Member Avatar for Jaxmegaherz

Hello everybody, i'm in desperately in need of help. I have recently acquired some kind of virus/bug/nasty. There is a "VIRUS ALERT!" Warning appears in my system tray. I am unable to access most things in my start bar, and I cannot access control panel or my computer. Also, when I try to Ctrl+Alt+Delete it says task manager has been disabled by my administrator.


Here os my Hijack this log (I tried to download the adware remover that was stickied, but when I tried to run it is said something about the directory being wrong. I used Spyware doctor, and removed some programs, but some of them required a reboot to remove completely, and this wouldn't work, as they kept showing up in subsequent scans)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24: VIRUS ALERT!, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\LANScope Agent\awServ.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\LANScope Agent\LockKM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Jackson Semple\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\World of Warcraft\WoW.exe
C:\Documents and Settings\Jackson Semple\Desktop\HiJackThis(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {22C68FA0-EFA1-4A51-BEB6-3BC607EFE1DB} - C:\WINDOWS\system32\yayXoOiH.dll
O2 - BHO: (no name) - {4F26BEDB-D89B-44A1-948B-5D523292DADF} - C:\WINDOWS\system32\mlJBRIAT.dll
O2 - BHO: QXK Olive - {59EECCC1-DBA9-4125-ADD8-F589B30E74AC} - C:\WINDOWS\boqnrwdmpbe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {84F425A5-6301-47EA-A70B-399060B03D69} - C:\WINDOWS\system32\byXQGvtT.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: atfxqogp - {2681C769-C64A-4C03-BF8B-BF347C3332BA} - C:\WINDOWS\atfxqogp.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [installnet.exe] "C:\Acer\LANScope Agent\Installnet.exe" "C:\Acer\LANScope Agent\
O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\LANScope Agent\awtray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mlJBRIAT - C:\WINDOWS\SYSTEM32\mlJBRIAT.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: vregfwlx - {814A843B-BAB7-4086-A3E6-9FCEF9F3849D} - C:\WINDOWS\vregfwlx.dll
O21 - SSODL: vltdfabw - {5CDC5FE9-61F5-44DD-B3C0-5FB7120E5E39} - C:\WINDOWS\vltdfabw.dll
O21 - SSODL: DriveCheck - {98e84e24-b630-44e8-b444-6f00fc4ccb2f} - C:\WINDOWS\Resources\DriveCheck.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 13765 bytes


The files that kept showing up in my Spyware Doctor scans and wouldn't go away, even after reboot are Trojan.Virtumonde, Adware.Advertising and some tracking cookie thing.

Anyone have any ideas what I can do to fix this? I've tried system resotore (wouldn't work) tried registry resotre after holding f8 at start up, and tried removing as many programs as I could with ad aware, and spyware doctor but the problem persists.

  • 4 Contributors
  • 7 Replies
  • 259 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 7 Replies

Member Avatar for crunchie

Hi and welcome to the Daniweb forums :).

==========

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===================

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

==============

Post new Hijackthis log.

===============

Member Avatar for taylormade

Boy..I hope this is the answer because I got EXACTLY the SAME THING yesterday.

Member Avatar for Jaxmegaherz

Hi I ran the things you said and it seems to be back to normal, I can access my computer etc.

Anyways, heres the logs.

ComboFix 08-06-06.4 - Jackson Semple 2008-06-06 14:57:05.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1135 [GMT -7:00]
Running from: C:\Documents and Settings\Jackson Semple\Desktop\ComboFix.exe
* Created a new restore point


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.


C:\WINDOWS\system32\gkahejdg.ini
C:\WINDOWS\system32\HiOoXyay.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhaltlwc.ini
C:\WINDOWS\system32\mlJBRIAT.dll
C:\WINDOWS\system32\qilgqpti.ini
C:\WINDOWS\system32\vycfjjgu.ini
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\yayXoOiH.dll


.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.


-------\Legacy_MSUPDATE



(((((((((((((((((((((((((   Files Created from 2008-05-06 to 2008-06-06  )))))))))))))))))))))))))))))))
.


2008-06-06 13:46 . 2008-06-06 14:46 <DIR>    d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 13:46 . 2008-06-06 13:46 <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2008-06-06 13:46 . 2008-06-06 13:46 <DIR>    d--------   C:\Documents and Settings\Jackson Semple\Application Data\Malwarebytes
2008-06-06 13:46 . 2008-06-06 13:46 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 13:46 . 2008-06-05 16:04 34,296  --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 13:46 . 2008-06-05 16:04 15,864  --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 12:38 . 2008-06-06 12:53 <DIR>    d--h-----   C:\$AVG8.VAULT$
2008-06-05 21:31 . 2008-06-05 21:34 <DIR>    d--------   C:\WINDOWS\system32\drivers\Avg
2008-06-05 21:31 . 2008-06-05 21:31 <DIR>    d--------   C:\Documents and Settings\Jackson Semple\Application Data\AVGTOOLBAR
2008-06-05 21:31 . 2008-06-05 21:31 96,520  --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-05 21:31 . 2008-06-05 21:31 75,272  --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-05 21:31 . 2008-06-05 21:31 12,424  --a------   C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-05 21:31 . 2008-06-05 21:31 10,520  --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-06-05 21:30 . 2008-06-05 21:30 <DIR>    d--------   C:\Program Files\AVG
2008-06-05 21:30 . 2008-06-05 21:33 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-06-05 19:01 . 2008-06-05 19:01 <DIR>    d--------   C:\Documents and Settings\LocalService\Application Data\HPAppData
2008-06-05 18:40 . 2008-06-05 18:40 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-05 18:40 . 2008-06-05 18:37 159,880 --a------   C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-05 18:37 . 2008-06-05 18:40 <DIR>    d--------   C:\Program Files\Common Files\PC Tools
2008-06-05 18:20 . 2008-06-06 13:37 <DIR>    d--------   C:\Program Files\Spyware Doctor
2008-06-05 18:20 . 2008-06-05 18:20 <DIR>    d--------   C:\Documents and Settings\Jackson Semple\Application Data\PC Tools
2008-06-05 18:20 . 2007-12-10 13:53 81,288  --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-05 18:20 . 2007-12-10 13:53 66,952  --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-05 18:20 . 2008-02-01 11:55 42,376  --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-05 18:20 . 2007-12-10 13:53 29,576  --a------   C:\WINDOWS\system32\drivers\kcom.sys
2008-06-05 18:19 . 2008-06-05 18:19 <DIR>    d--------   C:\Program Files\SpywareBlaster
2008-06-05 18:19 . 2008-06-06 13:37 <DIR>    d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 18:19 . 2005-08-25 18:19 115,920 --a------   C:\WINDOWS\system32\MSINET.OCX
2008-06-01 15:30 . 2008-06-01 15:30 <DIR>    d--------   C:\Program Files\Spybot - Search & Destroy
2008-06-01 15:30 . 2008-06-05 16:14 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-01 15:26 . 2008-06-01 15:26 <DIR>    d--------   C:\Program Files\Lavasoft
2008-06-01 15:26 . 2008-06-01 15:27 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 15:21 . 2008-06-01 15:21 <DIR>    d--------   C:\Program Files\Uniblue
2008-06-01 15:21 . 2008-06-01 15:21 <DIR>    d--------   C:\Documents and Settings\Jackson Semple\Application Data\Uniblue
2008-06-01 15:16 . 2008-06-01 15:16 <DIR>    d--------   C:\Documents and Settings\Jackson Semple\Application Data\Sammsoft
2008-06-01 15:15 . 2008-06-01 15:15 <DIR>    d--------   C:\Program Files\Advanced Registry Optimizer
2008-06-01 14:48 . 2008-03-06 21:32 23,904  --a------   C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-06-01 14:48 . 2008-03-06 21:32 10,537  --a------   C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-06-01 14:48 . 2008-03-06 21:32 706 --a------   C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-05-26 00:00 . 2008-05-26 00:00 <DIR>    d--------   C:\Program Files\Disney
2008-05-16 11:58 . 2008-05-16 11:58 12,632  --a------   C:\WINDOWS\system32\lsdelete.exe
2008-05-13 18:29 . 2008-05-13 18:29 41,296  --a------   C:\WINDOWS\system32\xfcodec.dll
2008-05-07 12:54 . 2008-05-08 04:53 92,672  --a------   C:\economics of race+gender final.doc


