Having some Virus problems

Computing.Net > Forums > Security and Virus > Having some Virus problems

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Having some Virus problems

Name: GoUSF
Date: February 8, 2008 at 04:51:34 Pacific
OS: Win XP
CPU/Ram: P3
Product: Compaq Presario

Comment:

So I have been doing some research on these threads and come to the conclusion I had the Vundo Virus, it appears I have some more as well.
I have already done the Vundofix, ran the Combofix, and done a kapersky Virus scan (which apparently got rid of alot of stuff. In addition I ran the Norton Vundo remover tool (the free one, do not have Norton System works) I have run Spybot, Adaware and Microsoft Malware remover. All of these have said they have deleted one thing or another. but it appears I am not out of the woods.
Here is the problems have found so far:
My clock had changed from regular time to military time (this is apparently no longer a problem, must of gotten rid of that one
On startup I get an error about the SGCSADMA.DLL which upon googling it nothing came up O4 - HKLM\..\Run: [7c49ae0f] rundll32.exe "C:\WINDOWS\system32\sgcsadma.dll",b
a hijack log appeared fairly clean, however bearing in mind I know very little about HJT, I did notice one program that didnt belong there and I ran the remove program (in win control panel) the name of the program was [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
When I run Firefox all is well, however if I open up Internet explorer, I get the regular page but after a few moments (of keepign it on the homepage google, I will get a pop up that will direct me to a betting site or some adult friend finder type site.
These are the only things off the top of my head I can tell are not supposed to be there again im a beginner to this HJT stuff. I dont know what caused the infection (for once it wasnt looking at porn :) ) I am wondering if it has to do with the "Zilla Data Nuker" program I downloaded a week or so ago or perhaps it happened when I was trying to download a poker "helper" type program. Aside from these two downloads I have used windows very little as I am running a dual boot system and have been primarily using Linux as of late (the past 3 months or so
Thanks in advance for the assistance.

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: February 8, 2008 at 14:20:20 Pacific

Reply:

Go to the this link:
Disable Realtime Protection
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Post a new Hijack This log please and a new Combofix log.

Response Number 2

Name: GoUSF
Date: February 8, 2008 at 22:10:40 Pacific

Reply:

Thank you for the response.. here is my HJT Log followed by my Combofix Log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:01:03 AM, on 2008-02-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\ESPN\BottomLine\bline.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Timber\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {a16a3cad-367a-1f68-6714-8712e3f9e1f0} - {0f1e9f3e-2178-4176-86f1-a763dac3a61a} - C:\WINDOWS\system32\uryqcmtk.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9059C9FA-F630-4BBB-B08C-A92D2D76F7A5} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: BrowsingSoftware - {B886C1F4-D1D3-45F5-F45E-75EB024320AC} - C:\Program Files\BrowsingSoftware\BrowsingSoftware-2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [reupdate] "C:\Targus\ACP60\reupdate.exe" "c:\Targus\Acp60\TXEXVGA.inf" "PCI\VEN_18CA&DEV_0020"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [7c49ae0f] rundll32.exe "C:\WINDOWS\system32\sgcsadma.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/C...
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8711 bytes

Response Number 3

Name: GoUSF
Date: February 8, 2008 at 22:11:30 Pacific

Reply:

And ComboFix...
ComboFix 08-02.05.3 - Timber 2008-02-09 1:02:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.102 [GMT -5:00]
Running from: C:\Documents and Settings\Timber\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.
2008-02-07 23:00 . 2008-02-07 23:06 <DIR> d-------- C:\Program Files\Sportsbook Poker
2008-02-07 22:57 . 2008-02-07 23:56 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-07 22:57 . 2008-02-07 22:57 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-07 22:53 . 2008-02-07 22:53 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-07 22:53 . 2008-02-09 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-07 22:53 . 2008-02-09 01:03 1,168,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-07 22:53 . 2008-02-09 00:58 17,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-07 22:53 . 2008-02-09 01:03 9,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-07 22:53 . 2008-02-09 00:58 1,652 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-07 22:46 . 2008-02-07 22:46 <DIR> d-------- C:\kav
2008-02-07 22:32 . 2008-02-07 22:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-07 22:32 . 2008-02-07 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 21:55 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-07 21:52 . 2008-02-07 21:55 <DIR> d-------- C:\Program Files\Java
2008-02-07 21:51 . 2008-02-07 21:51 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-07 02:37 . 2008-02-07 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 02:32 . 2004-08-04 07:00 388,608 --a------ C:\kmd.exe
2008-02-07 00:03 . 2008-02-08 07:15 <DIR> d-------- C:\VundoFix Backups
2008-02-06 21:32 . 2008-02-08 00:02 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-06 21:32 . 2008-02-06 21:32 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-06 21:29 . 2008-02-08 07:15 <DIR> d-------- C:\WINDOWS\system32\rp4
2008-02-06 21:29 . 2008-02-08 07:15 <DIR> d-------- C:\WINDOWS\system32\cz6
2008-02-06 21:28 . 2008-02-08 07:13 <DIR> d-------- C:\WINDOWS\system32\nGpxx18
2008-02-06 21:28 . 2008-02-06 21:29 <DIR> d-------- C:\TEMP\isgTi19
2008-02-06 21:27 . 2008-02-06 21:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 21:25 . 2008-02-08 07:21 <DIR> d-------- C:\Program Files\BrowsingSoftware
2008-02-04 19:11 . 2008-02-04 19:11 <DIR> d-------- C:\Documents and Settings\Timber\Application Data\TVU Networks
2008-02-04 19:11 . 2008-02-04 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-02-04 18:06 . 2008-02-04 18:07 <DIR> d-------- C:\Program Files\SopCast
2008-02-01 11:49 . 2008-02-01 11:49 <DIR> d-------- C:\Program Files\Zilla Data Nuker
2008-01-30 16:10 . 2008-01-30 16:10 274,432 --a------ C:\WINDOWS\system32\libcurl.dll
2008-01-12 14:45 . 2008-01-12 14:49 <DIR> d-------- C:\kds
2008-01-12 14:00 . 2008-02-06 15:27 436 --a------ C:\WINDOWS\system\CMCNFGU.INI
2008-01-12 13:56 . 2008-01-12 13:56 <DIR> d-------- C:\Program Files\TARGUS
2008-01-12 13:42 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-12 13:42 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-12 13:41 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-12 13:41 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-12 13:41 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-12 13:41 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-12 13:40 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-12 13:40 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-12 13:40 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-12 13:40 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 02:43 --------- d-----w C:\Documents and Settings\Timber\Application Data\LimeWire
2008-01-12 18:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 04:39 --------- d-----w C:\Program Files\AIM6
2007-12-27 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-27 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-25 16:37 --------- d-----w C:\Documents and Settings\Timber\Application Data\Viewpoint
2007-12-18 05:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-18 05:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-18 02:21 --------- d-----w C:\Documents and Settings\Guest\Application Data\Talkback
2007-12-15 10:30 --------- d-----w C:\Program Files\DivX
2007-12-13 18:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f1e9f3e-2178-4176-86f1-a763dac3a61a}]
C:\WINDOWS\system32\uryqcmtk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9059C9FA-F630-4BBB-B08C-A92D2D76F7A5}]
C:\WINDOWS\system32\pmnnk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B886C1F4-D1D3-45F5-F45E-75EB024320AC}]
2007-12-30 15:48 1019904 --a------ C:\Program Files\BrowsingSoftware\BrowsingSoftware-2.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 14:04 50528]
"ESPN BottomLine"="C:\Program Files\ESPN\BottomLine\bline.exe" [2002-05-22 15:00 155759]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 20:44 184320]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 15:24 290816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 02:47 827392]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 19:06 1398272]
"NWEReboot"="" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"reupdate"="C:\Targus\ACP60\reupdate.exe" [ ]
"CmUsbSound"="cmcnfgu.cpl" []
"7c49ae0f"="C:\WINDOWS\system32\sgcsadma.dll" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-10-02 23:55:59 184320]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 07:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2005-07-20 14:26]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 18:06]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 01:04:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-09 1:05:14
ComboFix-quarantined-files.txt 2008-02-09 06:04:50
.
2008-01-09 08:03:35 --- E O F ---

Response Number 4

Name: jabuck
Date: February 9, 2008 at 05:10:53 Pacific

Reply:

Make sure Spybot's Teatimer is turned off.
Go to start> control panel> administrative tools> services> scroll down toMSControlService may be called Microsoft cache control> double click it > click the drop down arrow to the far right of "startup type"> click "disable" to select it> apply>ok.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\uryqcmtk.dll
C:\WINDOWS\system32\pmnnk.dll
C:\Program Files\BrowsingSoftware\BrowsingSoftware-2.dll
C:\WINDOWS\system32\sgcsadma.dll
C:\WINDOWS\system32\vbzip10.dll

Driver::
MSControlService
Microsoft cache control
Folder::
C:\Program Files\BrowsingSoftware
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\rp4
C:\WINDOWS\system32\cz6
C:\WINDOWS\system32\nGpxx18
C:\TEMP\isgTi19

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f1e9f3e-2178-4176-86f1-a763dac3a61a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9059C9FA-F630-4BBB-B08C-A92D2D76F7A5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B886C1F4-D1D3-45F5-F45E-75EB024320AC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7c49ae0f"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Response Number 5

Name: GoUSF
Date: February 9, 2008 at 12:15:22 Pacific

Reply:

Thanks so much for the help here is the KScan report
---------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 09, 2008 15:13
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/02/2008
Kaspersky Anti-Virus database records: 555870
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 35358
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:43:47
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Timber\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Timber\Application Data\Mozilla\Firefox\Profiles\by6ps1x1.default\cert8.db Object is locked skipped
C:\Documents and Settings\Timber\Application Data\Mozilla\Firefox\Profiles\by6ps1x1.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Timber\Application Data\Mozilla\Firefox\Profiles\by6ps1x1.default\history.dat Object is locked skipped
C:\Documents and Settings\Timber\Application Data\Mozilla\Firefox\Profiles\by6ps1x1.default\key3.db Object is locked skipped
C:\Documents and Settings\Timber\Application Data\Mozilla\Firefox\Profiles\by6ps1x1.default\parent.lock Object is locked skipped
C:\Documents and Settings\Timber\Application Data\Mozilla\Firefox\Profiles\by6ps1x1.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Timber\Application Data\Mozilla\Firefox\Profiles\by6ps1x1.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Timber\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Application Data\AOL OCP\AIM\Storage\data\skibum5262\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Application Data\Mozilla\Firefox\Profiles\by6ps1x1.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Application Data\Mozilla\Firefox\Profiles\by6ps1x1.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Application Data\Mozilla\Firefox\Profiles\by6ps1x1.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Application Data\Mozilla\Firefox\Profiles\by6ps1x1.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\History\History.IE5\MSHist012008020920080210\index.dat Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Timber\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Timber\ntuser.dat Object is locked skipped
C:\Documents and Settings\Timber\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3422B4F6-119B-489C-95C1-E071F3B9C530}\RP88\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_694.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

LiveDrvPack.exe (SBLW-XPWEB-W3-US) limewire mac virus ksh validate date	del command switches smtpsvc 4006 smtpsvc 4006
See More

Response Number 6

Name: GoUSF
Date: February 9, 2008 at 12:21:35 Pacific

Reply:

BTW the clock has changed back to military time.. I know how to change it back to regular but I don't know how to stop it from changing itself

Response Number 7

Name: jabuck
Date: February 9, 2008 at 13:00:47 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Folder::
C:\Qoobox

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Combofix log.
Restart the computer and let us know if the time changed back.

Response Number 8

Name: GoUSF
Date: February 9, 2008 at 14:53:13 Pacific

Reply:

ComboFix 08-02.05.3 - Timber 2008-02-09 17:24:46.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.80 [GMT -5:00]Running from: C:\Documents and Settings\Timber\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Timber\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Qoobox
C:\Qoobox\BackEnv\appdata.folder.dat
C:\Qoobox\BackEnv\cache.folder.dat
C:\Qoobox\BackEnv\desktop.folder.dat
C:\Qoobox\BackEnv\favorites.folder.dat
C:\Qoobox\BackEnv\local appdata.folder.dat
C:\Qoobox\BackEnv\local settings.folder.dat
C:\Qoobox\BackEnv\my pictures.folder.dat
C:\Qoobox\BackEnv\personal.folder.dat
C:\Qoobox\BackEnv\profiles.folder.dat
C:\Qoobox\BackEnv\programs.folder.dat
C:\Qoobox\BackEnv\setpath.bat
C:\Qoobox\BackEnv\setpath.dat
C:\Qoobox\BackEnv\start menu.folder.dat
C:\Qoobox\BackEnv\startup.folder.dat
C:\Qoobox\BackEnv\templates.folder.dat
C:\Qoobox\CFScript_used_2008-02-09@17.24.txt
C:\Qoobox\CFScript_used_2008-02-09@9.56.txt
C:\Qoobox\ComboFix-quarantined-files.txt
C:\Qoobox\ComboFix2.txt
C:\Qoobox\ComboFix3.txt
C:\Qoobox\snapshot@2008-02-07_11.00.11.50.dat
C:\Qoobox\snapshot@2008-02-07_11.00.11.50_B.dat
.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.
2008-02-09 10:16 . 2008-02-09 10:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-09 10:16 . 2008-02-09 10:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-09 09:53 . 2004-08-04 07:00 388,608 --a------ C:\kmd.exe
2008-02-07 23:00 . 2008-02-09 01:18 <DIR> d-------- C:\Program Files\Sportsbook Poker
2008-02-07 22:53 . 2008-02-07 22:53 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-07 22:46 . 2008-02-07 22:46 <DIR> d-------- C:\kav
2008-02-07 22:32 . 2008-02-07 22:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-07 22:32 . 2008-02-07 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 21:55 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-07 21:52 . 2008-02-07 21:55 <DIR> d-------- C:\Program Files\Java
2008-02-07 21:51 . 2008-02-07 21:51 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-07 02:37 . 2008-02-07 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 00:03 . 2008-02-08 07:15 <DIR> d-------- C:\VundoFix Backups
2008-02-06 21:32 . 2008-02-08 00:02 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-06 21:27 . 2008-02-06 21:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-04 19:11 . 2008-02-04 19:11 <DIR> d-------- C:\Documents and Settings\Timber\Application Data\TVU Networks
2008-02-04 19:11 . 2008-02-04 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-02-04 18:06 . 2008-02-04 18:07 <DIR> d-------- C:\Program Files\SopCast
2008-02-01 11:49 . 2008-02-01 11:49 <DIR> d-------- C:\Program Files\Zilla Data Nuker
2008-01-30 16:10 . 2008-01-30 16:10 274,432 --a------ C:\WINDOWS\system32\libcurl.dll
2008-01-12 14:45 . 2008-01-12 14:49 <DIR> d-------- C:\kds
2008-01-12 14:00 . 2008-02-06 15:27 436 --a------ C:\WINDOWS\system\CMCNFGU.INI
2008-01-12 13:56 . 2008-01-12 13:56 <DIR> d-------- C:\Program Files\TARGUS
2008-01-12 13:42 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-12 13:42 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-12 13:41 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-12 13:41 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-12 13:41 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-12 13:41 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-12 13:40 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-12 13:40 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-12 13:40 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-12 13:40 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 02:43 --------- d-----w C:\Documents and Settings\Timber\Application Data\LimeWire
2008-01-12 18:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 04:39 --------- d-----w C:\Program Files\AIM6
2007-12-27 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-27 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-25 16:37 --------- d-----w C:\Documents and Settings\Timber\Application Data\Viewpoint
2007-12-18 02:21 --------- d-----w C:\Documents and Settings\Guest\Application Data\Talkback
2007-12-15 10:30 --------- d-----w C:\Program Files\DivX
2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 14:04 50528]
"ESPN BottomLine"="C:\Program Files\ESPN\BottomLine\bline.exe" [2002-05-22 15:00 155759]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 20:44 184320]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 15:24 290816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 02:47 827392]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 19:06 1398272]
"NWEReboot"="" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"reupdate"="C:\Targus\ACP60\reupdate.exe" [ ]
"CmUsbSound"="cmcnfgu.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-10-02 23:55:59 184320]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 07:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2005-07-20 14:26]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 18:06]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 17:26:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-09 17:27:31
.
2008-01-09 08:03:35 --- E O F ---

The time did not change back to normal time.. did you want me to manually change it before restarting back to normal time to see if it reset itself in military time or leave it alone to see if it reverted back to normal time by itself? last time I changed it was about a day and a half ago it has been fine since until I just noticed it a bit ago.

Response Number 9

Name: jabuck
Date: February 9, 2008 at 18:42:36 Pacific

Reply:

Go ahead and reset it to normal time.
Your log is clean, how is the computer operating?

Response Number 10

Name: GoUSF
Date: February 9, 2008 at 19:35:47 Pacific

Reply:

Reset the time, seems good so far.. no SGCsadma error no other typical errors I have been having.. However it appears something is still arii.. when I go to open up Sportsbook.com Poker program I get this Error
"EConvertError Occured in fmMainLobby.TfrmMainLobby.FormCreat ($00409596): '2008-02-07 23:01)21' is not a valid date and time"
Looks like something is still screwy with my Clock its displaying in the right format though.. Ill reinstall the poker program.. we will see if it is still giving trouble afterward.. any suggestions? BTW, this a different program then the one I suspect downloaded and caused the virus as I have used this for about 6 months now.
Thanks so uh for the help!

Response Number 11

Name: jabuck
Date: February 10, 2008 at 16:37:22 Pacific

Reply:

Glad we could help, if you have any problems let us know.

Sponsored Link

Ads by Google

zlob and xlibg trojans

Need help removing virus ...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Having some Virus problems

Virus (?) problem...

Summary

www.computing.net/answers/security/virus-problem/13736.html

FixBlast.exe crushes... Please Help

Summary

www.computing.net/answers/security/fixblastexe-crushes-please-help/6269.html

clean up w32.imaut!!

Summary

www.computing.net/answers/security/clean-up-w32imaut/27178.html

From the Geek Dictionary
video adapter - a video adapter is just another name for a video or graphics card. It is a ...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
Shared Printer

fax software

Booting Error

Another redirect virus

cpu 100% 1500processes at startup wat do i do

All Awaiting Reply

Tom's News
Small-Time Company Sues Nintendo, Sony, MSFT

Town Appoints, Pays Resident Tweeter

Amazon: Kindle Outsold Everything in November

Leak Says Google Phone is a "Certainty"

Using Google-Wave to Track A Man-Hunt

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE