virus =(

Unknown · March 2008

I had some kind of .BAT virus before and i think i cleaned out most of the virus but it seemed like it spread in a couple areas i keep getting music out of nowhere playin in the background and sometimes my wallpaper is changed please check my hijack this log any help would greatly be appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:39 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C56780-1573-4836-A3F9-3D5219E49BE1} (PopdramaQLauncher Class) - http://appupdate.popdrama.com/download/DramaQAx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8296F2FA-68DB-4A44-A2F2-5F42E2E7F1D2}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\virtok.html
--
End of file - 10496 bytes

Thomas · March 2008

Welcome to Icrontic blazinbk,

At least some Zlob changes showing there as well as remnants of other infection, so let's start repairs here.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

===========================

Then Download ComboFix.exe from here to your desktop.

Then disable your net access, and click the downloaded file to run the repair.

When starting ComboFix will cause your computer's internal speakers to produce two beeps, and during the start process display two warnings. These are intended to discourage people who are not getting help in the forum from just experimenting with tools they do not understand. Just to inform you so you will understand that the procedures are expected, and okay.

ComboFix will also change the drive autoplay settings there as it's own added security measure. When we have completed all repairs here we will return the default Windows settings.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop, however given the infection there ComboFix will likely cause a reboot in order to complete it's repairs.

(ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver)

Re-enable net access, and post back the C:\ComboFix.txt log and the MBAM log, as well as a new HijackThis log please.

blazinbk · March 2008

Hey! thanks alot for the help here are the logs!

Malwarebytes' Anti-Malware 1.09
Database version: 532
Scan type: Quick Scan
Objects scanned: 39056
Time elapsed: 4 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 45
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d279bc2b-a85b-4559-8fd9-ddc55f5d402d} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b80a3586-caa5-41c8-89bf-e617f0b6cfbf} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\BATCO (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\bat.DLL (Adware.Batco) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\mgmrwmrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\salm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\updatetc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIXU.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WER8274.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bindmod.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

ComboFix 08-03-22.3 - bill 2008-03-24 14:31:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2645 [GMT -4:00]
Running from: C:\Documents and Settings\bill\Local Settings\Temporary Internet Files\Content.IE5\OBXSS5D1\ComboFix[1].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Other TimeOuts --
Findstr -MIF:/ "[URL="file://\\TTC\.pdb"]\\TTC\.pdb[/URL] InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF7926.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF7926.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\bill\ravmonlog
C:\Program Files\Windows Media Player\virtok.html
C:\WINDOWS\dat.txt
C:\WINDOWS\default.htm
C:\WINDOWS\TEMP\salm.exe
E:\Autorun.inf
O:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.
2008-03-24 14:24 . 2008-03-24 14:24 <DIR> d

C:\Program Files\Malwarebytes' Anti-Malware
2008-03-24 14:24 . 2008-03-24 14:24 <DIR> d

C:\Documents and Settings\bill\Application Data\Malwarebytes
2008-03-24 14:24 . 2008-03-24 14:24 <DIR> d

C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-24 03:51 . 2008-03-24 03:51 <DIR> d

C:\Documents and Settings\bill\Application Data\KORG
2008-03-24 03:50 . 2008-03-24 03:50 <DIR> d

C:\Program Files\KORG Legacy
2008-03-24 03:50 . 2008-03-24 03:50 <DIR> d

C:\Program Files\Common Files\KORG
2008-03-24 03:50 . 2008-03-24 03:50 <DIR> d

C:\Documents and Settings\All Users\Application Data\KORG
2008-03-22 15:37 . 2008-03-22 15:37 <DIR> d

C:\Program Files\Trend Micro
2008-03-22 01:36 . 2008-03-22 01:36 <DIR> d--h

C:\WINDOWS\PIF
2008-03-21 18:26 . 2008-03-22 01:47 <DIR> d

C:\Program Files\Windows Desktop Search
2008-03-19 16:43 . 2008-03-19 16:51 <DIR> d

C:\Program Files\Auslogics
2008-03-19 16:43 . 2008-03-19 16:51 <DIR> d

C:\Documents and Settings\bill\Application Data\Auslogics
2008-03-19 16:15 . 2008-03-19 16:16 <DIR> d

C:\Program Files\Microsoft Expression
2008-03-19 16:12 . 2008-03-19 16:12 162 --a

C:\WINDOWS\ODBC.INI
2008-03-19 16:06 . 2006-10-26 19:56 32,592 --a

C:\WINDOWS\system32\msonpmon.dll
2008-03-19 16:05 . 2008-03-19 16:05 <DIR> d

C:\Program Files\MSBuild
2008-03-19 16:05 . 2008-03-19 16:05 <DIR> d

C:\Program Files\Microsoft Works
2008-03-19 16:03 . 2008-03-19 16:03 <DIR> d

C:\Program Files\Microsoft.NET
2008-03-19 16:01 . 2008-03-19 16:13 <DIR> d

C:\WINDOWS\SHELLNEW
2008-03-19 16:01 . 2008-03-19 16:01 <DIR> d

C:\Program Files\Microsoft Visual Studio 8
2008-03-19 16:00 . 2008-03-19 16:00 <DIR> dr-h

C:\MSOCache
2008-03-19 16:00 . 2008-03-20 03:02 <DIR> d

C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-19 15:39 . 2008-03-19 15:47 <DIR> d

C:\Program Files\MagicISO
2008-03-19 03:22 . 2008-03-19 03:22 <DIR> d

C:\ComboFix
2008-03-18 22:52 . 2008-03-18 22:52 <DIR> d--h

C:\WINDOWS\system32\GroupPolicy
2008-03-18 13:42 . 2008-03-18 13:42 <DIR> d

C:\Documents and Settings\bill\Application Data\IM-Names
2008-03-18 13:42 . 2008-03-18 13:42 136,627 --a

C:\WINDOWS\POTA777444.exe
2008-03-18 03:57 . 2008-03-18 03:57 <DIR> d

C:\Program Files\MusicLab
2008-03-16 17:07 . 2008-03-16 17:07 <DIR> d

C:\Documents and Settings\All Users\Application Data\zplane.development
2008-03-16 13:13 . 2008-03-16 13:13 1,344,434 --a

C:\WINDOWS\system32\TmpA65769953
2008-03-15 04:07 . 2008-03-24 02:07 22,328 --a

C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-14 14:07 . 2008-03-14 14:07 <DIR> d

C:\Psfonts
2008-03-14 14:06 . 2008-03-14 14:43 <DIR> d-a

C:\Documents and Settings\All Users\Application Data\MakeMusic
2008-03-14 14:06 . 2008-03-14 14:06 507 --a

C:\WINDOWS\winiini.fin
2008-03-14 14:05 . 2008-03-14 14:10 <DIR> d

C:\Program Files\Finale 2007
2008-03-10 15:58 . 2008-03-14 14:53 <DIR> d

C:\Program Files\Zero-G
2008-03-10 15:52 . 2008-03-10 15:53 <DIR> d

C:\Program Files\u-he
2008-03-10 15:52 . 2008-03-10 15:52 <DIR> d

C:\Documents and Settings\All Users\Application Data\Temporary
2008-03-10 00:59 . 2007-11-21 18:31 402,728 --a

C:\WINDOWS\system32\ImageDrive.cpl
2008-03-08 16:53 . 2008-03-21 15:37 <DIR> d

C:\Program Files\Spectrasonics
2008-03-08 13:25 . 2008-03-08 13:25 <DIR> d

C:\WINDOWS\Caps
2008-03-06 01:32 . 2008-03-06 01:32 <DIR> d

C:\Program Files\Webroot
2008-03-06 01:32 . 2008-03-06 01:32 <DIR> d

C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-06 01:32 . 2008-03-06 01:32 <DIR> d

C:\Documents and Settings\bill\Application Data\Webroot
2008-03-06 01:32 . 2008-03-06 01:32 <DIR> d

C:\Documents and Settings\All Users\Application Data\Webroot
2008-03-06 01:32 . 2008-01-04 21:56 1,526,640 --a

C:\WINDOWS\WRSetup.dll
2008-03-06 01:32 . 2008-01-04 21:34 163,696 --a

C:\WINDOWS\system32\drivers\ssidrv.sys
2008-03-06 01:32 . 2008-01-04 21:34 23,920 --a

C:\WINDOWS\system32\drivers\sskbfd.sys
2008-03-06 01:32 . 2008-01-04 21:34 21,872 --a

C:\WINDOWS\system32\drivers\sshrmd.sys
2008-03-06 01:32 . 2008-01-04 21:34 20,336 --a

C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-03-06 01:32 . 2008-03-06 01:32 164 --a

C:\install.dat
2008-03-04 14:41 . 2008-03-15 15:08 <DIR> d

C:\Program Files\FriendBlasterPro
2008-03-04 14:41 . 2004-03-08 20:30 609,824 --a

C:\WINDOWS\system32\ComCtl32.ocx
2008-03-04 14:41 . 2005-07-15 12:49 245,760 --a

C:\WINDOWS\system32\aUpdateNow.ocx
2008-03-04 14:41 . 2000-05-22 01:00 140,488 --a