.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 21:59    ---------   d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 21:55    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\LimeWire
2008-06-06 21:54    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\skypePM
2008-06-06 21:54    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\Skype
2008-06-06 00:10    ---------   d-----w C:\Program Files\Norton Internet Security
2008-06-06 00:10    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\Xfire
2008-06-06 00:09    ---------   d-----w C:\Program Files\Xfire
2008-06-04 02:21    22,328  ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-01 22:25    ---------   d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-01 21:49    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-01 21:48    805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-01 21:48    123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-01 21:48    10,671  ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-01 21:48    ---------   d-----w C:\Program Files\Symantec
2008-05-14 10:03    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 21:48    ---------   d-----w C:\Program Files\World of Warcraft
2008-05-09 03:14    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\Ventrilo
2008-05-06 21:34    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\U3
2008-04-29 18:20    15,648  ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19    15,648  ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19    12,960  ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-18 06:07    ---------   d-----w C:\Program Files\Windows Live Toolbar
2008-04-18 06:06    ---------   d-----w C:\Program Files\Windows Live Favorites
2008-04-18 06:05    ---------   dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-18 06:05    ---------   d-----w C:\Program Files\Windows Live
2008-04-18 06:02    ---------   d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 22:48    ---------   d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-11 23:25    94,208  ----a-w C:\WINDOWS\DUMP3eed.tmp
2008-02-17 07:57    22,328  ----a-w C:\Documents and Settings\Jackson Semple\Application Data\PnkBstrK.sys
2008-02-02 06:58    32  ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-17 02:10    725,924,282 ----a-w C:\Program Files\WoW-2.3.0-enUS-patch.exe
.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84F425A5-6301-47EA-A70B-399060B03D69}]
C:\WINDOWS\system32\byXQGvtT.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-06-05 21:31    2051328 --a------   C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2681C769-C64A-4C03-BF8B-BF347C3332BA}"= "C:\WINDOWS\atfxqogp.dll" [ ]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-06-05 21:31 2051328]


[HKEY_CLASSES_ROOT\clsid\{2681c769-c64a-4c03-bf8b-bf347c3332ba}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{C2B36911-9CB8-42C8-9F1E-841D4B397F36}]
[HKEY_CLASSES_ROOT\atfxqogp]


[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-17 19:10 21686568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:00 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 13:02 495616]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2008-05-09 09:30 1924736]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 16:36 1923352]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 19:54 49152]
"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 10:14 16384]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 15:56 342528]
"installnet.exe"="C:\Acer\LANScope Agent\Installnet.exe" [ ]
"AdminWorks Tray"="C:\Acer\LANScope Agent\awtray.exe" [2007-05-22 10:59 1459992]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 00:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22 26248]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-03 22:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:00 455168]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 14:08 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 09:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 23:26 68640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 23:17 52256]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-06 22:51 8523776]
"nwiz"="nwiz.exe" [2007-12-06 22:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-06 22:51 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-05 21:30 1177368]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]


C:\Documents and Settings\Jackson Semple\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 14:32:57 147456]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-13 18:29:28 3007824]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-09-12 18:02:30 45056]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\edF74.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ncN70.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci73.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windf54.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windm06.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winey34.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjg65.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr57.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winoc60.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winow80.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrm43.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuv35.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl78.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winyc08.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port


