Jump to content


Photo

Help! Infected


  • This topic is locked This topic is locked
10 replies to this topic

#1 Parallel Pain

Parallel Pain

    Member

  • Members
  • PipPip
  • 11 posts

Posted 26 September 2008 - 05:04 AM

Hi I've accidentally downloaded something

Now about half my desktop icons are gone, my desk top completely covered by some white thing, I'm locked out of task manager, start menu all messed up with no search or run or program files amongst other stuff, my computer is also messed up and not showing the hard drive.

Fortunately no file seem to be damaged or deleted (besides the desktop icons). But once every couple of minutes some notice about spyware/virus attack and something called "worm.win32.netbooster" kept popping up.

I have fiddled around and scanned for virus and spyware 2 ~ 3 times each with AVG and Ad-Aware respectively. I've also fiddled around the internet trying to find answers and it seems to not be the usual worm.win32.netbooster that people have solved, as the .dll files it install are not found on my computer. After some fiddling I did delete anything suspicious I found that was created during the same instant at or after the infection. I've deleted lots of desktop icons it kept installing, some execution files (all start with YUR, there's one YUR42.exe I can't delete, and the others seem to slowly get installed back), and went into safe mode and deleted 4 .dll files: rwlfsdmk.dll, onfwbsak.dll, peltodgx.dll, and dfmlxbpkqvd.dll.

Now the pop ups don't pop up and desktop icons are no long being installed, but once every couple hours AVG catch something trying to extract and execute something named 0.exe. All other problems STILL remain.

Here's my logs:

-----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05: VIRUS ALERT!, on 25/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\YUR42.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\FRAPS\FRAPS.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QXK Olive - {3B020928-1C28-4C7A-9889-3D0B5926381A} - C:\WINDOWS\dfmlxbpkqvd.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: peltodgx - {1C67BD5F-A9EA-4FD0-A1D8-0AD71E86D48A} - C:\WINDOWS\peltodgx.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [\YUR32.exe] C:\Windows\system32\YUR32.exe
O4 - HKLM\..\Run: [\YUR33.exe] C:\Windows\system32\YUR33.exe
O4 - HKLM\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe
O4 - HKLM\..\Run: [\YUR43.exe] C:\Windows\system32\YUR43.exe
O4 - HKLM\..\Run: [\YUR7DD.exe] C:\Windows\system32\YUR7DD.exe
O4 - HKLM\..\Run: [\YUR819.exe] C:\Windows\system32\YUR819.exe
O4 - HKLM\..\Run: [\YUR945.exe] C:\Windows\system32\YUR945.exe
O4 - HKLM\..\Run: [\YURD2D.exe] C:\Windows\system32\YURD2D.exe
O4 - HKLM\..\Run: [\YUR1150.exe] C:\Windows\system32\YUR1150.exe
O4 - HKLM\..\Run: [\YUR1280.exe] C:\Windows\system32\YUR1280.exe
O4 - HKLM\..\Run: [\YUR1A65.exe] C:\Windows\system32\YUR1A65.exe
O4 - HKLM\..\Run: [\YUR1BC6.exe] C:\Windows\system32\YUR1BC6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [\YUR32.exe] C:\Windows\system32\YUR32.exe
O4 - HKCU\..\Run: [\YUR33.exe] C:\Windows\system32\YUR33.exe
O4 - HKCU\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe
O4 - HKCU\..\Run: [\YUR43.exe] C:\Windows\system32\YUR43.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [\YUR7DD.exe] C:\Windows\system32\YUR7DD.exe
O4 - HKCU\..\Run: [\YUR819.exe] C:\Windows\system32\YUR819.exe
O4 - HKCU\..\Run: [\YUR945.exe] C:\Windows\system32\YUR945.exe
O4 - HKCU\..\Run: [\YURD2D.exe] C:\Windows\system32\YURD2D.exe
O4 - HKCU\..\Run: [\YUR1150.exe] C:\Windows\system32\YUR1150.exe
O4 - HKCU\..\Run: [\YUR1280.exe] C:\Windows\system32\YUR1280.exe
O4 - HKCU\..\Run: [\YUR1A65.exe] C:\Windows\system32\YUR1A65.exe
O4 - HKCU\..\Run: [\YUR1BC6.exe] C:\Windows\system32\YUR1BC6.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: onfwbsak - {11A37DE9-63B3-4E7F-9D53-497D5C39C32E} - C:\WINDOWS\onfwbsak.dll (file missing)
O21 - SSODL: rwlfsdmk - {AE8D8175-EBBD-4E04-A497-DB3ECF836F6C} - C:\WINDOWS\rwlfsdmk.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9746 bytes
------------------------------------------------------

