Many pos files, consistnant freezes

Original Message

Name: caaa0502
Date: February 11, 2008 at 20:45:48 Pacific
Subject: Many pos files, consistnant freezes
OS: Windows xp sp2
CPU/Ram: Intel core 2 due e6750 4g
Model/Manufacturer: Home built, mb p5ne sli

Comment:

I am having the same issues as the other people posting in this forum. I have seem to be caught by this pos virus and can tell you people have helped quite a bit. Please help me.
I have gotten many of the posxxx files, many popups have arrived, and i get constant system error messages.
Thanks in advance

Report Offensive Message For Removal

Response Number 1

Name: jabuck
Date: February 12, 2008 at 03:22:24 Pacific
Subject: Many pos files, consistnant freezes

Reply: (edit)

Go to the this link:
Disable Realtime Protection
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Please download Atribune's VundoFix.exe from the following site to your desktop:
Vundofix.exe

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click "yes".
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
click "ok".
Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Report Offensive Follow Up For Removal

Response Number 2

Name: caaa0502
Date: February 12, 2008 at 14:43:48 Pacific
Subject: Many pos files, consistnant freezes

Reply: (edit)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:37 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Aaron\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stcloudstate.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {71FA37BE-76EF-41EB-B8D5-1FF5A616B8D6} - C:\WINDOWS\System32\jkklm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {cf7549ba-6a64-80f8-8e84-d1b559faf04d} - {d40faf95-5b1d-48e8-8f08-46a6ab9457fc} - C:\WINDOWS\system32\fewdewba.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [e8e43b49] rundll32.exe "C:\WINDOWS\system32\ukcqeejg.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1060284298-1957994488-682003330-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1060284298-1957994488-682003330-1004\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-21-1060284298-1957994488-682003330-1004\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (User '?')
O4 - HKUS\S-1-5-21-1060284298-1957994488-682003330-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background (User '?')
O4 - HKUS\S-1-5-21-1060284298-1957994488-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9873 bytes