R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-05 21:31]
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 00:55]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-05 21:31]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2007-08-15 15:17]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-05 18:37]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-05 21:30]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-05 21:31]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [2006-06-08 17:54]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [2006-06-06 18:36]
R2 LockServ;LockServ;C:\Acer\Empowering Technology\eLock\LockServ.exe [2006-06-28 17:01]
R2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys [2006-10-03 11:03]
R2 netlock;netlock;C:\WINDOWS\system32\drivers\netlock.sys [2007-05-30 15:30]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2007-06-12 20:29]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2006-11-08 21:13]
S0 edF74;edF74;C:\WINDOWS\system32\Drivers\edF74.sys []
S0 ncN70;ncN70;C:\WINDOWS\system32\Drivers\ncN70.sys []
S0 Winci73;Winci73;C:\WINDOWS\system32\Drivers\Winci73.sys []
S0 Windf54;Windf54;C:\WINDOWS\system32\Drivers\Windf54.sys []
S0 Winjg65;Winjg65;C:\WINDOWS\system32\Drivers\Winjg65.sys []
S0 Winmr57;Winmr57;C:\WINDOWS\system32\Drivers\Winmr57.sys []
S0 Winoc60;Winoc60;C:\WINDOWS\system32\Drivers\Winoc60.sys []
S0 Winow80;Winow80;C:\WINDOWS\system32\Drivers\Winow80.sys []
S0 Winrm43;Winrm43;C:\WINDOWS\system32\Drivers\Winrm43.sys []
S0 Winvl78;Winvl78;C:\WINDOWS\system32\Drivers\Winvl78.sys []
S3 Acer ODDSpeedControl;Acer ODDSpeedControl;"C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe" [2005-02-15 09:02]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S3 PciCon;PciCon;E:\PciCon.sys [2007-02-13 22:32]
S3 Windm06;Windm06;C:\WINDOWS\System32\drivers\Windm06.sys []
S3 Winey34;Winey34;C:\WINDOWS\System32\drivers\Winey34.sys []
S3 Winuv35;Winuv35;C:\WINDOWS\System32\drivers\Winuv35.sys []


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ    hpqcxs08 hpqddsvc


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 16:07:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-06 21:31:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-31 09:31:06 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Jackson Semple.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************


catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 15:02:04
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Acer\LANScope Agent\awServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Acer\LANScope Agent\lockkm.exe
.
**************************************************************************
.
Completion time: 2008-06-06 15:10:44 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-06 22:10:37


Pre-Run: 40,767,078,400 bytes free
Post-Run: 41,106,882,560 bytes free


318 --- E O F ---   2008-06-01 10:01:08


============================================================


ComboFix 08-06-06.4 - Jackson Semple 2008-06-06 14:57:05.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1135 [GMT -7:00]
Running from: C:\Documents and Settings\Jackson Semple\Desktop\ComboFix.exe
* Created a new restore point


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.


C:\WINDOWS\system32\gkahejdg.ini
C:\WINDOWS\system32\HiOoXyay.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhaltlwc.ini
C:\WINDOWS\system32\mlJBRIAT.dll
C:\WINDOWS\system32\qilgqpti.ini
C:\WINDOWS\system32\vycfjjgu.ini
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\yayXoOiH.dll


.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.


-------\Legacy_MSUPDATE



(((((((((((((((((((((((((   Files Created from 2008-05-06 to 2008-06-06  )))))))))))))))))))))))))))))))
.


2008-06-06 13:46 . 2008-06-06 14:46 <DIR>    d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 13:46 . 2008-06-06 13:46 <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2008-06-06 13:46 . 2008-06-06 13:46 <DIR>    d--------   C:\Documents and Settings\Jackson Semple\Application Data\Malwarebytes
2008-06-06 13:46 . 2008-06-06 13:46 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 13:46 . 2008-06-05 16:04 34,296  --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 13:46 . 2008-06-05 16:04 15,864  --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 12:38 . 2008-06-06 12:53 <DIR>    d--h-----   C:\$AVG8.VAULT$
2008-06-05 21:31 . 2008-06-05 21:34 <DIR>    d--------   C:\WINDOWS\system32\drivers\Avg
2008-06-05 21:31 . 2008-06-05 21:31 <DIR>    d--------   C:\Documents and Settings\Jackson Semple\Application Data\AVGTOOLBAR
2008-06-05 21:31 . 2008-06-05 21:31 96,520  --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-05 21:31 . 2008-06-05 21:31 75,272  --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-05 21:31 . 2008-06-05 21:31 12,424  --a------   C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-05 21:31 . 2008-06-05 21:31 10,520  --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-06-05 21:30 . 2008-06-05 21:30 <DIR>    d--------   C:\Program Files\AVG
2008-06-05 21:30 . 2008-06-05 21:33 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-06-05 19:01 . 2008-06-05 19:01 <DIR>    d--------   C:\Documents and Settings\LocalService\Application Data\HPAppData
2008-06-05 18:40 . 2008-06-05 18:40 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-05 18:40 . 2008-06-05 18:37 159,880 --a------   C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-05 18:37 . 2008-06-05 18:40 <DIR>    d--------   C:\Program Files\Common Files\PC Tools
2008-06-05 18:20 . 2008-06-06 13:37 <DIR>    d--------   C:\Program Files\Spyware Doctor
2008-06-05 18:20 . 2008-06-05 18:20 <DIR>    d--------   C:\Documents and Settings\Jackson Semple\Application Data\PC Tools
2008-06-05 18:20 . 2007-12-10 13:53 81,288  --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-05 18:20 . 2007-12-10 13:53 66,952  --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-05 18:20 . 2008-02-01 11:55 42,376  --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-05 18:20 . 2007-12-10 13:53 29,576  --a------   C:\WINDOWS\system32\drivers\kcom.sys
2008-06-05 18:19 . 2008-06-05 18:19 <DIR>    d--------   C:\Program Files\SpywareBlaster
2008-06-05 18:19 . 2008-06-06 13:37 <DIR>    d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 18:19 . 2005-08-25 18:19 115,920 --a------   C:\WINDOWS\system32\MSINET.OCX
2008-06-01 15:30 . 2008-06-01 15:30 <DIR>    d--------   C:\Program Files\Spybot - Search & Destroy
2008-06-01 15:30 . 2008-06-05 16:14 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-01 15:26 . 2008-06-01 15:26 <DIR>    d--------   C:\Program Files\Lavasoft
2008-06-01 15:26 . 2008-06-01 15:27 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 15:21 . 2008-06-01 15:21 <DIR>    d--------   C:\Program Files\Uniblue
2008-06-01 15:21 . 2008-06-01 15:21 <DIR>    d--------   C:\Documents and Settings\Jackson Semple\Application Data\Uniblue
2008-06-01 15:16 . 2008-06-01 15:16 <DIR>    d--------   C:\Documents and Settings\Jackson Semple\Application Data\Sammsoft
2008-06-01 15:15 . 2008-06-01 15:15 <DIR>    d--------   C:\Program Files\Advanced Registry Optimizer
2008-06-01 14:48 . 2008-03-06 21:32 23,904  --a------   C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-06-01 14:48 . 2008-03-06 21:32 10,537  --a------   C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-06-01 14:48 . 2008-03-06 21:32 706 --a------   C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-05-26 00:00 . 2008-05-26 00:00 <DIR>    d--------   C:\Program Files\Disney
2008-05-16 11:58 . 2008-05-16 11:58 12,632  --a------   C:\WINDOWS\system32\lsdelete.exe
2008-05-13 18:29 . 2008-05-13 18:29 41,296  --a------   C:\WINDOWS\system32\xfcodec.dll
2008-05-07 12:54 . 2008-05-08 04:53 92,672  --a------   C:\economics of race+gender final.doc


.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 21:59    ---------   d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 21:55    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\LimeWire
2008-06-06 21:54    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\skypePM
2008-06-06 21:54    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\Skype
2008-06-06 00:10    ---------   d-----w C:\Program Files\Norton Internet Security
2008-06-06 00:10    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\Xfire
2008-06-06 00:09    ---------   d-----w C:\Program Files\Xfire
2008-06-04 02:21    22,328  ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-01 22:25    ---------   d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-01 21:49    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-01 21:48    805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-01 21:48    123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-01 21:48    10,671  ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-01 21:48    ---------   d-----w C:\Program Files\Symantec
2008-05-14 10:03    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 21:48    ---------   d-----w C:\Program Files\World of Warcraft
2008-05-09 03:14    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\Ventrilo
2008-05-06 21:34    ---------   d-----w C:\Documents and Settings\Jackson Semple\Application Data\U3
2008-04-29 18:20    15,648  ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19    15,648  ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19    12,960  ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-18 06:07    ---------   d-----w C:\Program Files\Windows Live Toolbar
2008-04-18 06:06    ---------   d-----w C:\Program Files\Windows Live Favorites
2008-04-18 06:05    ---------   dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-18 06:05    ---------   d-----w C:\Program Files\Windows Live
2008-04-18 06:02    ---------   d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 22:48    ---------   d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-11 23:25    94,208  ----a-w C:\WINDOWS\DUMP3eed.tmp
2008-02-17 07:57    22,328  ----a-w C:\Documents and Settings\Jackson Semple\Application Data\PnkBstrK.sys
2008-02-02 06:58    32  ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-17 02:10    725,924,282 ----a-w C:\Program Files\WoW-2.3.0-enUS-patch.exe
.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84F425A5-6301-47EA-A70B-399060B03D69}]
C:\WINDOWS\system32\byXQGvtT.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-06-05 21:31    2051328 --a------   C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2681C769-C64A-4C03-BF8B-BF347C3332BA}"= "C:\WINDOWS\atfxqogp.dll" [ ]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-06-05 21:31 2051328]


[HKEY_CLASSES_ROOT\clsid\{2681c769-c64a-4c03-bf8b-bf347c3332ba}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{C2B36911-9CB8-42C8-9F1E-841D4B397F36}]
[HKEY_CLASSES_ROOT\atfxqogp]


[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-17 19:10 21686568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:00 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 13:02 495616]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2008-05-09 09:30 1924736]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 16:36 1923352]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 19:54 49152]
"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 10:14 16384]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 15:56 342528]
"installnet.exe"="C:\Acer\LANScope Agent\Installnet.exe" [ ]
"AdminWorks Tray"="C:\Acer\LANScope Agent\awtray.exe" [2007-05-22 10:59 1459992]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 00:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22 26248]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-03 22:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:00 455168]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 14:08 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 09:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 23:26 68640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 23:17 52256]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-06 22:51 8523776]
"nwiz"="nwiz.exe" [2007-12-06 22:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-06 22:51 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-05 21:30 1177368]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]


C:\Documents and Settings\Jackson Semple\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 14:32:57 147456]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-13 18:29:28 3007824]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-09-12 18:02:30 45056]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\edF74.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ncN70.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci73.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windf54.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windm06.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winey34.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjg65.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr57.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winoc60.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winow80.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrm43.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuv35.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl78.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winyc08.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port


R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-05 21:31]
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 00:55]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-05 21:31]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2007-08-15 15:17]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-05 18:37]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-05 21:30]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-05 21:31]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [2006-06-08 17:54]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [2006-06-06 18:36]
R2 LockServ;LockServ;C:\Acer\Empowering Technology\eLock\LockServ.exe [2006-06-28 17:01]
R2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys [2006-10-03 11:03]
R2 netlock;netlock;C:\WINDOWS\system32\drivers\netlock.sys [2007-05-30 15:30]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2007-06-12 20:29]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2006-11-08 21:13]
S0 edF74;edF74;C:\WINDOWS\system32\Drivers\edF74.sys []
S0 ncN70;ncN70;C:\WINDOWS\system32\Drivers\ncN70.sys []
S0 Winci73;Winci73;C:\WINDOWS\system32\Drivers\Winci73.sys []
S0 Windf54;Windf54;C:\WINDOWS\system32\Drivers\Windf54.sys []
S0 Winjg65;Winjg65;C:\WINDOWS\system32\Drivers\Winjg65.sys []
S0 Winmr57;Winmr57;C:\WINDOWS\system32\Drivers\Winmr57.sys []
S0 Winoc60;Winoc60;C:\WINDOWS\system32\Drivers\Winoc60.sys []
S0 Winow80;Winow80;C:\WINDOWS\system32\Drivers\Winow80.sys []
S0 Winrm43;Winrm43;C:\WINDOWS\system32\Drivers\Winrm43.sys []
S0 Winvl78;Winvl78;C:\WINDOWS\system32\Drivers\Winvl78.sys []
S3 Acer ODDSpeedControl;Acer ODDSpeedControl;"C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe" [2005-02-15 09:02]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S3 PciCon;PciCon;E:\PciCon.sys [2007-02-13 22:32]
S3 Windm06;Windm06;C:\WINDOWS\System32\drivers\Windm06.sys []
S3 Winey34;Winey34;C:\WINDOWS\System32\drivers\Winey34.sys []
S3 Winuv35;Winuv35;C:\WINDOWS\System32\drivers\Winuv35.sys []


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ    hpqcxs08 hpqddsvc


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 16:07:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-06 21:31:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-31 09:31:06 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Jackson Semple.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************


catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 15:02:04
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Acer\LANScope Agent\awServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Acer\LANScope Agent\lockkm.exe
.
**************************************************************************
.
Completion time: 2008-06-06 15:10:44 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-06 22:10:37


Pre-Run: 40,767,078,400 bytes free
Post-Run: 41,106,882,560 bytes free


318 --- E O F ---   2008-06-01 10:01:08


============================================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:16:07, on 06/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\LANScope Agent\awtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Acer\LANScope Agent\awServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Acer\LANScope Agent\LockKM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Documents and Settings\Jackson Semple\Desktop\HiJackThis(2).exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {84F425A5-6301-47EA-A70B-399060B03D69} - C:\WINDOWS\system32\byXQGvtT.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: atfxqogp - {2681C769-C64A-4C03-BF8B-BF347C3332BA} - C:\WINDOWS\atfxqogp.dll (file missing)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [installnet.exe] "C:\Acer\LANScope Agent\Installnet.exe" "C:\Acer\LANScope Agent\
O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\LANScope Agent\awtray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--
End of file - 13964 bytes

Thanks for the help, ill check abck to see if thers anything else I need to do :)

Edited by happygeek because: fixed formatting
Member Avatar for crunchie

Thanks for the help, ill check abck to see if thers anything else I need to do :)

Yep, unstead of posting two identical combofix logs, you can post the MBAM log :D.

====

Can you please do the following.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {84F425A5-6301-47EA-A70B-399060B03D69} - C:\WINDOWS\system32\byXQGvtT.dll (file missing)

O3 - Toolbar: atfxqogp - {2681C769-C64A-4C03-BF8B-BF347C3332BA} - C:\WINDOWS\atfxqogp.dll (file missing)

O4 - Global Startup: Acer Empowering Technology.lnk = ?


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

Member Avatar for denire

Hi there! When task manager, registry, folder options,ctrl+alt+del options were disabled by a virus. But before anything else i would suggest scanning your hard drive with other PC. And then booting it to your system again, and then run gpedit.msc it is found in windows/system32 there you can enabled what has been disabled by the virus.

Member Avatar for Jaxmegaherz

For some reason the thread cuts off somewhere towards the end of my second post and I cant see any replies beyond that. :'(

Member Avatar for crunchie

Try refreshing the page or using another browser. Which post can you see to?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.