And I seem to be unable to upload my Ad-Aware log. The following appear below when I tried.
"Upload failed. You are not permitted to upload this type of file"

#2 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 26 September 2008 - 06:25 AM

Hi,

First of all, please read this post and perform the steps mentioned there: VirusAlert! in clock and how to restore it

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#3 Parallel Pain

Parallel Pain

    Member

  • Members
  • PipPip
  • 11 posts

Posted 26 September 2008 - 07:49 AM

Hi

I really want to follow the instructions. The problem is this virus/trojan thing also disabled my run option in the start menu and somehow made it so I don't have administrator powers so I can't access task manager. I know where to find regedit but the other stuff that require me to use run I don't know where to find =(

#4 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 26 September 2008 - 07:58 AM

It appears that you didn't read the blogpost properly.

This is what it says there:

(Extra note: In case you're having problems with above instructions, see the latest part of this post how to restore the policies first.)

If you read further, then you can see a description of your problem and how to fix it.

So this means that you have to use this file first: http://users.telenet...orepolicies.zip
Unzip it. Then RIGHTCLICK the VArestorepolicies.inf and select to Install from the Context menu.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#5 Parallel Pain

Parallel Pain

    Member

  • Members
  • PipPip
  • 11 posts

Posted 26 September 2008 - 08:32 AM

Uaaaaaaaaaaaaaaa so embarrassing sorry sorry thank you thank you

Combofix worked like charm now it seems everythings working fine ^^

Here's the Hijackthis log:

---------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:46 AM, on 26/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\YUR42.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7235 bytes
--------------------------------------------





Here's the Combofix log
-------------------------------------------------
ComboFix 08-09-25.05 - Parallel Pain 2008-09-26 0:48:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.559 [GMT -7:00]
Running from: C:\Documents and Settings\Parallel Pain\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Parallel Pain\Cookies\the ram@ad.yieldmanager[2].txt
C:\Documents and Settings\Parallel Pain\Cookies\the ram@ehg.fedex[1].txt
C:\Documents and Settings\Parallel Pain\Cookies\the ram@forum.ncix[2].txt
C:\Documents and Settings\Parallel Pain\Cookies\the ram@secure.ncix[1].txt
C:\Documents and Settings\Parallel Pain\Cookies\the ram@spamblockerutility[2].txt
C:\Documents and Settings\Parallel Pain\Cookies\the ram@www.directcanada[2].txt

