007-11-20 21:51 <DIR>    d--------   C:\Documents and Settings\Kris\Application Data\vlc
2007-11-20 21:39 . 2007-11-20 21:39 <DIR>    d--------   C:\videooutput
2007-11-20 21:39 . 2007-03-07 00:45 3,086,336   --a------   C:\WINDOWS\system32\NCMedia.dll
2007-11-20 21:39 . 2007-03-07 00:45 3,086,336   --a------   C:\WINDOWS\system32\flvvideo.dll
2007-11-20 20:40 . 2007-11-20 20:40 <DIR>    d--------   C:\WINDOWS\FLV Player
2007-11-09 15:47 . 2007-11-09 15:47 <DIR>    d--------   C:\Program Files\7-Zip

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 07:09    ---------   d-----w C:\Documents and Settings\Kris\Application Data\uTorrent
2007-12-08 03:59    ---------   d-----w C:\Program Files\InCode Solutions
2007-11-06 05:57    ---------   d-----w C:\Program Files\Ypmbqxze
2007-11-06 02:47    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2007-10-27 00:20    113,537 ----a-w C:\WINDOWS\tftpdf.exe
2007-10-26 01:28    223,232 --sh--r C:\WINDOWS\trkwksvc.exe
2007-10-25 21:58    ---------   d-----w C:\Documents and Settings\Kris\Application Data\Apple Computer
2007-10-24 05:03    ---------   d-----w C:\Program Files\BBLACK
2007-10-20 01:02    ---------   d-----w C:\Program Files\uTorrent
2007-10-14 05:29    ---------   d-----w C:\Program Files\Common Files\xing shared
2007-10-14 05:28    ---------   d-----w C:\Program Files\Common Files\Real
2007-10-14 02:18    ---------   d-----w C:\Program Files\ImgBurn
2007-03-16 05:09    81,920  ----a-w C:\Documents and Settings\Kris\Application Data\ezpinst.exe
2007-03-16 05:09    47,360  ----a-w C:\Documents and Settings\Kris\Application Data\pcouffin.sys
2003-08-27 22:19    36,963  -c--a-r C:\Program Files\Common Files\SM1updtr.dll
2007-08-25 00:41    512,000 --sh--r C:\WINDOWS\cnmtmgr.exe
2005-07-14 19:31    27,648  --sha-r C:\WINDOWS\system32\AVSredirect.dll
2007-05-24 19:46    1,389,960   --sha-w C:\WINDOWS\system32\bccdd.ini2
2004-01-25 07:00    70,656  --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-10-23 21:17    479 --sh--w C:\WINDOWS\system32\wybeg.ini2
.

(((((((((((((((((((((((((((((   snapshot_2007-12-08_15.04.36.65   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-08 22:45:30   16,384  ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-09 02:53:49   16,384  ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-08 22:45:30   16,384  ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-09 02:53:49   16,384  ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-08 22:45:30   32,768  ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-09 02:53:49   32,768  ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-09 01:13:24   54,272  ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OF8X6T2J\1[2].exe
- 2007-12-08 06:13:16   262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-12-09 02:49:37   262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2004-04-21 09:04:00   118,843 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe
+ 2004-04-21 09:04:00   131,131 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 03:24]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 04:00]
"Veoh"="G:\VeohClient.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-04-21 01:04]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 21:10]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 15:43]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 16:46]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-05-14 10:29]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 13:12]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 11:17]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 14:47]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 17:45]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 09:21]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-12 18:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"!AVG Anti-Spyware"="C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-29 19:23]
"NDSTray.exe"="NDSTray.exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 13:23:32]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2003-12-02 14:45:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

R1 ECioctl;ECioctl;C:\WINDOWS\System32\Drivers\ECioctl.sys
R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\System32\Drivers\EKIoMngr.sys
R1 SrvcEPIOMngr;SrvcEPIOMngr;C:\WINDOWS\System32\Drivers\EPIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\System32\Drivers\SSIoMngr.sys
R1 SrvcTPIOMngr;SrvcTPIOMngr;C:\WINDOWS\System32\Drivers\TPIoMngr.sys
R2 CSML;Windows Client/Server Management Layer;C:\WINDOWS\system32\csml.exe
R2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\System32\Drivers\LxrSII1d.sys
R2 NET Service;NET Service;"C:\WINDOWS\trkwksvc.exe"
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\System32\Drivers\DKbFltr.sys
R3 EMSCR;EMSCR;C:\WINDOWS\System32\DRIVERS\EMS7SK.sys
R3 EPOWER;Compal E-POWER Driver;C:\WINDOWS\System32\Drivers\hkdrv.sys
R3 ESDCR;ESDCR;C:\WINDOWS\System32\DRIVERS\ESD7SK.sys
R3 ESMCR;ESMCR;C:\WINDOWS\System32\DRIVERS\ESM7SK.sys
S2 wms;Windows Management Service;C:\WINDOWS\System32\wms.exe
S3 mcemgr;mcemgr;\??\C:\WINDOWS\System32\obdwk.sys
S4 Local Service;Local Service;"C:\WINDOWS\chfmon.exe"
S4 Microsoft Hosting Services;Microsoft Hosting Services;"C:\WINDOWS\System32\dllcache\mshosting.exe"
S4 msn_live;msn_live;"C:\WINDOWS\msn_live.exe"

.
Contents of the 'Scheduled Tasks' folder
"2005-12-13 02:28:42 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

**************************************************************************
.
Completion time: 2007-12-08 18:57:06 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-08 15:05
C:\ComboFix3.txt ... 2007-12-07 22:30
.
    --- E O F ---

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:13 PM, on 12/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Kris\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://google.com/[/url]
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [EzButton] "C:\Program Files\EzButton\EzButton.EXE"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "G:\VeohClient.exe" /VeohHide
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\ewido anti-spyware 4.0\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Windows Client/Server Management Layer (CSML) - Unknown owner - C:\WINDOWS\system32\csml.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe (file missing)

--
End of file - 6500 bytes

Edited by mike_2000_17: Fixed formatting

0

Everything is cool except I have to reinstall my printer on my computer.
Thank you for your help

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.