C:\WINDOWS\system32\COMDLG32.OCX
2008-03-04 14:41 . 2004-03-08 18:00 132,880 --a

C:\WINDOWS\system32\msinet.ocx
2008-03-04 14:41 . 2000-07-15 01:00 101,888 --a

C:\WINDOWS\system32\VB6STKIT.DLL
2008-03-02 14:56 . 2008-03-02 14:56 <DIR> d

C:\Program Files\Sonnox
2008-03-02 03:11 . 2008-03-02 03:11 <DIR> d

C:\Program Files\Intel Corporation
2008-02-29 18:58 . 2008-03-24 03:37 <DIR> d

C:\Program Files\Antares Audio Technologies
2008-02-29 18:58 . 2008-02-29 18:58 <DIR> d

C:\Documents and Settings\bill\Application Data\Antares
2008-02-29 04:42 . 2008-02-29 18:25 <DIR> d

C:\Program Files\FXpansion
2008-02-28 16:23 . 2008-02-28 16:23 <DIR> d

C:\Program Files\winampPlugins
2008-02-27 21:12 . 2003-08-24 21:05 339,944

C:\Program Files\UNWISE.EXE
2008-02-26 23:59 . 2008-02-27 00:00 <DIR> d

C:\WINDOWS\system32\NtmsData
2008-02-26 02:48 . 2008-03-21 14:32 69 --a

C:\WINDOWS\NeroDigital.ini
2008-02-26 02:39 . 2008-02-26 02:39 <DIR> d

C:\Documents and Settings\bill\Application Data\Nero
2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d

C:\Program Files\Nero
2008-02-26 02:37 . 2008-02-26 02:38 <DIR> d

C:\Program Files\Common Files\Nero
2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d

C:\Documents and Settings\All Users\Application Data\Nero
2008-02-25 16:15 . 2008-02-29 18:28 <DIR> d

C:\Documents and Settings\bill\Application Data\Waves Preferences
2008-02-25 14:35 . 2008-02-26 02:24 <DIR> d

C:\Program Files\ahead
2008-02-25 00:25 . 2008-02-25 00:25 <DIR> d

C:\Program Files\Common Files\Trillium Lane
2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d

C:\Documents and Settings\bill\Application Data\InstallShield
2008-02-24 23:40 . 2008-02-24 23:40 <DIR> d

C:\Documents and Settings\bill\Application Data\Waves Audio
2008-02-24 23:39 . 2008-03-21 13:42 <DIR> d

C:\Program Files\Waves
2008-02-24 23:32 . 2008-02-24 23:32 <DIR> d

C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 18:33 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-24 18:23

d

w C:\Documents and Settings\bill\Application Data\uTorrent
2008-03-24 07:12

d

w C:\Documents and Settings\bill\Application Data\Digidesign
2008-03-24 06:07 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-24 00:29

d

w C:\Program Files\uTorrent
2008-03-22 06:47

d

w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-03-18 09:29

d

w C:\Documents and Settings\bill\Application Data\Trillium Lane
2008-03-15 22:53 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-10 19:51

d--h--w C:\Program Files\InstallShield Installation Information
2008-03-10 19:51

d

w C:\Program Files\Celemony
2008-03-10 18:51

d

w C:\Program Files\Steinberg
2008-03-04 06:19

d

w C:\Program Files\Steam
2008-02-29 06:57

d

w C:\Documents and Settings\bill\Application Data\U3
2008-02-28 01:51

dc----w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-28 01:51

d

w C:\Program Files\DivX
2008-02-28 01:51

d

w C:\Program Files\Common Files\Native Instruments
2008-02-28 01:51

d

w C:\Program Files\Common Files\Digidesign
2008-02-27 18:39

d

w C:\Program Files\AIM6
2008-02-27 18:29

d

w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-27 18:29

d

w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-27 18:27

d

w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-25 21:11

d

w C:\Program Files\PrimoDVD (English)
2008-02-25 05:01 54,256 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
2008-02-25 04:17

d

w C:\Program Files\Digidesign
2008-02-25 03:32

d

w C:\Program Files\iTunes
2008-02-25 03:31

d

w C:\Program Files\QuickTime
2008-02-18 16:16 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-02-07 22:37

d

w C:\Program Files\Common Files\PrimoDVD
2008-02-07 08:37

d

w C:\Program Files\Plato Video Converter
2008-02-07 08:26

d

w C:\Program Files\XviD
2008-02-06 20:19

d

w C:\Program Files\Vongo
2008-02-06 20:16

d

w C:\Documents and Settings\bill\Application Data\Locktime
2008-02-06 20:07

d

w C:\Program Files\Smart PDF Converter
2008-02-06 19:56

d

w C:\Program Files\NetLimiter 2 Pro
2008-02-06 19:56

d

w C:\Documents and Settings\All Users\Application Data\Locktime
2008-02-05 08:06

d

w C:\Program Files\Native Instruments
2008-02-02 04:15

d

w C:\Program Files\Full Tilt Poker
2008-01-31 00:20

d

w C:\Program Files\Common Files\Adobe
2008-01-31 00:20

d

w C:\Program Files\Bonjour
2008-01-31 00:14

d

w C:\Program Files\Common Files\Macrovision Shared
2008-01-30 19:23

d

w C:\Program Files\SureThing CD Labeler 5 - Primera
2008-01-30 19:16

d

w C:\Program Files\Common Files\SureThing Shared
2008-01-29 20:57

d

w C:\Program Files\Real
2008-01-28 19:14

d

w C:\Program Files\Primera Technology
2008-01-28 19:14

d

w C:\Documents and Settings\All Users\Application Data\PTI
2007-12-27 00:25 22,328 ----a-w C:\Documents and Settings\bill\Application Data\PnkBstrK.sys
2007-09-05 22:40 251,883 ----a-w C:\Program Files\uninstal.log
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:07 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 23:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]
"SigmatelSysTrayApp"="sttray.exe" [2007-05-06 20:10 405504 C:\WINDOWS\sttray.exe]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 00:24 1169744]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 00:38 1945688]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 00:29 149024]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 12:44 303104]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 17:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 16:49 69632]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 01:35 77824]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 21:07 158208]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
C:\Documents and Settings\bill\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows Media Player\virtok.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a

2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 04:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a

2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\blazinbk\\condition zero\\hl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Steam\\steamapps\\blazinbk\\counter-strike\\hl.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12131:TCP"= 12131:TCP:NortonAV
"17390:TCP"= 17390:TCP:NortonAV
"17885:TCP"= 17885:TCP:NortonAV
"18502:TCP"= 18502:TCP:NortonAV
"28555:TCP"= 28555:TCP:utorrent
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 23:50]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 07:03]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-09-05 17:38]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 03:16]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 WUSB300NSvc;WUSB300NSvc;"C:\Program Files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe" []
R3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2008-02-25 01:01]
R3 koreavs;koreavs;C:\WINDOWS\system32\Drivers\koreavs.sys [2007-03-20 16:37]
R3 koreusb;koreusb;C:\WINDOWS\system32\Drivers\koreusb.sys [2007-03-20 16:37]
R3 voxthing;Voice Thing service;C:\WINDOWS\system32\drivers\voxthing.sys [2007-07-20 14:30]
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 03:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - N:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{232c2bb8-b4a8-11dc-a782-001c1064805f}]
\Shell\AutoRun\command - O:\DTE_Privacy_launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72dd3cc4-a915-11dc-a761-001c1064805f}]
\Shell\AutoRun\command - O:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c7a8006-6561-11dc-a6aa-807783987390}]
\Shell\AutoRun\command - O:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 16:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 14:36:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

Other Running Processes

.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2008-03-24 14:39:42 - machine was rebooted [bill]
ComboFix-quarantined-files.txt 2008-03-24 18:39:39
.
2008-03-20 07:02:33 --- E O F ---

Again thanks for the help!

Thomas · March 2008

I was waiting on the HijackThis log, so be sure to post back all requested logs. But let's move on what shows right now.

Good progress - the folks at Malwarebytes have done well targeting Zlob. The logs show you have IM-Names and Full Tilt Poker installed, which are both adware bundled software. You need to uninstall these through Add/Remove Programs now please.

Then Go here and download the free version of SUPERAntiSpyware and install it.

After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings.

Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is).

Start-up Options:
*Start SUPERAntiSpyware when Windows starts

Automatic Updates:
*Check for program updates when the application starts.
Start-up Scanning:
*Check for updates before scanning on startup.

Then select Close. Don't scan just yet though.

Also Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.

===============================================

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

Open SUPERAntiSpyware and click the Scan your Computer button. You may need to start SUPERAntiSpyware, then right click the Taskbar icon (the little bug shaped icon) and select "Scan for Spyware, Adware, Malware..." to access the scan panel. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.

SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).

Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here.

Run a new ComboFix scan, and post that back here along with a new HijackThis log and the SUPERAntiSpyware log please.

Veka · April 2008

This topic is now closed due to inactivity. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

If you are not the user who started this thread, you must start your own Thread instead

virus =(

Comments