.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-25 23:48 . 2008-09-25 23:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-09-25 21:05 . 2008-09-25 21:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-24 23:07 . 2008-09-24 23:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-24 21:15 . 2008-09-24 23:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-09-24 18:35 . 2008-09-24 02:13 74,752 --a------ C:\WINDOWS\system32\YUR42.exe
2008-09-23 17:32 . 2008-09-23 17:32 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.9.9 build 668
2008-09-23 17:32 . 2008-09-24 21:11 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 12
2008-09-23 02:32 . 2008-09-23 03:04 <DIR> d-------- C:\Program Files\foobar2000
2008-09-23 02:32 . 2008-09-23 10:28 <DIR> d-------- C:\Documents and Settings\Parallel Pain\Application Data\foobar2000
2008-09-15 13:24 . 2008-09-15 13:24 <DIR> d-------- C:\Documents and Settings\Parallel Pain\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-13 11:40 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-13 11:40 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-13 11:40 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-13 03:04 . 2008-09-24 21:32 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-13 00:14 . 2008-09-13 00:14 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-09-13 00:13 . 2008-09-13 00:13 <DIR> d-------- C:\Documents and Settings\Parallel Pain\Application Data\Nero
2008-09-13 00:09 . 2008-09-13 00:11 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-13 00:09 . 2008-09-13 00:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-09-13 00:07 . 2008-09-13 00:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 00:07 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-13 00:07 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-13 00:02 . 2008-09-13 00:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-09-12 23:14 . 2008-09-12 23:14 0 --a------ C:\WINDOWS\Irremote.ini
2008-09-12 23:03 . 2007-01-10 03:55 624,640 --a------ C:\WINDOWS\UIT3D.tmp
2008-09-12 23:03 . 2008-09-12 23:03 36 --a------ C:\WINDOWS\WININIT.INI
2008-09-12 23:02 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-12 22:33 . 2006-02-24 07:37 5,513 --a------ C:\WINDOWS\system32\drivers\musm3gld.sys
2008-09-12 20:20 . 2008-09-12 20:20 25 --a------ C:\WINDOWS\cdplayer.ini
2008-09-12 20:19 . 2008-09-12 20:19 <DIR> d-------- C:\Program Files\Real
2008-09-12 20:19 . 2008-09-12 20:19 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-12 20:19 . 2008-09-12 20:19 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-12 20:19 . 2008-09-12 20:19 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-09-12 20:18 . 2008-09-26 00:34 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-09-12 19:17 . 2007-05-17 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-09-12 19:02 . 2008-09-13 15:36 1,012 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-09-12 19:00 . 2008-09-12 20:16 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-12 18:56 . 2008-09-12 18:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-09-12 18:56 . 2008-09-12 18:56 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-09-12 18:40 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-09-12 18:10 . 2008-09-12 18:10 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-12 18:10 . 2008-09-12 18:10 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-12 18:10 . 2008-09-12 18:10 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-12 18:10 . 2008-09-12 18:10 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-12 18:04 . 2008-09-12 18:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-12 17:43 . 2008-09-12 17:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-09-12 17:33 . 2008-09-12 17:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-09-12 17:20 . 2008-09-12 17:20 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-12 17:16 . 2008-09-12 18:31 <DIR> d-------- C:\Program Files\NOS
2008-09-12 17:16 . 2008-09-12 18:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2008-09-12 17:16 . 2008-09-12 17:16 244 --ah----- C:\sqmnoopt17.sqm
2008-09-12 17:16 . 2008-09-12 17:16 232 --ah----- C:\sqmdata17.sqm
2008-09-12 17:11 . 2008-09-12 17:11 244 --ah----- C:\sqmnoopt16.sqm
2008-09-12 17:11 . 2008-09-12 17:11 232 --ah----- C:\sqmdata16.sqm
2008-09-12 17:10 . 2008-09-12 17:22 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-12 17:09 . 2008-09-12 17:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-09-12 17:07 . 2008-09-12 17:07 244 --ah----- C:\sqmnoopt15.sqm
2008-09-12 17:07 . 2008-09-12 17:07 232 --ah----- C:\sqmdata15.sqm
2008-09-12 16:34 . 2008-09-12 16:35 <DIR> d-------- C:\a17d928ff692145ca001
2008-09-12 16:23 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-12 16:23 . 2008-09-12 16:23 376 --a------ C:\WINDOWS\ODBC.INI
2008-09-12 16:10 . 2008-09-12 17:40 408 --a------ C:\WINDOWS\NJCOM.INI
2008-09-12 15:59 . 2008-09-12 15:59 244 --ah----- C:\sqmnoopt14.sqm
2008-09-12 15:59 . 2008-09-12 15:59 232 --ah----- C:\sqmdata14.sqm