ComboFix 08-02-13.2 - Aaron 2008-02-12 16:28:43.1 - NTFSx86
Running from: C:\Documents and Settings\Aaron\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\isgTi19
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N120M1710NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\xpreload.ocx
C:\WINDOWS\system32\advapi3.dll
C:\WINDOWS\system32\atmpvcn.dll
C:\WINDOWS\system32\gjeeqcku.ini
C:\WINDOWS\system32\llaedhhd.ini
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\wfutsjka.ini
.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.
2008-02-13 16:31 . 2008-02-13 16:31 163,904 --a------ C:\WINDOWS\system32\viseltml.dll.vir
2008-02-13 16:31 . 2008-02-13 16:31 93,248 --a------ C:\WINDOWS\system32\rfuscift.dll.vir
2008-02-13 16:31 . 2008-02-13 16:31 93,248 --a------ C:\WINDOWS\system32\lqeogemj.dll.vir
2008-02-13 16:31 . 2008-02-13 16:31 93,248 --a------ C:\WINDOWS\system32\fewdewba.dll.vir
2008-02-13 16:31 . 2008-02-13 16:31 86,080 --a------ C:\WINDOWS\system32\ukcqeejg.dll.vir
2008-02-12 16:19 . 2008-02-12 16:19 0 --a------ C:\rollback.ini
2008-02-12 05:30 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-12 05:28 . 2008-02-12 05:28 <DIR> d-------- C:\Program Files\Dell 720
2008-02-12 05:23 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-12 05:23 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-12 01:33 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-12 01:29 . 2008-02-13 16:35 2,053,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-12 01:29 . 2008-02-13 16:34 28,532 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-12 01:26 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\MailFrontier
2008-02-12 01:16 . 2008-02-12 01:16 93,248 --a------ C:\WINDOWS\system32\rfuscift.dll
2008-02-11 22:21 . 2008-02-12 16:23 <DIR> d-------- C:\VundoFix Backups
2008-02-11 21:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-11 21:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-11 21:35 . 2008-02-11 21:35 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-11 21:35 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-11 21:33 . 2008-02-11 21:34 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-11 21:32 . 2008-02-11 21:32 <DIR> dr-h----- C:\MSOCache
2008-02-11 21:32 . 2008-02-11 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-11 20:21 . 2008-02-11 20:21 163,904 --a------ C:\WINDOWS\system32\viseltml.dll
2008-02-11 20:21 . 2008-02-11 20:21 86,080 --a------ C:\WINDOWS\system32\ukcqeejg.dll
2008-02-11 20:17 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-11 20:17 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\Aaron\WINDOWS
2008-02-11 20:08 . 2008-02-11 20:08 93,248 --a------ C:\WINDOWS\system32\fewdewba.dll
2008-02-11 14:38 . 2008-02-11 14:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-11 13:28 . 2008-02-11 13:28 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-11 13:12 . 2004-08-04 01:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-11 13:11 . 2008-02-11 13:11 <DIR> d-------- C:\WINDOWS\provisioning
2008-02-11 13:11 . 2008-02-11 13:11 <DIR> d-------- C:\WINDOWS\peernet
2008-02-11 13:10 . 2008-02-11 13:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-11 13:08 . 2008-02-11 13:08 <DIR> d-------- C:\WINDOWS\EHome
2008-02-11 13:06 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-02-11 13:06 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-02-11 13:06 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-02-11 13:06 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-02-11 12:35 . 2004-08-04 01:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-02-11 12:35 . 2004-08-04 01:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-02-11 12:35 . 2004-08-04 01:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-02-11 12:35 . 2007-03-08 09:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2008-02-11 12:35 . 2004-03-29 19:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-02-11 12:34 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-11 12:33 . 2005-10-20 16:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-02-11 12:25 . 2008-02-11 12:25 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-02-11 12:24 . 2008-02-11 12:24 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-11 12:24 . 2008-02-12 05:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-11 12:18 . 2008-02-11 12:18 0 --a------ C:\WINDOWS\vpc32.INI
2008-02-11 12:14 . 2008-02-11 12:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\Symantec
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-10 23:54 . 2008-02-10 23:54 93,248 --a------ C:\WINDOWS\system32\lqeogemj.dll
2008-02-10 23:53 . 2008-02-10 23:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-10 23:48 . 2008-02-13 16:29 <DIR> d-------- C:\Temp
2008-02-09 13:05 . 2006-05-04 02:35 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
2008-02-09 13:05 . 2006-11-15 00:34 4,225,920 -ra------ C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-02-09 13:05 . 2006-05-16 04:04 2,879,488 -r------- C:\WINDOWS\SkyTel.exe
2008-02-09 13:05 . 2006-11-12 23:07 1,183,744 -r------- C:\WINDOWS\RtlUpd.exe
2008-02-09 13:05 . 2006-08-17 16:58 282,624 -ra------ C:\WINDOWS\system32\RTSndMgr.Cpl
2008-02-09 13:05 . 2006-07-21 02:14 86,016 -r------- C:\WINDOWS\SoundMan.exe
2008-02-09 13:05 . 2004-08-04 00:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-02-09 13:05 . 2004-08-04 01:56 23,552 --a------ C:\WINDOWS\system32\wdmaud.drv
2008-02-09 13:04 . 2006-11-14 03:21 16,270,848 -r------- C:\WINDOWS\RTHDCPL.exe
2008-02-09 13:04 . 2006-05-04 02:26 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2008-02-09 13:04 . 2006-10-11 03:42 2,157,568 -r------- C:\WINDOWS\MicCal.exe
2008-02-09 13:04 . 2005-09-20 20:25 299,008 -ra------ C:\WINDOWS\system32\ALSndMgr.Cpl
2008-02-09 13:04 . 2005-05-03 04:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-02-06 23:38 . 2008-02-06 23:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-06 23:38 . 2008-02-06 23:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-06 18:19 . 2008-02-11 20:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-06 12:29 . 2008-02-06 12:29 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-02-05 22:17 . 2008-02-05 22:17 <DIR> d-------- C:\WINDOWS\Sun
2008-02-05 22:17 . 2008-02-05 22:17 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-02-05 22:17 . 2008-02-11 12:34 <DIR> d-------- C:\Program Files\Java
2008-02-05 22:16 . 2008-02-05 22:16 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-05 22:12 . 2008-02-05 22:12 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-05 22:12 . 2008-02-12 05:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-05 22:12 . 2004-08-04 01:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-05 22:12 . 2004-08-04 01:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-05 22:12 . 2004-08-04 01:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-02-05 22:12 . 2004-08-04 01:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-02-05 22:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-05 22:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-05 22:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-05 22:11 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-02-05 22:11 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-05 22:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-05 22:11 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-05 22:11 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-05 22:11 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-05 22:06 . 2008-02-05 22:06 <DIR> d-------- C:\Program Files\Google
2008-02-05 21:38 . 2008-02-08 22:27 <DIR> d-------- C:\Program Files\World of Warcraft
2008-02-05 19:53 . 2006-04-06 15:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-05 19:24 . 2008-02-05 21:38 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-05 18:25 . 2008-02-05 18:25 <DIR> d-------- C:\Program Files\Ubisoft
2008-02-05 18:25 . 2000-05-21 16:00 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-02-05 18:25 . 1998-06-17 16:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 22:24 1,997,824 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-12 04:02 1,997,824 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-12 01:59 1,978,368 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-11 18:59 1,321,984 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-09 19:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-09 19:04 --------- d-----w C:\Program Files\Realtek
2008-02-06 18:29 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-02-03 01:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 01:01 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-03 00:59 --------- d-----w C:\Program Files\Nero
2008-02-03 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-03 00:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-03 00:37 22,328 ----a-w C:\Documents and Settings\Aaron\Application Data\PnkBstrK.sys
2008-02-03 00:29 --------- d-----w C:\Program Files\id Software
2008-02-03 00:20 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-04 21:58 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-11-14 22:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71FA37BE-76EF-41EB-B8D5-1FF5A616B8D6}]
C:\WINDOWS\System32\jkklm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40faf95-5b1d-48e8-8f08-46a6ab9457fc}]
2008-02-11 20:08 93248 --a------ C:\WINDOWS\system32\fewdewba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-11 12:25 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 17:12 484904]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]
"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 06:44 36864]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 06:44 1953792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-05-11 06:03 8429568]
"nwiz"="nwiz.exe" [2007-05-11 06:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-05-11 06:03 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 03:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"e8e43b49"="C:\WINDOWS\system32\ukcqeejg.dll" [2008-02-11 20:21 86080]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 22:37:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 16:35:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
r Running Proce
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
.
**************************************************************************
.
Completion time: 2008-02-13 16:38:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 22:38:05
.
2008-02-12 11:33:01 --- E O F ---

Report Offensive Follow Up For Removal

Response Number 3

Name: jabuck
Date: February 12, 2008 at 17:25:35 Pacific
Subject: Many pos files, consistnant freezes

Reply: (edit)

Go to start> control panel> administrative tools> services> scroll down to "Microsoft cache control" may be called "MSControlService" and double click it> click the blue drop down arrow on the far right of "startup type" and select "disable"> click apply>ok.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\viseltml.dll.vir
C:\WINDOWS\system32\rfuscift.dll.vir
C:\WINDOWS\system32\lqeogemj.dll.vir
C:\WINDOWS\system32\fewdewba.dll.vir
C:\WINDOWS\system32\ukcqeejg.dll.vir
C:\WINDOWS\system32\ukcqeejg.dll
C:\WINDOWS\system32\fewdewba.dll
C:\WINDOWS\system32\rfuscift.dll
C:\WINDOWS\system32\viseltml.dll
C:\WINDOWS\system32\lqeogemj.dll
C:\WINDOWS\System32\jkklm.dll

Driver::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71FA37BE-76EF-41EB-B8D5-1FF5A616B8D6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40faf95-5b1d-48e8-8f08-46a6ab9457fc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e8e43b49"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Report Offensive Follow Up For Removal

Response Number 4

Name: caaa0502
Date: February 12, 2008 at 21:07:01 Pacific
Subject: Many pos files, consistnant freezes

Reply: (edit)

I did everything up to the Kaspersky Online Scanner portion. Internet explorer has now gone haywire on my computer, everytime i click on the icon it will flash the window for a brief half second and will then close, this happens with all internet explore links. I have tried reinstalling it as firefox still works, however the kaspersky online scanner only seems to work with internet explorer. I have tried various restore internet options defaults with no prevail.
(edit) I have gotten internet explorer 7 to finally reinstall, however it still has a major problem, i can get the window to open up, but cannot get the address bar to work, every time i try i get the message, "addressbar" http://site.com/ is currently unavailable. I can no longer exit out of the internet explorer window or use any of the home/tool/page icons. And must use the Windows task manager to close the window.(edit)
I ran a Zonealarm virus scanner/spyware scanner, and it found 10 viruses, 9 of them were
not-a-virus:adWare.win32virtumonde.gen
located in: c:\Qoobox\quarentine\c\WINDOWS\system32\fewdewba.dll.vir.vir
and other various c:\Qoobox\quarentine\c\WINDOWS\system32\xxxxxxx files
The other virus it found was not-a-virus:downloader.win32.winFixer.an
In the same general folder
Zonealarm then moved these files into it's own quarentine.

Report Offensive Follow Up For Removal

Response Number 5

Name: jabuck
Date: February 13, 2008 at 03:27:47 Pacific
Subject: Many pos files, consistnant freezes

Reply: (edit)

Ok, post a new Hijack This log and a new Combofix log please.

Report Offensive Follow Up For Removal


POS Files pos files, red X for C drive POS files, red x and system HELP! help with all these pos files Red x on C + pos files	pos files and security alerts Red X icon on Drive C POS.tmp file and red X on C-dive C: With Red X Icon, POS TMP Files pos.tmp files

Response Number 6

Name: caaa0502
Date: February 13, 2008 at 09:35:55 Pacific
Subject: Many pos files, consistnant freezes