2008-09-12 15:56 . 2008-09-12 15:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-09-12 15:56 . 2008-09-14 12:25 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-12 15:56 . 2008-09-14 12:25 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-12 15:56 . 2008-09-14 12:25 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-12 15:52 . 2008-09-12 15:52 2,048 --a------ C:\WINDOWS\system32\alsign.sig
2008-09-12 15:37 . 2008-04-13 17:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-12 15:36 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-12 15:21 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-12 15:21 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-12 15:21 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-12 15:20 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-12 15:07 . 2005-03-09 15:53 41,984 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-09-12 15:06 . 2001-09-11 15:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2008-09-12 15:06 . 2001-09-18 22:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2008-09-12 15:06 . 2005-08-10 22:49 393,088 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-09-12 15:06 . 2005-10-05 02:21 141,312 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-09-12 15:06 . 2005-03-04 05:53 127,872 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-09-12 15:06 . 2003-08-19 04:36 65,536 -ra------ C:\WINDOWS\system32\a3d.dll
2008-09-12 15:06 . 2005-05-04 09:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2008-09-12 15:06 . 2005-09-26 16:20 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2008-09-12 15:06 . 2002-04-17 15:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2008-09-12 15:06 . 2005-06-21 19:11 23,552 -ra------ C:\WINDOWS\system32\PostProc.dll
2008-09-12 15:05 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-12 15:00 . 2008-09-12 15:00 18,726 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-09-12 15:00 . 2004-08-12 19:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-09-12 14:59 . 2000-03-29 07:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-09-12 14:57 . 2008-09-12 14:57 <DIR> d-------- C:\Program Files\VID_0E8F&PID_0003
2008-09-12 14:56 . 2008-09-12 14:56 <DIR> d-------- C:\Program Files\My Company Name
2008-09-12 14:53 . 2007-04-18 05:19 1,311,202 --a------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2008-09-12 14:53 . 2007-05-17 18:58 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-09-12 14:53 . 2007-04-05 11:15 144,357 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-09-12 14:53 . 2007-05-17 20:57 43,136 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2008-09-12 14:53 . 2007-04-03 16:05 7,069 --a------ C:\WINDOWS\system32\atifglpf.xml
2008-09-12 14:53 . 2006-08-23 14:26 2,096 --a------ C:\WINDOWS\system32\drivers\ativckxx.vp
2008-09-12 14:53 . 2007-04-18 05:19 929 --a------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2008-09-12 14:48 . 2006-05-14 23:18 12,416 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2008-09-12 13:57 . 2008-09-12 13:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-12 13:39 . 2008-09-24 21:21 <DIR> d-------- C:\Documents and Settings\Parallel Pain
2008-09-12 13:38 . 2008-09-12 13:38 <DIR> d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY
2008-09-12 13:37 . 2008-09-12 13:37 <DIR> d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY
2008-09-12 13:37 . 2008-09-12 13:37 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-09-12 13:34 . 2004-08-03 18:07 514,587 --a--c--- C:\WINDOWS\system32\dllcache\edb500.dll
2008-09-12 13:33 . 2008-09-12 16:35 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-09-12 13:32 . 2008-09-12 16:35 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-09-12 13:31 . 2004-08-03 18:07 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-09-12 13:31 . 2008-09-12 13:31 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-09-12 13:31 . 2008-09-12 13:31 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-12 13:29 . 2004-08-03 18:07 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2008-09-12 13:28 . 2008-04-13 17:11 2,061,824 --a------ C:\WINDOWS\system32\mstscax.dll
2008-09-12 06:22 . 2004-08-03 18:07 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-09-12 06:21 . 2008-04-13 17:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-12 06:19 . 2008-04-13 11:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-09-12 06:18 . 2008-04-13 12:19 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-09-12 06:18 . 2008-04-13 17:12 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-09-12 06:18 . 2008-04-13 11:45 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-09-12 06:18 . 2008-04-13 11:40 57,600 --a------ C:\WINDOWS\system32\drivers\redbook.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 06:03 --------- d-----w C:\Documents and Settings\Parallel Pain\Application Data\Lavasoft
2008-09-25 05:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 00:34 --------- d-----w C:\Program Files\Easy CD-DA Extractor 10
2008-09-23 17:32 --------- d-----w C:\Program Files\eMule
2008-09-23 17:20 --------- d-----w C:\Program Files\Monkey's Audio
2008-09-23 09:24 --------- d-----w C:\Program Files\AV Music Morpher Gold
2008-09-13 13:58 --------- d-----w C:\Program Files\GameSpy Arcade
2008-09-13 08:25 --------- d-----w C:\Program Files\EB Documentation
2008-09-13 08:24 --------- d-----w C:\Program Files\Recruitment Viewer
2008-09-13 08:24 --------- d-----w C:\Program Files\EBTrivialScript
2008-09-13 08:24 --------- d-----w C:\Documents and Settings\Parallel Pain\Application Data\Recruitment Viewer
2008-09-13 08:07 --------- d-----w C:\Program Files\Paradox Interactive
2008-09-13 07:20 --------- d-----w C:\Program Files\Nero
2008-09-13 07:07 --------- d-----w C:\Program Files\iTunes
2008-09-13 07:05 --------- d-----w C:\Program Files\Bonjour
2008-09-13 07:04 --------- d-----w C:\Program Files\QuickTime
2008-09-13 07:01 --------- d-----w C:\Program Files\Apple Software Update
2008-09-13 03:40 --------- d-----w C:\Program Files\DAEMON Tools
2008-09-13 03:19 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-13 01:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-13 01:59 --------- d-----w C:\Documents and Settings\Parallel Pain\Application Data\Hamachi
2008-09-13 01:28 --------- d-----w C:\Program Files\Winamp
2008-09-13 00:46 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-13 00:44 --------- d-----w C:\Program Files\DivX
2008-09-13 00:29 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-13 00:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-13 00:09 --------- d-----w C:\Program Files\Windows Live
2008-09-12 22:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-12 22:07 --------- d-----w C:\Program Files\AMD
2008-09-03 01:59 --------- d-----w C:\Program Files\MSN Messenger
2008-08-18 08:36 --------- d-----w C:\Documents and Settings\Parallel Pain\Application Data\Mount&Blade
2008-08-14 22:37 --------- d-----w C:\Program Files\Mount&Blade
2008-08-14 20:07 --------- d-----w C:\Program Files\Common Files\GC Install
2008-08-05 22:02 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-08-05 22:02 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-08-05 22:02 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-08-05 22:02 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-08-05 22:02 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-08-05 22:02 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-05 18:16 --------- d-----w C:\Documents and Settings\Parallel Pain\Application Data\eMule
2008-08-04 22:19 --------- d-----w C:\Program Files\iPod
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-16 18:51 2,041,363 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-07-31 21:25 1,994 ----a-w C:\Documents and Settings\Parallel Pain\Application Data\WWB7_32.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"\YUR42.exe"="C:\Windows\system32\YUR42.exe" [2008-09-24 74752]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-14 1235736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-12 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"\YUR42.exe"="C:\Windows\system32\YUR42.exe" [2008-09-24 74752]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7391:TCP"= 7391:TCP:BitComet 7391 TCP
"7391:UDP"= 7391:UDP:BitComet 7391 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-14 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-14 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-14 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-14 76040]
R2 musm3gld;musm3gld;C:\WINDOWS\system32\drivers\musm3gld.sys [2006-02-24 5513]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{3B020928-1C28-4C7A-9889-3D0B5926381A} - C:\WINDOWS\dfmlxbpkqvd.dll
Toolbar-{1C67BD5F-A9EA-4FD0-A1D8-0AD71E86D48A} - C:\WINDOWS\peltodgx.dll
HKCU-Run-\YUR32.exe - C:\Windows\system32\YUR32.exe
HKCU-Run-\YUR33.exe - C:\Windows\system32\YUR33.exe
HKCU-Run-\YUR43.exe - C:\Windows\system32\YUR43.exe
HKCU-Run-\YUR7DD.exe - C:\Windows\system32\YUR7DD.exe
HKCU-Run-\YUR819.exe - C:\Windows\system32\YUR819.exe
HKCU-Run-\YUR945.exe - C:\Windows\system32\YUR945.exe
HKCU-Run-\YURD2D.exe - C:\Windows\system32\YURD2D.exe
HKCU-Run-\YUR1150.exe - C:\Windows\system32\YUR1150.exe
HKCU-Run-\YUR1280.exe - C:\Windows\system32\YUR1280.exe
HKCU-Run-\YUR1A65.exe - C:\Windows\system32\YUR1A65.exe
HKCU-Run-\YUR1BC6.exe - C:\Windows\system32\YUR1BC6.exe
HKCU-Run-\YUR23AC.exe - C:\Windows\system32\YUR23AC.exe
HKLM-Run-\YUR32.exe - C:\Windows\system32\YUR32.exe
HKLM-Run-\YUR33.exe - C:\Windows\system32\YUR33.exe
HKLM-Run-\YUR43.exe - C:\Windows\system32\YUR43.exe
HKLM-Run-\YUR7DD.exe - C:\Windows\system32\YUR7DD.exe
HKLM-Run-\YUR819.exe - C:\Windows\system32\YUR819.exe
HKLM-Run-\YUR945.exe - C:\Windows\system32\YUR945.exe
HKLM-Run-\YURD2D.exe - C:\Windows\system32\YURD2D.exe
HKLM-Run-\YUR1150.exe - C:\Windows\system32\YUR1150.exe
HKLM-Run-\YUR1280.exe - C:\Windows\system32\YUR1280.exe
HKLM-Run-\YUR1A65.exe - C:\Windows\system32\YUR1A65.exe
HKLM-Run-\YUR1BC6.exe - C:\Windows\system32\YUR1BC6.exe
HKLM-Run-\YUR23AC.exe - C:\Windows\system32\YUR23AC.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Parallel Pain\Application Data\Mozilla\Firefox\Profiles\0w9n89x6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
.
.
------- File Associations -------
.
txtfile="C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe" "%1"
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 00:53:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-26 0:57:15
ComboFix-quarantined-files.txt 2008-09-26 07:57:12

Pre-Run: 6,455,463,936 bytes free
Post-Run: 11,475,697,664 bytes free

331 --- E O F --- 2008-09-18 00:48:54

#6 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 26 September 2008 - 08:37 AM

Hi,

Almost finished. Just some leftovers we have to delete...

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\Windows\system32\YUR42.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\YUR42.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\YUR42.exe"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#7 Parallel Pain

Parallel Pain

    Member

  • Members
  • PipPip
  • 11 posts

Posted 26 September 2008 - 09:11 AM

Combofix log:
______________________________________________________________________
ComboFix 08-09-25.05 - Parallel Pain 2008-09-26 1:31:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.569 [GMT -7:00]
Running from: C:\Documents and Settings\Parallel Pain\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Parallel Pain\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\system32\YUR42.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\YUR42.exe
C:\x

.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-25 23:48 . 2008-09-25 23:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-09-25 21:05 . 2008-09-25 21:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-24 23:07 . 2008-09-24 23:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-24 21:15 . 2008-09-24 23:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-09-23 17:32 . 2008-09-23 17:32 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.9.9 build 668
2008-09-23 17:32 . 2008-09-24 21:11 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 12
2008-09-23 02:32 . 2008-09-23 03:04 <DIR> d-------- C:\Program Files\foobar2000
2008-09-23 02:32 . 2008-09-23 10:28 <DIR> d-------- C:\Documents and Settings\Parallel Pain\Application Data\foobar2000
2008-09-15 13:24 . 2008-09-15 13:24 <DIR> d-------- C:\Documents and Settings\Parallel Pain\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-13 11:40 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-13 11:40 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-13 11:40 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-13 03:04 . 2008-09-24 21:32 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-13 00:14 . 2008-09-13 00:14 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-09-13 00:13 . 2008-09-13 00:13 <DIR> d-------- C:\Documents and Settings\Parallel Pain\Application Data\Nero
2008-09-13 00:09 . 2008-09-13 00:11 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-13 00:09 . 2008-09-13 00:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-09-13 00:07 . 2008-09-13 00:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 00:07 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-13 00:07 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-13 00:02 . 2008-09-13 00:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-09-12 23:14 . 2008-09-12 23:14 0 --a------ C:\WINDOWS\Irremote.ini
2008-09-12 23:03 . 2007-01-10 03:55 624,640 --a------ C:\WINDOWS\UIT3D.tmp
2008-09-12 23:03 . 2008-09-12 23:03 36 --a------ C:\WINDOWS\WININIT.INI
2008-09-12 23:02 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-12 22:33 . 2006-02-24 07:37 5,513 --a------ C:\WINDOWS\system32\drivers\musm3gld.sys
2008-09-12 20:20 . 2008-09-12 20:20 25 --a------ C:\WINDOWS\cdplayer.ini
2008-09-12 20:19 . 2008-09-12 20:19 <DIR> d-------- C:\Program Files\Real
2008-09-12 20:19 . 2008-09-12 20:19 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-12 20:19 . 2008-09-12 20:19 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-12 20:19 . 2008-09-12 20:19 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-09-12 20:18 . 2008-09-26 00:34 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-09-12 19:17 . 2007-05-17 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-09-12 19:02 . 2008-09-13 15:36 1,012 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-09-12 19:00 . 2008-09-12 20:16 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-12 18:56 . 2008-09-12 18:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-09-12 18:56 . 2008-09-12 18:56 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-09-12 18:40 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-09-12 18:10 . 2008-09-12 18:10 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-12 18:10 . 2008-09-12 18:10 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-12 18:10 . 2008-09-12 18:10 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-12 18:10 . 2008-09-12 18:10 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-12 18:04 . 2008-09-12 18:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-12 17:43 . 2008-09-12 17:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-09-12 17:33 . 2008-09-12 17:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-09-12 17:20 . 2008-09-12 17:20 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-12 17:16 . 2008-09-12 18:31 <DIR> d-------- C:\Program Files\NOS
2008-09-12 17:16 . 2008-09-12 18:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2008-09-12 17:16 . 2008-09-12 17:16 244 --ah----- C:\sqmnoopt17.sqm
2008-09-12 17:16 . 2008-09-12 17:16 232 --ah----- C:\sqmdata17.sqm
2008-09-12 17:11 . 2008-09-12 17:11 244 --ah----- C:\sqmnoopt16.sqm
2008-09-12 17:11 . 2008-09-12 17:11 232 --ah----- C:\sqmdata16.sqm
2008-09-12 17:10 . 2008-09-12 17:22 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-12 17:09 . 2008-09-12 17:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-09-12 17:07 . 2008-09-12 17:07 244 --ah----- C:\sqmnoopt15.sqm
2008-09-12 17:07 . 2008-09-12 17:07 232 --ah----- C:\sqmdata15.sqm
2008-09-12 16:34 . 2008-09-12 16:35 <DIR> d-------- C:\a17d928ff692145ca001
2008-09-12 16:23 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-12 16:23 . 2008-09-12 16:23 376 --a------ C:\WINDOWS\ODBC.INI
2008-09-12 16:10 . 2008-09-12 17:40 408 --a------ C:\WINDOWS\NJCOM.INI
2008-09-12 15:59 . 2008-09-12 15:59 244 --ah----- C:\sqmnoopt14.sqm
2008-09-12 15:59 . 2008-09-12 15:59 232 --ah----- C:\sqmdata14.sqm
2008-09-12 15:56 . 2008-09-12 15:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-09-12 15:56 . 2008-09-14 12:25 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-12 15:56 . 2008-09-14 12:25 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-12 15:56 . 2008-09-14 12:25 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-12 15:52 . 2008-09-12 15:52 2,048 --a------ C:\WINDOWS\system32\alsign.sig
2008-09-12 15:37 . 2008-04-13 17:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-12 15:36 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-12 15:21 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-12 15:21 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-12 15:21 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-12 15:20 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-12 15:07 . 2005-03-09 15:53 41,984 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-09-12 15:06 . 2001-09-11 15:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2008-09-12 15:06 . 2001-09-18 22:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2008-09-12 15:06 . 2005-08-10 22:49 393,088 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-09-12 15:06 . 2005-10-05 02:21 141,312 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-09-12 15:06 . 2005-03-04 05:53 127,872 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-09-12 15:06 . 2003-08-19 04:36 65,536 -ra------ C:\WINDOWS\system32\a3d.dll
2008-09-12 15:06 . 2005-05-04 09:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2008-09-12 15:06 . 2005-09-26 16:20 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2008-09-12 15:06 . 2002-04-17 15:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2008-09-12 15:06 . 2005-06-21 19:11 23,552 -ra------ C:\WINDOWS\system32\PostProc.dll
2008-09-12 15:05 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-12 15:00 . 2008-09-12 15:00 18,726 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-09-12 15:00 . 2004-08-12 19:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-09-12 14:59 . 2000-03-29 07:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-09-12 14:57 . 2008-09-12 14:57 <DIR> d-------- C:\Program Files\VID_0E8F&PID_0003
2008-09-12 14:56 . 2008-09-12 14:56 <DIR> d-------- C:\Program Files\My Company Name
2008-09-12 14:53 . 2007-04-18 05:19 1,311,202 --a------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2008-09-12 14:53 . 2007-05-17 18:58 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-09-12 14:53 . 2007-04-05 11:15 144,357 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-09-12 14:53 . 2007-05-17 20:57 43,136 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2008-09-12 14:53 . 2007-04-03 16:05 7,069 --a------ C:\WINDOWS\system32\atifglpf.xml
2008-09-12 14:53 . 2006-08-23 14:26 2,096 --a------ C:\WINDOWS\system32\drivers\ativckxx.vp
2008-09-12 14:53 . 2007-04-18 05:19 929 --a------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2008-09-12 14:48 . 2006-05-14 23:18 12,416 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2008-09-12 13:57 . 2008-09-12 13:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-12 13:39 . 2008-09-24 21:21 <DIR> d-------- C:\Documents and Settings\Parallel Pain
2008-09-12 13:38 . 2008-09-12 13:38 <DIR> d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY
2008-09-12 13:37 . 2008-09-12 13:37 <DIR> d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY
2008-09-12 13:37 . 2008-09-12 13:37 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-09-12 13:34 . 2004-08-03 18:07 514,587 --a--c--- C:\WINDOWS\system32\dllcache\edb500.dll
2008-09-12 13:33 . 2008-09-12 16:35 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-09-12 13:32 . 2008-09-12 16:35 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-09-12 13:31 . 2004-08-03 18:07 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-12 13:31 . 2008-09-12 13:31 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-09-12 13:31 . 2008-09-12 13:31 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-09-12 13:31 . 2008-09-12 13:31 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-12 13:29 . 2004-08-03 18:07 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2008-09-12 13:28 . 2008-04-13 17:11 2,061,824 --a------ C:\WINDOWS\system32\mstscax.dll
2008-09-12 06:22 . 2004-08-03 18:07 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-09-12 06:21 . 2008-04-13 17:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-12 06:19 . 2008-04-13 11:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-09-12 06:18 . 2008-04-13 12:19 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-09-12 06:18 . 2008-04-13 17:12 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-09-12 06:18 . 2008-04-13 11:45 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-09-12 06:18 . 2008-04-13 11:40 57,600 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-09-12 06:18 . 2008-04-13 11:45 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 06:03 --------- d-----w C:\Documents and Settings\Parallel Pain\Application Data\Lavasoft
2008-09-25 05:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 00:34 --------- d-----w C:\Program Files\Easy CD-DA Extractor 10
2008-09-23 17:32 --------- d-----w C:\Program Files\eMule
2008-09-23 17:20 --------- d-----w C:\Program Files\Monkey's Audio
2008-09-23 09:24 --------- d-----w C:\Program Files\AV Music Morpher Gold
2008-09-13 13:58 --------- d-----w C:\Program Files\GameSpy Arcade
2008-09-13 08:25 --------- d-----w C:\Program Files\EB Documentation
2008-09-13 08:24 --------- d-----w C:\Program Files\Recruitment Viewer
2008-09-13 08:24 --------- d-----w C:\Program Files\EBTrivialScript
2008-09-13 08:24 --------- d-----w C:\Documents and Settings\Parallel Pain\Application Data\Recruitment Viewer
2008-09-13 08:07 --------- d-----w C:\Program Files\Paradox Interactive
2008-09-13 07:20 --------- d-----w C:\Program Files\Nero
2008-09-13 07:07 --------- d-----w C:\Program Files\iTunes
2008-09-13 07:05 --------- d-----w C:\Program Files\Bonjour
2008-09-13 07:04 --------- d-----w C:\Program Files\QuickTime
2008-09-13 07:01 --------- d-----w C:\Program Files\Apple Software Update
2008-09-13 03:40 --------- d-----w C:\Program Files\DAEMON Tools
2008-09-13 03:19 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-13 01:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-13 01:59 --------- d-----w C:\Documents and Settings\Parallel Pain\Application Data\Hamachi
2008-09-13 01:28 --------- d-----w C:\Program Files\Winamp
2008-09-13 00:46 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-13 00:44 --------- d-----w C:\Program Files\DivX
2008-09-13 00:29 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-13 00:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-13 00:09 --------- d-----w C:\Program Files\Windows Live
2008-09-12 22:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-12 22:07 --------- d-----w C:\Program Files\AMD
2008-09-03 01:59 --------- d-----w C:\Program Files\MSN Messenger
2008-08-18 08:36 --------- d-----w C:\Documents and Settings\Parallel Pain\Application Data\Mount&Blade
2008-08-14 22:37 --------- d-----w C:\Program Files\Mount&Blade
2008-08-14 20:07 --------- d-----w C:\Program Files\Common Files\GC Install
2008-08-05 22:02 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-08-05 22:02 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-08-05 22:02 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-08-05 22:02 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-08-05 22:02 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-08-05 22:02 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-05 18:16 --------- d-----w C:\Documents and Settings\Parallel Pain\Application Data\eMule
2008-08-04 22:19 --------- d-----w C:\Program Files\iPod
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-16 18:51 2,041,363 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-07-31 21:25 1,994 ----a-w C:\Documents and Settings\Parallel Pain\Application Data\WWB7_32.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-14 1235736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-12 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7391:TCP"= 7391:TCP:BitComet 7391 TCP
"7391:UDP"= 7391:UDP:BitComet 7391 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-14 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-14 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-14 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-14 76040]
R2 musm3gld;musm3gld;C:\WINDOWS\system32\drivers\musm3gld.sys [2006-02-24 5513]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-\YUR42.exe - C:\Windows\system32\YUR42.exe
HKCU-Run-\YUR251D.exe - C:\Windows\system32\YUR251D.exe
HKLM-Run-\YUR42.exe - C:\Windows\system32\YUR42.exe
HKLM-Run-\YUR251D.exe - C:\Windows\system32\YUR251D.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 01:34:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-26 1:37:27
ComboFix-quarantined-files.txt 2008-09-26 08:37:24
ComboFix2.txt 2008-09-26 07:57:16

Pre-Run: 11,460,812,800 bytes free
Post-Run: 11,450,486,784 bytes free

293 --- E O F --- 2008-09-18 00:48:54





HijackThis log:
____________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:03 AM, on 26/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7065 bytes

#8 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 26 September 2008 - 09:57 AM

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#9 Parallel Pain

Parallel Pain

    Member

  • Members
  • PipPip
  • 11 posts

Posted 26 September 2008 - 10:38 AM

It's uninstalled and everything (that I can see) works just like before yay :lol: :)

thank you thank you thank you thank you thank you thank you thank you

#10 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 26 September 2008 - 10:40 AM

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#11 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 13 October 2008 - 02:29 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users