Reply: (edit)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:23 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aaron\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1060284298-1957994488-682003330-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1060284298-1957994488-682003330-1004\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-21-1060284298-1957994488-682003330-1004\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (User '?')
O4 - HKUS\S-1-5-21-1060284298-1957994488-682003330-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background (User '?')
O4 - HKUS\S-1-5-21-1060284298-1957994488-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9413 bytes
ComboFix 08-02-13.2 - Aaron 2008-02-14 11:33:11.5 - NTFSx86
Running from: C:\Documents and Settings\Aaron\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.
2008-02-13 23:37 . 2008-02-14 01:39 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-13 23:35 . 2008-02-14 01:39 <DIR> d-------- C:\Program Files\IE Registry Manager
2008-02-13 23:35 . 2008-02-13 23:40 286,720 --------- C:\WINDOWS\Setup1.exe
2008-02-13 23:35 . 2008-02-13 23:40 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-12 16:19 . 2008-02-14 00:50 959 --a------ C:\rollback.ini
2008-02-12 05:30 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-12 05:28 . 2008-02-12 05:28 <DIR> d-------- C:\Program Files\Dell 720
2008-02-12 05:23 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-12 05:23 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-12 01:33 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-12 01:29 . 2008-02-14 11:34 2,288,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-12 01:29 . 2008-02-14 02:08 31,580 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-12 01:26 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\MailFrontier
2008-02-11 22:21 . 2008-02-12 16:23 <DIR> d-------- C:\VundoFix Backups
2008-02-11 21:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-11 21:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-11 21:35 . 2008-02-11 21:35 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-11 21:35 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-11 21:33 . 2008-02-11 21:34 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-11 21:32 . 2008-02-11 21:32 <DIR> dr-h----- C:\MSOCache
2008-02-11 21:32 . 2008-02-11 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-11 20:21 . 2008-02-11 20:21 86,080 --a------ C:\WINDOWS\system32\ukcqeejg.dll.vzr
2008-02-11 20:17 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-11 20:17 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\Aaron\WINDOWS
2008-02-11 14:38 . 2008-02-11 14:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-11 13:28 . 2008-02-11 13:28 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-11 13:12 . 2004-08-04 01:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-11 13:11 . 2008-02-11 13:11 <DIR> d-------- C:\WINDOWS\provisioning
2008-02-11 13:11 . 2008-02-11 13:11 <DIR> d-------- C:\WINDOWS\peernet
2008-02-11 13:10 . 2008-02-11 13:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-11 13:08 . 2008-02-11 13:08 <DIR> d-------- C:\WINDOWS\EHome
2008-02-11 13:06 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-02-11 13:06 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-02-11 13:06 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-02-11 13:06 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-02-11 12:35 . 2004-08-04 01:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-02-11 12:35 . 2004-08-04 01:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-02-11 12:35 . 2004-08-04 01:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-02-11 12:35 . 2007-03-08 09:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2008-02-11 12:35 . 2004-03-29 19:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-02-11 12:34 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-11 12:33 . 2005-10-20 16:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-02-11 12:25 . 2008-02-11 12:25 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-02-11 12:24 . 2008-02-11 12:24 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-11 12:24 . 2008-02-12 05:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-11 12:18 . 2008-02-11 12:18 0 --a------ C:\WINDOWS\vpc32.INI
2008-02-11 12:14 . 2008-02-11 12:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\Symantec
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-10 23:53 . 2008-02-10 23:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-10 23:48 . 2008-02-13 16:29 <DIR> d-------- C:\Temp
2008-02-09 13:05 . 2006-05-04 02:35 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
2008-02-09 13:05 . 2006-11-15 00:34 4,225,920 -ra------ C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-02-09 13:05 . 2006-05-16 04:04 2,879,488 -r------- C:\WINDOWS\SkyTel.exe
2008-02-09 13:05 . 2006-11-12 23:07 1,183,744 -r------- C:\WINDOWS\RtlUpd.exe
2008-02-09 13:05 . 2006-08-17 16:58 282,624 -ra------ C:\WINDOWS\system32\RTSndMgr.Cpl
2008-02-09 13:05 . 2006-07-21 02:14 86,016 -r------- C:\WINDOWS\SoundMan.exe
2008-02-09 13:05 . 2004-08-04 00:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-02-09 13:05 . 2004-08-04 01:56 23,552 --a------ C:\WINDOWS\system32\wdmaud.drv
2008-02-09 13:04 . 2006-11-14 03:21 16,270,848 -r------- C:\WINDOWS\RTHDCPL.exe
2008-02-09 13:04 . 2006-05-04 02:26 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2008-02-09 13:04 . 2006-10-11 03:42 2,157,568 -r------- C:\WINDOWS\MicCal.exe
2008-02-09 13:04 . 2005-09-20 20:25 299,008 -ra------ C:\WINDOWS\system32\ALSndMgr.Cpl
2008-02-09 13:04 . 2005-05-03 04:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-02-06 23:38 . 2008-02-06 23:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-06 23:38 . 2008-02-06 23:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-06 18:19 . 2008-02-11 20:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-06 12:29 . 2008-02-06 12:29 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-02-05 22:17 . 2008-02-05 22:17 <DIR> d-------- C:\WINDOWS\Sun
2008-02-05 22:17 . 2008-02-05 22:17 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-02-05 22:17 . 2008-02-11 12:34 <DIR> d-------- C:\Program Files\Java
2008-02-05 22:16 . 2008-02-05 22:16 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-05 22:12 . 2008-02-05 22:12 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-05 22:12 . 2008-02-12 05:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-05 22:12 . 2004-08-04 01:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-05 22:12 . 2004-08-04 01:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-05 22:12 . 2004-08-04 01:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-02-05 22:12 . 2004-08-04 01:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-02-05 22:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-05 22:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-05 22:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-05 22:11 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-02-05 22:11 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-05 22:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-05 22:11 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-05 22:11 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-05 22:11 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-05 22:06 . 2008-02-05 22:06 <DIR> d-------- C:\Program Files\Google
2008-02-05 21:38 . 2008-02-08 22:27 <DIR> d-------- C:\Program Files\World of Warcraft
2008-02-05 19:53 . 2006-04-06 15:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-05 19:24 . 2008-02-05 21:38 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-05 18:25 . 2008-02-05 18:25 <DIR> d-------- C:\Program Files\Ubisoft
2008-02-05 18:25 . 1998-06-17 16:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-02-05 18:25 . 2000-03-17 01:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-02-05 18:25 . 2000-03-17 01:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-02-05 18:25 . 2002-04-24 04:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-02-05 18:25 . 2002-10-17 02:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-02-05 18:25 . 2002-01-07 09:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-05 17:41 . 2008-02-05 19:51 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 05:25 820,495 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-12 22:24 1,997,824 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-12 04:02 1,997,824 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-12 01:59 1,978,368 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-11 18:59 1,321,984 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-09 19:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-09 19:07 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-09 19:04 --------- d-----w C:\Program Files\Realtek
2008-02-08 05:18 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-06 18:29 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-02-03 01:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 01:01 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-03 00:59 --------- d-----w C:\Program Files\Nero
2008-02-03 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-03 00:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-03 00:37 22,328 ----a-w C:\Documents and Settings\Aaron\Application Data\PnkBstrK.sys
2008-02-03 00:29 --------- d-----w C:\Program Files\id Software
2008-02-03 00:20 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-14 22:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 22:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-11 12:25 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 17:12 484904]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]
"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 06:44 36864]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 06:44 1953792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-05-11 06:03 8429568]
"nwiz"="nwiz.exe" [2007-05-11 06:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-05-11 06:03 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 03:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 17:30:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 11:34:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-14 11:35:19
ComboFix-quarantined-files.txt 2008-02-14 17:35:16
ComboFix2.txt 2008-02-14 05:54:41
ComboFix3.txt 2008-02-14 04:54:57
ComboFix4.txt 2008-02-14 02:45:41
ComboFix5.txt 2008-02-13 22:38:08
.
2008-02-12 11:33:01 --- E O F ---

Report Offensive Follow Up For Removal

Response Number 7

Name: jabuck
Date: February 14, 2008 at 03:31:32 Pacific
Subject: Many pos files, consistnant freezes

Reply: (edit)

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\ukcqeejg.dll.vzr
C:\WINDOWS\system32\ukcqeejg.dll
C:\WINDOWS\vpc32.INI

Folder::
C:\VundoFix Backups
C:\Qoobox
Registry::

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Combofix log and post a new Kaspersky log please.

Report Offensive Follow Up For Removal

Response Number 8

Name: caaa0502
Date: February 16, 2008 at 13:47:35 Pacific
Subject: Many pos files, consistnant freezes

Reply: (edit)

I was having alot of small tweaks messed up with my computer, windows update wasn;t doing anything, half the links for the internet wasn;t working, comupter took a while to shut down, and other various tweaks. I just decided to reinstall windows as my computer was pretty new and wouldn't take much work to backup anything i needed and reinstall the few programs/drivers i needed. After the reinstall all the small problems went away. Here is a kaspersky log and combofix after about 1 day of internet use with zonealarm firewall, symantech antivirus, and built in active armour firewall enabled.
---------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 15, 2008 8:26:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/02/2008
Kaspersky Anti-Virus database records: 567256
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 33920
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:34:49
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Local Settings\History\History.IE5\MSHist012008021520080216\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\MailFrontier\reginfo.xml Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0242NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0861NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FCD3A337-428D-4029-9D2E-E3139CA78DB3}\RP7\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\AARON-DYSTPS4D3.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\app_filter_ui.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT00573.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT04393.TMP Object is locked skipped
Scan process completed.

ComboFix 08-02-13.2 - Aaron 2008-02-15 12:38:55.6 - NTFSx86
Running from: C:\Documents and Settings\Aaron\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Aaron\Desktop\CFScript.txt
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\WINDOWS\system32\ukcqeejg.dll
C:\WINDOWS\system32\ukcqeejg.dll.vzr
C:\WINDOWS\vpc32.INI
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Qoobox
C:\Qoobox\BackEnv\appdata.folder.dat
C:\Qoobox\BackEnv\cache.folder.dat
C:\Qoobox\BackEnv\desktop.folder.dat
C:\Qoobox\BackEnv\favorites.folder.dat
C:\Qoobox\BackEnv\local appdata.folder.dat
C:\Qoobox\BackEnv\local settings.folder.dat
C:\Qoobox\BackEnv\my pictures.folder.dat
C:\Qoobox\BackEnv\personal.folder.dat
C:\Qoobox\BackEnv\profiles.folder.dat
C:\Qoobox\BackEnv\programs.folder.dat
C:\Qoobox\BackEnv\setpath.bat
C:\Qoobox\BackEnv\setpath.dat
C:\Qoobox\BackEnv\start menu.folder.dat
C:\Qoobox\BackEnv\startup.folder.dat
C:\Qoobox\BackEnv\templates.folder.dat
C:\Qoobox\CFScript_used_2008-02-13@20.43.txt
C:\Qoobox\CFScript_used_2008-02-13@22.53.txt
C:\Qoobox\CFScript_used_2008-02-15@12.38.txt
C:\Qoobox\ComboFix-quarantined-files.txt
C:\Qoobox\ComboFix2.txt
C:\Qoobox\ComboFix3.txt
C:\Qoobox\ComboFix4.txt
C:\Qoobox\ComboFix5.txt
C:\Qoobox\snapshot@2008-02-13_16.37.55.75.dat
C:\Qoobox\snapshot@2008-02-13_16.37.55.75_B.dat
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\dleakhyi.dllbox.bad
C:\VundoFix Backups\jkklm.dll.bad
C:\VundoFix Backups\mlkkj.ini.bad
C:\VundoFix Backups\mlkkj.ini2.bad
C:\VundoFix Backups\onuelbci.dllbox.bad
C:\WINDOWS\system32\ukcqeejg.dll.vzr
C:\WINDOWS\vpc32.INI
.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.
2008-02-13 23:37 . 2008-02-14 01:39 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-13 23:35 . 2008-02-14 01:39 <DIR> d-------- C:\Program Files\IE Registry Manager
2008-02-13 23:35 . 2008-02-13 23:40 286,720 --------- C:\WINDOWS\Setup1.exe
2008-02-13 23:35 . 2008-02-13 23:40 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-12 16:19 . 2008-02-15 00:50 805 --a------ C:\rollback.ini
2008-02-12 05:30 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-12 05:28 . 2008-02-12 05:28 <DIR> d-------- C:\Program Files\Dell 720
2008-02-12 05:23 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-12 05:23 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-12 01:33 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-12 01:29 . 2008-02-15 12:40 2,358,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-12 01:29 . 2008-02-15 02:55 32,444 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-12 01:26 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\MailFrontier
2008-02-11 21:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-11 21:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-11 21:35 . 2008-02-11 21:35 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-11 21:35 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-11 21:33 . 2008-02-11 21:34 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-11 21:32 . 2008-02-11 21:32 <DIR> dr-h----- C:\MSOCache
2008-02-11 21:32 . 2008-02-11 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-11 20:17 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-11 20:17 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\Aaron\WINDOWS
2008-02-11 14:38 . 2008-02-11 14:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-11 13:28 . 2008-02-11 13:28 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-11 13:12 . 2004-08-04 01:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-11 13:11 . 2008-02-11 13:11 <DIR> d-------- C:\WINDOWS\provisioning
2008-02-11 13:11 . 2008-02-11 13:11 <DIR> d-------- C:\WINDOWS\peernet
2008-02-11 13:10 . 2008-02-11 13:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-11 13:08 . 2008-02-11 13:08 <DIR> d-------- C:\WINDOWS\EHome
2008-02-11 13:06 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-02-11 13:06 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-02-11 13:06 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-02-11 13:06 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-02-11 12:35 . 2004-08-04 01:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-02-11 12:35 . 2004-08-04 01:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-02-11 12:35 . 2004-08-04 01:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-02-11 12:35 . 2007-03-08 09:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2008-02-11 12:35 . 2004-03-29 19:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-02-11 12:34 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-11 12:33 . 2005-10-20 16:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-02-11 12:25 . 2008-02-11 12:25 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-02-11 12:24 . 2008-02-11 12:24 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-11 12:24 . 2008-02-12 05:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-11 12:14 . 2008-02-11 12:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\Symantec
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-10 23:53 . 2008-02-10 23:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-10 23:48 . 2008-02-13 16:29 <DIR> d-------- C:\Temp
2008-02-09 13:05 . 2006-05-04 02:35 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
2008-02-09 13:05 . 2006-11-15 00:34 4,225,920 -ra------ C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-02-09 13:05 . 2006-05-16 04:04 2,879,488 -r------- C:\WINDOWS\SkyTel.exe
2008-02-09 13:05 . 2006-11-12 23:07 1,183,744 -r------- C:\WINDOWS\RtlUpd.exe
2008-02-09 13:05 . 2006-08-17 16:58 282,624 -ra------ C:\WINDOWS\system32\RTSndMgr.Cpl
2008-02-09 13:05 . 2006-07-21 02:14 86,016 -r------- C:\WINDOWS\SoundMan.exe
2008-02-09 13:05 . 2004-08-04 00:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-02-09 13:05 . 2004-08-04 01:56 23,552 --a------ C:\WINDOWS\system32\wdmaud.drv
2008-02-09 13:04 . 2006-11-14 03:21 16,270,848 -r------- C:\WINDOWS\RTHDCPL.exe
2008-02-09 13:04 . 2006-05-04 02:26 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2008-02-09 13:04 . 2006-10-11 03:42 2,157,568 -r------- C:\WINDOWS\MicCal.exe
2008-02-09 13:04 . 2005-09-20 20:25 299,008 -ra------ C:\WINDOWS\system32\ALSndMgr.Cpl
2008-02-09 13:04 . 2005-05-03 04:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-02-06 23:38 . 2008-02-06 23:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-06 23:38 . 2008-02-06 23:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-06 18:19 . 2008-02-14 11:42 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-06 12:29 . 2008-02-06 12:29 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-02-05 22:17 . 2008-02-05 22:17 <DIR> d-------- C:\WINDOWS\Sun
2008-02-05 22:17 . 2008-02-05 22:17 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-02-05 22:17 . 2008-02-11 12:34 <DIR> d-------- C:\Program Files\Java
2008-02-05 22:16 . 2008-02-05 22:16 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-05 22:12 . 2008-02-05 22:12 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-05 22:12 . 2008-02-12 05:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-05 22:12 . 2004-08-04 01:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-05 22:12 . 2004-08-04 01:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-05 22:12 . 2004-08-04 01:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-02-05 22:12 . 2004-08-04 01:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-02-05 22:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-05 22:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-05 22:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-05 22:11 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-02-05 22:11 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-05 22:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-05 22:11 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-05 22:11 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-05 22:11 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-05 22:06 . 2008-02-05 22:06 <DIR> d-------- C:\Program Files\Google
2008-02-05 21:38 . 2008-02-08 22:27 <DIR> d-------- C:\Program Files\World of Warcraft
2008-02-05 19:53 . 2006-04-06 15:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-05 19:24 . 2008-02-05 21:38 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-05 18:25 . 2008-02-05 18:25 <DIR> d-------- C:\Program Files\Ubisoft
2008-02-05 18:25 . 1998-06-17 16:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-02-05 18:25 . 2000-03-17 01:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-02-05 18:25 . 2000-03-17 01:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-02-05 18:25 . 2002-04-24 04:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-02-05 18:25 . 2002-10-17 02:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-02-05 18:25 . 2002-01-07 09:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-05 17:41 . 2008-02-05 19:51 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\U3
2008-02-02 19:15 . 2008-02-02 19:15 <DIR> d-------- C:\Program Files\DivX
2008-02-02 19:15 . 2008-02-02 19:15 <DIR> d--hs---- C:\Documents and Settings\Aaron\UserData
2008-02-02 19:13 . 2008-02-02 19:13 13,754 --a------ C:\WINDOWS\system32\wpa.bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 00:14 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-15 00:14 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-14 05:25 820,495 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-12 22:24 1,997,824 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-12 04:02 1,997,824 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-12 01:59 1,978,368 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-11 18:59 1,321,984 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-09 19:04 --------- d-----w C:\Program Files\Realtek
2008-02-08 05:18 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-06 18:29 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-02-03 01:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 01:01 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-03 00:59 --------- d-----w C:\Program Files\Nero
2008-02-03 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-03 00:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-03 00:37 22,328 ----a-w C:\Documents and Settings\Aaron\Application Data\PnkBstrK.sys
2008-02-03 00:29 --------- d-----w C:\Program Files\id Software
2008-02-03 00:20 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-11 12:25 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 17:12 484904]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]
"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 06:44 36864]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 06:44 1953792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-05-11 06:03 8429568]
"nwiz"="nwiz.exe" [2007-05-11 06:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-05-11 06:03 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 03:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 18:38:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 12:40:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-15 12:40:58
.
2008-02-12 11:33:01 --- E O F ---

Report Offensive Follow Up For Removal

Response Number 9

Name: caaa0502
Date: February 16, 2008 at 14:51:59 Pacific
Subject: Many pos files, consistnant freezes

Reply: (edit)

I was having alot of small tweaks messed up with my computer, windows update wasn;t doing anything, half the links for the internet wasn;t working, comupter took a while to shut down, and other various tweaks. I just decided to reinstall windows as my computer was pretty new and wouldn't take much work to backup anything i needed and reinstall the few programs/drivers i needed. After the reinstall all the small problems went away. Here is a kaspersky log and combofix after about 1 day of internet use with zonealarm firewall, symantech antivirus, and built in active armour firewall enabled.
---------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 15, 2008 8:26:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/02/2008
Kaspersky Anti-Virus database records: 567256
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 33920
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:34:49
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Local Settings\History\History.IE5\MSHist012008021520080216\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Aaron.AARON-DYSTPS4D3\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\MailFrontier\reginfo.xml Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0242NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0861NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FCD3A337-428D-4029-9D2E-E3139CA78DB3}\RP7\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\AARON-DYSTPS4D3.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\app_filter_ui.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT00573.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT04393.TMP Object is locked skipped
Scan process completed.

ComboFix 08-02-13.2 - Aaron 2008-02-15 12:38:55.6 - NTFSx86
Running from: C:\Documents and Settings\Aaron\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Aaron\Desktop\CFScript.txt
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\WINDOWS\system32\ukcqeejg.dll
C:\WINDOWS\system32\ukcqeejg.dll.vzr
C:\WINDOWS\vpc32.INI
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Qoobox
C:\Qoobox\BackEnv\appdata.folder.dat
C:\Qoobox\BackEnv\cache.folder.dat
C:\Qoobox\BackEnv\desktop.folder.dat
C:\Qoobox\BackEnv\favorites.folder.dat
C:\Qoobox\BackEnv\local appdata.folder.dat
C:\Qoobox\BackEnv\local settings.folder.dat
C:\Qoobox\BackEnv\my pictures.folder.dat
C:\Qoobox\BackEnv\personal.folder.dat
C:\Qoobox\BackEnv\profiles.folder.dat
C:\Qoobox\BackEnv\programs.folder.dat
C:\Qoobox\BackEnv\setpath.bat
C:\Qoobox\BackEnv\setpath.dat
C:\Qoobox\BackEnv\start menu.folder.dat
C:\Qoobox\BackEnv\startup.folder.dat
C:\Qoobox\BackEnv\templates.folder.dat
C:\Qoobox\CFScript_used_2008-02-13@20.43.txt
C:\Qoobox\CFScript_used_2008-02-13@22.53.txt
C:\Qoobox\CFScript_used_2008-02-15@12.38.txt
C:\Qoobox\ComboFix-quarantined-files.txt
C:\Qoobox\ComboFix2.txt
C:\Qoobox\ComboFix3.txt
C:\Qoobox\ComboFix4.txt
C:\Qoobox\ComboFix5.txt
C:\Qoobox\snapshot@2008-02-13_16.37.55.75.dat
C:\Qoobox\snapshot@2008-02-13_16.37.55.75_B.dat
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\dleakhyi.dllbox.bad
C:\VundoFix Backups\jkklm.dll.bad
C:\VundoFix Backups\mlkkj.ini.bad
C:\VundoFix Backups\mlkkj.ini2.bad
C:\VundoFix Backups\onuelbci.dllbox.bad
C:\WINDOWS\system32\ukcqeejg.dll.vzr
C:\WINDOWS\vpc32.INI
.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.
2008-02-13 23:37 . 2008-02-14 01:39 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-13 23:35 . 2008-02-14 01:39 <DIR> d-------- C:\Program Files\IE Registry Manager
2008-02-13 23:35 . 2008-02-13 23:40 286,720 --------- C:\WINDOWS\Setup1.exe
2008-02-13 23:35 . 2008-02-13 23:40 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-12 16:19 . 2008-02-15 00:50 805 --a------ C:\rollback.ini
2008-02-12 05:30 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-12 05:28 . 2008-02-12 05:28 <DIR> d-------- C:\Program Files\Dell 720
2008-02-12 05:23 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-12 05:23 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-12 01:33 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-12 01:29 . 2008-02-15 12:40 2,358,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-12 01:29 . 2008-02-15 02:55 32,444 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-12 01:26 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\MailFrontier
2008-02-11 21:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-11 21:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-11 21:35 . 2008-02-11 21:35 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-11 21:35 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-11 21:33 . 2008-02-11 21:34 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-11 21:32 . 2008-02-11 21:32 <DIR> dr-h----- C:\MSOCache
2008-02-11 21:32 . 2008-02-11 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-11 20:17 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-11 20:17 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\Aaron\WINDOWS
2008-02-11 14:38 . 2008-02-11 14:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-11 13:28 . 2008-02-11 13:28 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-11 13:12 . 2004-08-04 01:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-11 13:11 . 2008-02-11 13:11 <DIR> d-------- C:\WINDOWS\provisioning
2008-02-11 13:11 . 2008-02-11 13:11 <DIR> d-------- C:\WINDOWS\peernet
2008-02-11 13:10 . 2008-02-11 13:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-11 13:08 . 2008-02-11 13:08 <DIR> d-------- C:\WINDOWS\EHome
2008-02-11 13:06 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-02-11 13:06 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-02-11 13:06 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-02-11 13:06 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-02-11 12:35 . 2004-08-04 01:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-02-11 12:35 . 2004-08-04 01:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-02-11 12:35 . 2004-08-04 01:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-02-11 12:35 . 2007-03-08 09:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2008-02-11 12:35 . 2004-03-29 19:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-02-11 12:34 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-11 12:33 . 2005-10-20 16:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-02-11 12:25 . 2008-02-11 12:25 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-02-11 12:24 . 2008-02-11 12:24 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-11 12:24 . 2008-02-12 05:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-11 12:14 . 2008-02-11 12:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\Symantec
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-11 12:13 . 2008-02-11 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-10 23:53 . 2008-02-10 23:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-10 23:48 . 2008-02-13 16:29 <DIR> d-------- C:\Temp
2008-02-09 13:05 . 2006-05-04 02:35 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
2008-02-09 13:05 . 2006-11-15 00:34 4,225,920 -ra------ C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-02-09 13:05 . 2006-05-16 04:04 2,879,488 -r------- C:\WINDOWS\SkyTel.exe
2008-02-09 13:05 . 2006-11-12 23:07 1,183,744 -r------- C:\WINDOWS\RtlUpd.exe
2008-02-09 13:05 . 2006-08-17 16:58 282,624 -ra------ C:\WINDOWS\system32\RTSndMgr.Cpl
2008-02-09 13:05 . 2006-07-21 02:14 86,016 -r------- C:\WINDOWS\SoundMan.exe
2008-02-09 13:05 . 2004-08-04 00:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-02-09 13:05 . 2004-08-04 01:56 23,552 --a------ C:\WINDOWS\system32\wdmaud.drv
2008-02-09 13:04 . 2006-11-14 03:21 16,270,848 -r------- C:\WINDOWS\RTHDCPL.exe
2008-02-09 13:04 . 2006-05-04 02:26 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2008-02-09 13:04 . 2006-10-11 03:42 2,157,568 -r------- C:\WINDOWS\MicCal.exe
2008-02-09 13:04 . 2005-09-20 20:25 299,008 -ra------ C:\WINDOWS\system32\ALSndMgr.Cpl
2008-02-09 13:04 . 2005-05-03 04:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-02-06 23:38 . 2008-02-06 23:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-06 23:38 . 2008-02-06 23:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-06 18:19 . 2008-02-14 11:42 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-06 12:29 . 2008-02-06 12:29 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-02-05 22:17 . 2008-02-05 22:17 <DIR> d-------- C:\WINDOWS\Sun
2008-02-05 22:17 . 2008-02-05 22:17 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-02-05 22:17 . 2008-02-11 12:34 <DIR> d-------- C:\Program Files\Java
2008-02-05 22:16 . 2008-02-05 22:16 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-05 22:12 . 2008-02-05 22:12 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-05 22:12 . 2008-02-12 05:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-05 22:12 . 2004-08-04 01:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-05 22:12 . 2004-08-04 01:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-05 22:12 . 2004-08-04 01:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-02-05 22:12 . 2004-08-04 01:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-02-05 22:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-05 22:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-05 22:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-05 22:11 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-02-05 22:11 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-05 22:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-05 22:11 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-05 22:11 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-05 22:11 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-05 22:06 . 2008-02-05 22:06 <DIR> d-------- C:\Program Files\Google
2008-02-05 21:38 . 2008-02-08 22:27 <DIR> d-------- C:\Program Files\World of Warcraft
2008-02-05 19:53 . 2006-04-06 15:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-05 19:24 . 2008-02-05 21:38 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-05 18:25 . 2008-02-05 18:25 <DIR> d-------- C:\Program Files\Ubisoft
2008-02-05 18:25 . 1998-06-17 16:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-02-05 18:25 . 2000-03-17 01:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-02-05 18:25 . 2000-03-17 01:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-02-05 18:25 . 2002-04-24 04:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-02-05 18:25 . 2002-10-17 02:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-02-05 18:25 . 2002-01-07 09:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-05 17:41 . 2008-02-05 19:51 <DIR> d-------- C:\Documents and Settings\Aaron\Application Data\U3
2008-02-02 19:15 . 2008-02-02 19:15 <DIR> d-------- C:\Program Files\DivX
2008-02-02 19:15 . 2008-02-02 19:15 <DIR> d--hs---- C:\Documents and Settings\Aaron\UserData
2008-02-02 19:13 . 2008-02-02 19:13 13,754 --a------ C:\WINDOWS\system32\wpa.bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 00:14 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-15 00:14 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-14 05:25 820,495 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-12 22:24 1,997,824 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-12 04:02 1,997,824 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-12 01:59 1,978,368 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-11 18:59 1,321,984 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp