Vundo virus

Sony / Vgc-ra820g(uc)
January 5, 2009 at 20:57:55
Specs: Microsoft Windows XP Professional, 3.192 GHz / 1023 MB
I recently got the Vundo trojan/virus and am having a heck of a time getting rid of it. It prevented me from going to sites to download anything to get rid of it, so I went to another computer and downloaded and transferred Vundofix and malwarebytes, along with my regular AVG and spybot scans (which Vundo prevented me from updating). A few scans later I've gotten rid of some of the problem (I think), although Vundofix never once found any traces of it even at its worst. So here I have my hijackthis log if it helps and would like to know if there's anything else I need to fix, and any other things to clean it up would be helpful as well. Thanks for the help


See More: Vundo virus

Report •


#1
January 6, 2009 at 16:45:45
Please post your Hijack This log.

Report •

#2
January 6, 2009 at 17:08:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:44 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\program files\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\vg\VirtuaGirl2.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tanya\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/#
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3288C35D-9302-4949-8875-91EEBCC5D0FF} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sHotkey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Gatorlink VPN Client.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls...
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysre...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-fridge.com/nsvpl...
O20 - AppInit_DLLs: evbpih.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 12365 bytes


Report •

#3
January 7, 2009 at 20:17:44
Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 11 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your AVG antivirus, Spybot and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.


Report •

Related Solutions

#4
January 8, 2009 at 17:42:56
I tried very hard to turn my spybot and AVG off, but I'm not completely convinced they were off "enough." Nevertheless, here is my Combofix log, and the comp didn't explode so things must have worked out OK ;)

ComboFix 09-01-07.02 - tanya 2009-01-08 18:53:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.619 [GMT -5:00]
Running from: c:\documents and settings\tanya\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\tanya\LOCALS~1\Temp\E_4
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\setup.exe
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekafkatvekr.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\evbpih.dll
c:\windows\system32\kqtdubsg.dll
c:\windows\system32\Process.exe
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekaemyrjbpj.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekapavrbutu.dll
c:\windows\system32\senekayfbyvivk.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\vluuoc.dll
c:\windows\system32\wdhabdwg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-08 00:09 . 2009-01-08 00:11 <DIR> d-------- c:\documents and settings\tanya\.SunDownloadManager
2009-01-08 00:08 . 2009-01-08 00:07 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-08 00:08 . 2009-01-08 00:07 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-07 15:59 . 2009-01-07 15:59 73,216 --a------ c:\windows\system32\ffkuz.dll
2009-01-05 00:26 . 2009-01-05 00:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 00:26 . 2009-01-05 00:26 <DIR> d-------- c:\documents and settings\tanya\Application Data\Malwarebytes
2009-01-05 00:26 . 2009-01-05 00:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 00:26 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 00:26 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 14:13 . 2009-01-03 14:13 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-03 12:41 . 2009-01-03 12:41 <DIR> d-------- C:\VundoFix Backups
2009-01-02 21:21 . 2009-01-02 21:21 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDM1NjY5ODB8_
2008-12-24 23:52 . 2008-12-24 23:58 139,264 --a------ c:\windows\War3Unin.exe
2008-12-24 23:52 . 2008-12-25 00:18 76,853 --a------ c:\windows\War3Unin.dat
2008-12-24 23:52 . 2008-12-24 23:58 2,829 --a------ c:\windows\War3Unin.pif
2008-12-24 23:48 . 2008-12-30 22:45 <DIR> d-------- c:\program files\Warcraft III
2008-12-17 08:17 . 2008-12-17 08:17 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-17 08:15 . 2008-12-17 08:15 <DIR> d-------- c:\program files\Apple Software Update
2008-12-17 08:15 . 2008-12-17 08:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-11 20:56 . 2008-12-17 08:12 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-11 20:56 . 2008-12-11 20:56 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 23:50 --------- d-----w c:\program files\vg
2009-01-08 23:45 --------- d-----w c:\documents and settings\tanya\Application Data\AVG7
2009-01-08 14:51 --------- d-----w c:\program files\Steam
2009-01-08 05:07 --------- d-----w c:\program files\Java
2009-01-03 19:15 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-17 13:18 --------- d-----w c:\program files\QuickTime
2008-12-17 13:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-16 04:49 --------- d-----w c:\program files\World of Warcraft
2008-12-03 07:27 --------- d-----w c:\program files\Curse
2008-12-01 02:20 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-17 20:51 --------- d-----w c:\program files\ATI
2008-11-14 21:54 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-14 21:22 --------- d-----w c:\program files\ATI Technologies
2008-11-14 21:12 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-14 00:14 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll
2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-10-29 02:11 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll
2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe
2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-10-29 02:05 593,920 ----a-w c:\windows\system32\ati2sgag.exe
2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll
2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll
2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll
2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll
2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-10-29 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 17:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2006-02-28 17:18 596 ----a-w c:\documents and settings\tanya\Application Data\wklnhst.dat
2004-09-07 18:02 79 ----a-w c:\program files\Show Desktop.scf
2005-12-24 17:39 56 --sh--r c:\windows\system32\[u]0[/u]486B67C8F.sys
2007-09-14 23:51 952 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-04 21:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-07 1410296]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"sHotkey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-02 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-16 590848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"ATIPTA"="atiptaxx.exe" [2005-11-22 c:\windows\system32\atiptaxx.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-28 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-28 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-18 219136]

c:\documents and settings\tanya\Start Menu\Programs\Startup\
VirtuaGirl2.lnk - c:\program files\vg\VirtuaGirl2.exe [2007-05-06 2105344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-06 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-01-15 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=evbpih.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony\\vaio media 3.1\\Vc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\crono1000\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23759:TCP"= 23759:TCP:BitComet 23759 TCP
"23759:UDP"= 23759:UDP:BitComet 23759 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\tanya\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\tanya\LOCALS~1\Temp\bDMusicb.sys [?]
S3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2005-01-06 118877]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]

2009-01-08 c:\windows\Tasks\zkequdkr.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-msiexec.exe - msiconf.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.deviantart.com/#
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.cox.net/
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 19:01:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4136343476-2852040967-2447926140-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:88,18,cf,42,bf,02,c5,96,fb,39,b7,5b,3b,53,8f,b9,66,c0,bf,8a,f9,7d,c7,\
94,0a,ae,44,7b,ae,73,be,ab,dd,0b,0f,49,82,04,c2,ef,19,bf,90,2a,76,e5,0c,0d,\
90,4c,de,8a,00,fb,71,2f,7f,32,30,d3,3b,6e,82,1b,67,92,b1,16,03,dc,79,11,63,\
fe,8e,a7,07,0b,4d,42,dd,32,34,5e,d6,f5,b6,2e,d5,2a,fc,d0,f0,6b,d7,b8,8d,19,\
a0,a3,6c,4d,42,70,40,8b,ac,d3,90,09,13,75,91,a8,dc,91,aa,41,90,55,33,75,b2,\
ce,c7,d6,15,c1,49,2f,b0,66,c0,22,1a,97,e8,71,86,63,8c,7e,17,c2,10,9a,5b,ae,\
29,7b,cd,de,64,b6,ef,c2,3a,f0,97,50,e9,c2,fc,d3,13,7c,f9,7c,f8,a3,b6,21,e6,\
25,34,a6,2e,bd,9c,6e,19,e2,41,df,3d,a2,2e,2c,28,00,0f,6c,7c,0e,e1,78,e3,6f,\
43,86,f3,11,ef,ee,37,bc,2e,62,e3,3a,10,0d,48,16,94,c5,a2,a3,86,f4,95,7c,62,\
88,47,ef,15,4b,f8,a4,33,6a,34,f1,c9,42,9e,0d,62,26,02,8c,4b,78,75,17,8b,26,\
ec,7b,55,6c,3f,87,9e,21,9e,5c,99,de,e1,a0,54,e4,aa,59,cb,53,19,e2,a0,18,fc,\
b4,f0,5d,eb,39,f5,ba,cf,bb,73,a2,f7,16,55,27,88,f1,eb,d6,44,29,e1,09,71,45,\
74,9e,90,24,ab,64,e2,41,89,4c,45,53,17,dc,9e,75,68,be,65,c1,74,a5,35,e3,08,\
53,6c,ea,15,c0,59,3a,87,45,1f,b4,25,df,31,d2,0e,3f,69,4a,75,9a,9c,a0,ad,ad,\
33,5a,74,d2,b6,67,c0,15,1e,dc,5d,40,f8,c1,37,fe,b2,de,ed,bd,7b,12,15,1b,60,\
cf,8d,9e,ef,c7,43,4a,24,85,75,91,6c,50,1f,a9,a0,2b,4a,c1,62,fc,86,23,17,3b,\
e4,51,ac,95,71,5b,a7,bb,00,8d,57,e0,37,e2,6e,aa,97,ec,e3,d4,29,16,ec,2c,75,\
c8,25,00,40,16,6e,6a,8b,e7,00,08,97,3c,d6,35,80,f0,b3,00,76,29,3b,d1,74,41,\
c5,87,12,29,36,b5,fe,07,e4,c6,13,05,dc,31,60,cd,0f,e5,d6,24,37,d0,7d,b9,85,\
5a,fe,bb,d2,fe,bd,71,ee,17,11,fe,e9,7c,22,39,15,d6,94,b0,3b,94,56,f7,91,0f,\
f7,f8,59,50,87,76,41,a2,63,55,a2,ad,7e,5b,d5,e9,44,e6,02,3d,5a,39,34,37,8c,\
1c,0c,cc,a6,5f,09,ee,a5,0f,cc,52,da,6c,43,79,4b,9f,e5,5b,e2,95,fe,b9,c6,0e,\
b4,ba,c5,00,05,23,46,35,1f,d0,69,5e,cd,aa,7b,1e,02,7a,64,f4,5d,32,e6,39,fb,\
32,4d,8a,2e,4b,d6,5b,b2,8b,54,ba,65,d1,46,ba,f1,07,9f,4e,c5,1d,9a,fa,19,3b,\
3d,d1,18,32,27,17,91,7f,b3,9c,26,b2,2c,4f,a5,55,4b,1c,7b,31,da,7c,ef,86,f7,\
77,d0,64,23,a4,c9,d3,7f,9d,91,f4,01,ca,5f,e9,b5,4b,b9,bb,c3,d6,cf,c3,d4,48,\
dd,e4,d5,e2,ec,16,43,d7,b9,c0,f7,50,cc,c9,a5,72,ea,e8,65,96,46,2e,6e,90,06,\
89,e2,a0,d3,8a,5d,13,50,31,61,f1,f2,68,56,31,f0,03,6e,ed,8d,72,b2,b4,c5,fe,\
a4,55,31,3c,67,f0,8f,67,94,f6,df,70,24,66,15,78,5d,06,a4,1b,81,3e,75,50,6e,\
e3,f0,32,87,f3,46,0d,0f,3c,b9,71,ac,31,e9,17,b3,40,6d,49,b3,30,4e,b8,a5,e0,\
ac,c0,16,92,58,89,82,9f,0e,7c,83,3d,29,a9,57,87,43,99,41,c7,e3,29,48,22,2e,\
5a,60,c7,01,4b,a8,5d,bb,16,ea,3e,a7,02,d2,15,f0,7f,88,68,7a,cf,bc,90,df,56,\
3f,00,1f,3b,f1,e5,6f,f3,b6,47,e5,e8,36,ad,e1,4b,98,f0,a5,cb,40,fe,eb,14,ec,\
08,b8,6c,7a,b5,c5,eb,ab,be,ea,5e,8c,23,13,af,ed,a5,5d,2d,f3,1e,0f,d9,d7,7e,\
1f,f3,2b,f1,ae,fc,36,cd,b9,51,8a,76,64,2c,93,06,df,da,e1,b0,0f,fc,1a,d3,a4,\
81,ef,f9,e6,8b,7b,31,92,27,fe,54,92,2f,f6,5c
"??"=hex:87,0a,ca,e2,02,1a,5e,1f,a6,61,2a,0d,1d,76,c0,0e

[HKEY_USERS\S-1-5-21-4136343476-2852040967-2447926140-1004\Software\SecuROM\License information*NULL*]
"datasecu"=hex:1b,5b,4c,f9,97,32,22,36,66,77,40,ef,6c,ac,bd,c4,b7,cc,0d,80,0b,\
6d,bf,5c,c6,c9,de,5d,1b,40,b8,ff,4d,5f,02,41,a6,4c,78,92,3a,43,ce,96,39,ca,\
06,b0,bd,d6,17,f7,3c,43,35,86,53,c8,7a,9d,a9,29,bf,b9,ef,d4,fb,02,92,94,f7,\
f9,b9,b5,ec,5b,d8,ff,9a,46,51,12,9d,67,85,b2,81,ae,96,8e,d4,40,d8,37,53,f0,\
ce,d6,e8,24,2d,15,c2,90,e8,d6,40,08,1f,c4,7f,d7,95,71,46,80,12,1c,8b,c3,d0,\
a8,e8,cf,d7,44,9b,69,5d,f7,f3,52,26,17,90,eb,de,c5,a6,cb,35,d8,7d,f3,d0,83,\
d2,72,c0,ea,ac,ec,78,f3,1b,17,88,e7,7e,29,f4,76,d3,d3,14,c4,c6,b6,df,95,a8,\
05,d6,1a,97,e7,64,c5,1f,06,04,c7,fa,fe,9c,af,03,bf,41,31,69,ce,1d,aa,37,ad,\
0f,66,7f,34,37,ed,79,07,97,02,5c,c1,f2,0c,b8,f4,56,cc,9a,4c,4e,92,27,ca,2d,\
8f,2a,90,32,f4,eb,d6,78,6c,18,fc,e9,89,31,aa,3b,f0,80,70,a5,ae,97,e7,8a,fe,\
79,0e,ac,fa,70,d9,13,75,6a,b8,76,ac,de,5c,1f,73,c9,e7,af,80,64,22,25,e9,1d,\
ad,6c,97,d9,3a,4c,ba,e7,5d,07,79,ee,73,f5,ae,dd,b6,a7,c6,16,c3,9d,3c,3a,12,\
24,ac,a2,7d,cc,ea,89,ef,90,44,97,16,82,39,3f,35,87,36,56,d8,4f,47,14,66,5a,\
6d,29,b6,bb,70,01,ba,b7,da,3d,0d,3e,b9,be,25,f3,52,22,7a,71,d6,1e,42,cf,7e,\
3c,51,22,5e,6d,bf,4c,64,17,da,15,ac,bb,8a,6f,3e,8a,8a,b5,ed,ba,03,47,af,5e,\
89,34,cc,ec,bb,26,1a,8e,3e,6a,f9,2c,78,6d,e0,4c,d3,15,fa,1b,31,3c,de,8f,de,\
49,ee,c0,f9,47,21,2c,bc,5d,3b,80,ee,48,45,e5,53,90,ec,d3,28,ed,9d,13,67,26,\
2b,cf,b1,79,47,8b,b8,b7,a4,c5,6a,8c,df,d1,5d,aa,36,e7,90,98,be,87,d5,02,4a,\
8c,78,24,57,c3,a1,17,1b,35,fd,c1,30,6b,aa,c2,c2,7f,1d,ba,c9,e7,54,ce,e2,3a,\
9e,43,d0,e7,a2,8e,72,6b,39,e8,86,29,d8,99,45,dc,aa,6f,d0,19,6a,37,2e,d3,93,\
d3,d2,d3,e2,32,4b,16,7d,98,f2,2a,a7,94,ca,6a,a7,3d,4d,5b,1d,72,99,b7,48,b9,\
d6,07,4b,59,4c,d9,74,27,4d,d0,4d,b8,ea,07,9c,c6,0e,64,21,55,9b,95,92,80,23,\
bd,31,4a,1b,f2,61,78,c5,3a,97,c3,8e,d9,5c,fe,5a,ab,22,6a,f7,16,be,60,3f,76,\
00,f1,76,46,a1,b1,0c,2a,10,a2,16,8c,a6,8d,50,06,1e,2d,5a,47,e6,3d,57,c9,9e,\
b5,d4,69,7d,ff,48,66,56,5e,3f,1b,fc,87,6a,90,c4,d3,f2,8f,9b,00,7f,68,f2,4f,\
c2,5e,be,34,a5,85,37,e8,a2,e5,c0,20,5d,4b,05,9b,62,e9,ae,24,6c,7c,0f,b4,7c,\
61,a8,d2,5e,90,51,a8,b2,99,0c,93,26,80,41,57,ed,85,ef,32,23,15,8f,80,1d,0a,\
cc,fd,15,7c,38,b9,d5,c1,72,a2,5f,43,00,67,38,ae,a3,1f,e8,09,70,1c,84,01,ab,\
01,79,23,dd,a8,42,c5,c2,ed,3f,36,53,60,ad,5b,05,ad,3f,0d,bb,07,01,85,b5,02,\
d2,19,e7,49,a5,e8,45,33,4b,02,51,4e,0c,60,cb,1a,28,e8,60,45,03,f0,a3,3f,62,\
70,eb,ad,b7,f1,16,c4,a5,17,ca,36,4d,05,17,02,cf,bf,f4,ca,c9,98,95,fb,9f,0b,\
62,9e,4e,44,51,2e,fa,a3,6a,2a,ba,ba,10,3e,32,67,66,e9,49,b5,68,2d,89,e7,fc,\
4f,ba,3f,9b,8d,26,69,6d,4a,ea,0b,14,1c,ca,f9,99,1e,ad,97,46,d5,bc,f8,4f,9d,\
df,fd,9c,85,27,4f,1d,f8,ac,32,74,74,57,7e,e0,6a,01,86,73,58,4e,54,9d,fd,87,\
99,db,a2,e2,bf,64,41,75,09,99,a9,e9,08,d3,f7,ac,6c,0c,91,fc,38,ae,3b,00,5e,\
b8,cb,2f,49,07,ae,e2,31,8f,a7,3e,be,bc,8f,46,36,8a,54,5d,44,4d,b9,2b,b8,79,\
56,f9,54,18,ef,8c,c0,7e,6b,b9,64,14,85,6c,73,48,4c,9a,23,56,f8,bb,21,76,78,\
32,b2,ba,ec,3a,26,17,95,d8,24,f5,bd,dc,df,33,97,cb,af,3d,bf,ae,4f,c5,7b,b5,\
bd,20,34,73,fd,86,2f,f3,2c,82,fd,41,b2,c0,1c,30,02,d7,e4,8d,fe,78,d3,e7,7c,\
36,19,5c,cd,e7,3c,ed,fa,05,37,42,04,e9,13,3f,2d,54,d0,db,bf,dc,22,40,d1,62,\
91,1c,3b,a6,e8,5e,85,42,67,f3,e5,2a,32,15,5b,cc,0e,8c,d7,f6,23,f2,14,2d,f5,\
97,67,49,89,2f,af,e1,aa,cf,9f,f4,df,89,78,99,92,5f,53,36,9f,97,06,a3,da,33,\
bd,1d,f0,9a,6b,8f,da,53,3a,47,01,b9,28,f0,d5,2f,d0,3a,1d,0e,7c,5c,f1,9f,b6,\
60,e6,7a,49,90,ec,3d,96,82,2a,4d,00,4a,a7,aa,23,20,e4,96,ae,c8,d3,96,fc,86,\
86,ae,ec,42,04,40,43,13,32,74,58,4f,34,40,46,24,2f,0e,5e,20,17,7f,ff,25,1f,\
42,3c,9a,e5,7b,f3,6f,34,73,21,90,20,7d,3a,a8,90,ce,a3,29,73,4d,36,81,1e,74,\
b9,32,8c,a4,2f,53,15,a2,22,09,fe,23,12,09,d8,64,ec,88,52,65,1e,8a,cb,a5,d5,\
90,34,b9,b6,e2,b5,a3,06,b6,fd,38,ba,00,da,07,57,4b,49,42,8f,06,0f,7a,fc,92,\
79,58,ec,09,bf,09,90,55,2d,4c,8a,24,ea,b5,72,67,9c,0e,eb,9f,fa,b5,fa,8d,04,\
7e,35,68,51,f0,27,dc,75,d7,c5,58,2d,02,5c,18,e8,41,2a,9f,c1,74,74,20,b3,7f,\
38,1e,9d,2b,cd,84,1b,20,bf,9f,d0,04,25,4b,23,af,8f,b1,04,5c,e3,98,1a,55,68,\
cc,27,a5,f0,d3,33,3b,73,7b,93,8f,e9,70,8e,ea,c5,34,8e,ec,b7,ef,75,e5,b9,87,\
cb,06,e4,1b,5e,76,72,fe,f9,84,d4,c4,08,5d,1b,49,cf,8d,cd,53,f9,04,5e,0d,1c,\
7e,5c,68,1a,21,dc,7b,27,b6,70,0d,24,74,28,a3,58,cf,9d,11,6c,29,1d,fd,00,82,\
e0,e6,8f,02,07,8c,d3,2b,9d,87,ff,d2,82,a8,20,d4,fe,30,44,58,9e,04,17,b9,bf,\
c1,60,c2,10,6b,01,5f,64,2a,6f,a8,9c,28,9a,d2,8b,6f,b2,5d,3f,c0,c1,88,c2,50,\
c8,d1,20,80,a9,34,31,6b,d7,e5,20,89,64,d0,a7,da,8b,1f,b6,50,66,f6,34,b8,66,\
da,ec,cb,1d,c3,9b,92,7d,a6,4b,a4,1e,70,5c,34,f6,1e,ff,8e,21,5a,9f,54,2f,d0,\
5e,8d,de,94,12,43,d3,42,14,53,5a,bd,d7,29,35,8a,51,d5,2c,a9,4f,1d,c7,d8,45,\
21,77,b4,70,37,ff,19,37,f5,64,94,34,1b,94,9b,ef,58,c1,7a,1e,4f,f1,f5,12,6c,\
ac,d9,e1,d0,cb,48,78,a2,a5,0d,4e,62,c6,66,0f,bd,b1,84,23,55,93,bc,1f,05,51,\
67,90,3c,9a,32,f6,67,c8,5a,25,d1,8c,13,e2,21,c2,9c,36,f6,ad,fd,40,ad,e3,f6,\
7c,b6,62,05,09,fe,32,78,4e,17,6d,0a,7f,78,f1,bf,c4,92,db,a1,ca,f2,30,e1,a3,\
85,4f,e6,94,75,56,ed,03,4b,6c,4f,82,28,97,b3,34,2f,2b,e9,16,90,f7,f6,fb,15,\
c4,f5,09,38,45,6b,31,6f,a4,8a,d3,cd,52,32,5c,d6,e9,12,08,72,55,d4,11,40,dd,\
26,5b,0f,81,42,5e,c9,5a,c7,97,95,b5,17,7d,5c,9c,8b,1d,42,d1,97,a8,3c,a1,5f,\
84,4b,b7,0c,21,01,3d,1e,83,d0,5f,77,aa,da,a1,04,f6,ff,4e,ad,5f,8e,9d,04,f1,\
6e,2d,3c,1b,90,9e,d8,85,60,33,f0,2c,65,a5,72,92,bc,ed,c5,5a,67,5d,0b,6a,a1,\
1d,a1,b2,07,98,00,ba,45,a2,fd,fa,40,30,94,c7,51,af,22,4f,55,e0,cc,62,39,a3,\
f0,c4,1c,a0,89,a2,63,fe,72,31,c7,f3,a5,98,70,f5,49,40,bd,2a,bd,5d,2b,39,54,\
a9,cf,49,3b,b6,c4,56,5d,e7,92,48,a8,4d,58,1d,92,10,40,6e,7e,8b,18,a7,1e,5d,\
16,6d,4a,e9,fc,f3,2b,bb,62,17,2b,e8,34,d4,41,96,1f,95,8a,18,aa,f6,ea,94,c5,\
38,af,06,8b,ee,ae,54,4f,87,cc,42,6a,e8,4e,19,d0,99,d4,a7,1e,00,03,db,db,56,\
4b,2f,11,c3,8a,4c,9f,d4,54,61,1a,b5,41,02,76,be,78,06,ec,ed,cd,86,6f,99,a1,\
60,81,a3,d3,ea,b4,96,4e,20,10,28,29,89,c3,07,ab,93,31,c4,77,e8,f3,ca,a6,9c,\
f1,84,8b,ef,9c,23,bc,30,63,7f,21,7c,93,8b,09,c6,ba,9b,ca,5c,f0,89,03,c8,bb,\
02,c5,3f,08,52,35,f8,92,d1,97,ac,55,ea,62,0b,e8,fe,40,bc,d2,a7,bc,3b,33,5f,\
48,58,f0,03,df,e8,c5,8b,a5,6e,54,c6,1c,09,d4,b2,f7,8a,fc,48,80,7f,c6,f2,76,\
e8,5d,76,a4,19,06,66,05,72,70,d3,08,60,b3,75,2b,30,a2,43,3c,ae,1d,57,d7,f7,\
01,e5,16,07,9f,7f,0b,42,ae,19,50,20,d6,ce,91,b9,9f,8d,93,92,57,50,12,da,9e,\
79,94,df,de,50,67,07,71,5e,75,b2,11,eb,f7,3a,7b,14,d1,09,11,58,4c,6b,ab,b4,\
35,1d,c0,c3,1e,45,15,bd,e1,6f,c4,d7,f8,cd,08,8f,e2,bc,94,03,6d,bc,df,bc,ea,\
28,1e,e3,89,f9,9b,d3,7a,51,be,73,5e,d3,44,b1,9f,16,54,a4,97,fa,bc,04,ad,25,\
ed,b2,7f,5b,b2,a1,09,42,d8,02,3f,3a,5c,95,ea,de,36,5e,0d,0a,c4,cb,43,7f,dd,\
e4,0c,ae,aa,15,23,84,4f,82,a4,63,d3,af,c9,ad,cb,b1,ec,7b,67,e1,fd,ed,3a,52,\
dc,0d,59,35,a8,93,47,f7,9f,f2,81,8b,05,3f,e4,b2,c8,d0,20,0f,a6,3c,44,76,d4,\
84,dc,a1,82,f8,3c,5a,24,c0,42,09,14,1d,7e,38,60,62,b7,55,76,3e,98,0d,7a,a5,\
3d,bc,ac,63,9a,9b,bf,bb,b6,f2,2b,8d,da,ae,56,26,0d,10,cf,60,55,b9,49,cd,1b,\
e3,d6,e7,1a,36,51,4e,87,bf,91,32,1c,9a,56,7e,bc,99,1c,57,80,32,27,fc,da,0d,\
1e,b8,7c,52,8f,98,3b,3d,a4,12,2e,98,46,da,e4,c0,b3,3a,59,97,3c,2f,41,de,0e,\
2e,b1,7f,ce,29,1a,90,75,32,42,93,cb,1d,8f,96,38,a0,db,42,11,73,66,53,b1,d4,\
87,56,de,56,26,8d,8b,c5,66,47,72,5e,e8,50,8f,6a,82,30,3c,91,01,ac,6c,82,48,\
5e,0d,e6,dc,91,10,46,d2,d4,73,af,87,e9,dd,2d,cd,ba,ae,b1,17,93,8a,94,5a,c7,\
d9,2b,33,aa,df,9d,a3,50,cd,36,d0,e8,b5,8c,3e,29,df,4e,85,46,90,d6,42,2c,69,\
b9,19,c0,cc,ed,83,1c,0b,4c,c8,54,7c,f6,4a,a6,05,58,f3,69,f9,8a,ee,71,02,e4,\
26,cd,12,14,2a,b5,20,7f,74,98,63,d8,1b,fb,d4,92,bf,b3,0c,c9,6a,9c,a4,77,6f,\
c2,d0,8c,43,7d,f8,33,06,ed,2d,7c,21,61,5f,f9,a3,ca,f2,a7,29,d1,b7,2b,ab,39,\
f0,80,da,29,e9,63,8d,cf,1a,f3,bc,8f,37,99,3d,fb,c9,7f,81,27,4c,c1,30,51,4d,\
cd,61,b3,7f,0a,7f,00,ad,83,d8,a7,cb,46,66,28,0b,b6,b5,99,67,7c,fd,42,17,0b,\
20,f8,7e,d5,dc,1a,04,cc,2d,56,e2,2a,4f,ec,06,59,99,5c,f1,66,11,04,85,00,2b,\
fd,e6,93,a7,b0,92,23,ec,aa,a5,35,fb,e1,ca,12,5d,ca,45,03,22,d0,c4,2b,4b,47,\
82,b0,ab,65,65,e6,10,ca,93,9e,6c,11,7f,14,e8,58,c5,31,a0,de,67,0f,62,21,7e,\
fc,f5,e2,f5,65,12,f4,fc,d7,43,5a,70,a6,80,ca,38,51,45,1b,e5,d7,db,b1,43,70,\
e2,74,05,2a,f5,b8,57,a5,69,74,59,8a,64,28,61,4e,df,e3,a6,07,45,2a,86,9a,de,\
84,b4,60,ea,2b,12,cd,a1,07,7a,05,ae,98,44,99,50,74,fa,83,d3,b3,2f,14,88,b0,\
4b,ea,4d,39,e9,70,75,53,e8,7a,47,33,40,d2,45,d3,3c,fd,6d,1a,a1,0c,c8,60,d7,\
5d,7c,9c,9f,55,72,4c,bb,52,99,b7,cd,4e,2b,d5,02,95,98,3f,fd,8f,8b,55,29,d3,\
b8,4d,71,ac,c6,77,d4,7f,e9,11,36,d8,12,7d,75,dc,27,e8,03,4f,e0,40,ae,46,85,\
23,52,8f,a5,82,ef,e8,e8,33,b9,3d,e2,95,23,be,64,c3,32,19,a5,19,68,9a,ad,da,\
dc,31,48,86,48,ba,5a,a3,a9,d8,cb,73,55,fe,25,17,91,7f,08,c1,ff,e0,86,bb,d0,\
20,66,5b,31,ab,e6,b9,49,16,18,bb,cc,b4,81,f8,12,1c,cd,44,ae,57,33,a1,2d,f3,\
b8,d3,81,42,a6,1e,ad,68,70,ad,7b,8e,16,45,82,1c,ea,fb,49,98,0a,e4,fa,f7,90,\
ba,5e,ae,60,25,7c,96,31,7c,a0,96,11,97,b9,44,f9,e1,e1,b9,ba,be,e3,00,0e,e7,\
c5,5e,3b,da,5c,b2,77,83,45,e4,13,fa,d8,a5,09,bf,ce,38,a2,2a,6f,03,29,04,ec,\
3c,89,83,d1,9b,04,4d,b0,12,f3,f3,47,92,74,19,88,18,96,1e
"rkeysecu"=hex:95,83,e7,a1,77,da,2f,22,23,83,6d,fb,1e,3e,74,84
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-08 19:07:24
ComboFix-quarantined-files.txt 2009-01-09 00:06:11

Pre-Run: 57,360,506,880 bytes free
Post-Run: 58,271,567,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

385 --- E O F --- 2008-12-17 22:56:52


Report •

#5
January 8, 2009 at 18:13:27
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\ffkuz.dll
c:\windows\system32\[u]0[/u]486B67C8F.sys
c:\windows\Tasks\zkequdkr.job

Dirlook::
c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDM1NjY5ODB8_

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Post a new Combofix log following the previous directions.


Report •

#6
January 8, 2009 at 19:45:31
ComboFix 09-01-07.02 - tanya 2009-01-08 22:33:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.527 [GMT -5:00]
Running from: c:\documents and settings\tanya\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\ffkuz.dll
c:\windows\Tasks\zkequdkr.job

.
((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-08 00:09 . 2009-01-08 00:11 <DIR> d-------- c:\documents and settings\tanya\.SunDownloadManager
2009-01-08 00:08 . 2009-01-08 00:07 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-08 00:08 . 2009-01-08 00:07 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-05 00:26 . 2009-01-05 00:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 00:26 . 2009-01-05 00:26 <DIR> d-------- c:\documents and settings\tanya\Application Data\Malwarebytes
2009-01-05 00:26 . 2009-01-05 00:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 00:26 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 00:26 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 14:13 . 2009-01-03 14:13 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-03 12:41 . 2009-01-03 12:41 <DIR> d-------- C:\VundoFix Backups
2009-01-02 21:21 . 2009-01-02 21:21 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDM1NjY5ODB8_
2008-12-24 23:52 . 2008-12-24 23:58 139,264 --a------ c:\windows\War3Unin.exe
2008-12-24 23:52 . 2008-12-25 00:18 76,853 --a------ c:\windows\War3Unin.dat
2008-12-24 23:52 . 2008-12-24 23:58 2,829 --a------ c:\windows\War3Unin.pif
2008-12-24 23:48 . 2008-12-30 22:45 <DIR> d-------- c:\program files\Warcraft III
2008-12-17 08:17 . 2008-12-17 08:17 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-17 08:15 . 2008-12-17 08:15 <DIR> d-------- c:\program files\Apple Software Update
2008-12-17 08:15 . 2008-12-17 08:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-11 20:56 . 2008-12-17 08:12 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-11 20:56 . 2008-12-11 20:56 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 03:29 --------- d-----w c:\program files\Steam
2009-01-09 01:03 --------- d-----w c:\program files\vg
2009-01-08 23:45 --------- d-----w c:\documents and settings\tanya\Application Data\AVG7
2009-01-08 05:07 --------- d-----w c:\program files\Java
2009-01-03 19:15 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-17 13:18 --------- d-----w c:\program files\QuickTime
2008-12-17 13:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-16 04:49 --------- d-----w c:\program files\World of Warcraft
2008-12-03 07:27 --------- d-----w c:\program files\Curse
2008-12-01 02:20 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-17 20:51 --------- d-----w c:\program files\ATI
2008-11-14 21:54 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-14 21:22 --------- d-----w c:\program files\ATI Technologies
2008-11-14 21:12 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-14 00:14 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll
2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-10-29 02:11 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll
2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe
2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-10-29 02:05 593,920 ----a-w c:\windows\system32\ati2sgag.exe
2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll
2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll
2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll
2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll
2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-10-29 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 17:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2006-02-28 17:18 596 ----a-w c:\documents and settings\tanya\Application Data\wklnhst.dat
2004-09-07 18:02 79 ----a-w c:\program files\Show Desktop.scf
2005-12-24 17:39 56 --sh--r c:\windows\system32\[u]0[/u]486B67C8F.sys
2007-09-14 23:51 952 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-04 21:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-08_19.02.59.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-08 23:52:30 16,104 ----a-w c:\windows\system32\tablet.dat
+ 2009-01-09 03:26:07 16,104 ----a-w c:\windows\system32\tablet.dat
+ 2009-01-09 03:26:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-07 1410296]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"sHotkey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-02 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-16 590848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"ATIPTA"="atiptaxx.exe" [2005-11-22 c:\windows\system32\atiptaxx.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-28 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-28 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-18 219136]

c:\documents and settings\tanya\Start Menu\Programs\Startup\
VirtuaGirl2.lnk - c:\program files\vg\VirtuaGirl2.exe [2007-05-06 2105344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-06 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-01-15 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony\\vaio media 3.1\\Vc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\crono1000\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23759:TCP"= 23759:TCP:BitComet 23759 TCP
"23759:UDP"= 23759:UDP:BitComet 23759 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\tanya\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\tanya\LOCALS~1\Temp\bDMusicb.sys [?]
S3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2005-01-06 118877]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-09 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.deviantart.com/#
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.cox.net/
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 22:36:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4136343476-2852040967-2447926140-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:88,18,cf,42,bf,02,c5,96,fb,39,b7,5b,3b,53,8f,b9,66,c0,bf,8a,f9,7d,c7,\
94,0a,ae,44,7b,ae,73,be,ab,dd,0b,0f,49,82,04,c2,ef,19,bf,90,2a,76,e5,0c,0d,\
90,4c,de,8a,00,fb,71,2f,7f,32,30,d3,3b,6e,82,1b,67,92,b1,16,03,dc,79,11,63,\
fe,8e,a7,07,0b,4d,42,dd,32,34,5e,d6,f5,b6,2e,d5,2a,fc,d0,f0,6b,d7,b8,8d,19,\
a0,a3,6c,4d,42,70,40,8b,ac,d3,90,09,13,75,91,a8,dc,91,aa,41,90,55,33,75,b2,\
ce,c7,d6,15,c1,49,2f,b0,66,c0,22,1a,97,e8,71,86,63,8c,7e,17,c2,10,9a,5b,ae,\
29,7b,cd,de,64,b6,ef,c2,3a,f0,97,50,e9,c2,fc,d3,13,7c,f9,7c,f8,a3,b6,21,e6,\
25,34,a6,2e,bd,9c,6e,19,e2,41,df,3d,a2,2e,2c,28,00,0f,6c,7c,0e,e1,78,e3,6f,\
43,86,f3,11,ef,ee,37,bc,2e,62,e3,3a,10,0d,48,16,94,c5,a2,a3,86,f4,95,7c,62,\
88,47,ef,15,4b,f8,a4,33,6a,34,f1,c9,42,9e,0d,62,26,02,8c,4b,78,75,17,8b,26,\
ec,7b,55,6c,3f,87,9e,21,9e,5c,99,de,e1,a0,54,e4,aa,59,cb,53,19,e2,a0,18,fc,\
b4,f0,5d,eb,39,f5,ba,cf,bb,73,a2,f7,16,55,27,88,f1,eb,d6,44,29,e1,09,71,45,\
74,9e,90,24,ab,64,e2,41,89,4c,45,53,17,dc,9e,75,68,be,65,c1,74,a5,35,e3,08,\
53,6c,ea,15,c0,59,3a,87,45,1f,b4,25,df,31,d2,0e,3f,69,4a,75,9a,9c,a0,ad,ad,\
33,5a,74,d2,b6,67,c0,15,1e,dc,5d,40,f8,c1,37,fe,b2,de,ed,bd,7b,12,15,1b,60,\
cf,8d,9e,ef,c7,43,4a,24,85,75,91,6c,50,1f,a9,a0,2b,4a,c1,62,fc,86,23,17,3b,\
e4,51,ac,95,71,5b,a7,bb,00,8d,57,e0,37,e2,6e,aa,97,ec,e3,d4,29,16,ec,2c,75,\
c8,25,00,40,16,6e,6a,8b,e7,00,08,97,3c,d6,35,80,f0,b3,00,76,29,3b,d1,74,41,\
c5,87,12,29,36,b5,fe,07,e4,c6,13,05,dc,31,60,cd,0f,e5,d6,24,37,d0,7d,b9,85,\
5a,fe,bb,d2,fe,bd,71,ee,17,11,fe,e9,7c,22,39,15,d6,94,b0,3b,94,56,f7,91,0f,\
f7,f8,59,50,87,76,41,a2,63,55,a2,ad,7e,5b,d5,e9,44,e6,02,3d,5a,39,34,37,8c,\
1c,0c,cc,a6,5f,09,ee,a5,0f,cc,52,da,6c,43,79,4b,9f,e5,5b,e2,95,fe,b9,c6,0e,\
b4,ba,c5,00,05,23,46,35,1f,d0,69,5e,cd,aa,7b,1e,02,7a,64,f4,5d,32,e6,39,fb,\
32,4d,8a,2e,4b,d6,5b,b2,8b,54,ba,65,d1,46,ba,f1,07,9f,4e,c5,1d,9a,fa,19,3b,\
3d,d1,18,32,27,17,91,7f,b3,9c,26,b2,2c,4f,a5,55,4b,1c,7b,31,da,7c,ef,86,f7,\
77,d0,64,23,a4,c9,d3,7f,9d,91,f4,01,ca,5f,e9,b5,4b,b9,bb,c3,d6,cf,c3,d4,48,\
dd,e4,d5,e2,ec,16,43,d7,b9,c0,f7,50,cc,c9,a5,72,ea,e8,65,96,46,2e,6e,90,06,\
89,e2,a0,d3,8a,5d,13,50,31,61,f1,f2,68,56,31,f0,03,6e,ed,8d,72,b2,b4,c5,fe,\
a4,55,31,3c,67,f0,8f,67,94,f6,df,70,24,66,15,78,5d,06,a4,1b,81,3e,75,50,6e,\
e3,f0,32,87,f3,46,0d,0f,3c,b9,71,ac,31,e9,17,b3,40,6d,49,b3,30,4e,b8,a5,e0,\
ac,c0,16,92,58,89,82,9f,0e,7c,83,3d,29,a9,57,87,43,99,41,c7,e3,29,48,22,2e,\
5a,60,c7,01,4b,a8,5d,bb,16,ea,3e,a7,02,d2,15,f0,7f,88,68,7a,cf,bc,90,df,56,\
3f,00,1f,3b,f1,e5,6f,f3,b6,47,e5,e8,36,ad,e1,4b,98,f0,a5,cb,40,fe,eb,14,ec,\
08,b8,6c,7a,b5,c5,eb,ab,be,ea,5e,8c,23,13,af,ed,a5,5d,2d,f3,1e,0f,d9,d7,7e,\
1f,f3,2b,f1,ae,fc,36,cd,b9,51,8a,76,64,2c,93,06,df,da,e1,b0,0f,fc,1a,d3,a4,\
81,ef,f9,e6,8b,7b,31,92,27,fe,54,92,2f,f6,5c
"??"=hex:87,0a,ca,e2,02,1a,5e,1f,a6,61,2a,0d,1d,76,c0,0e

[HKEY_USERS\S-1-5-21-4136343476-2852040967-2447926140-1004\Software\SecuROM\License information*NULL*]
"datasecu"=hex:1b,5b,4c,f9,97,32,22,36,66,77,40,ef,6c,ac,bd,c4,b7,cc,0d,80,0b,\
6d,bf,5c,c6,c9,de,5d,1b,40,b8,ff,4d,5f,02,41,a6,4c,78,92,3a,43,ce,96,39,ca,\
06,b0,bd,d6,17,f7,3c,43,35,86,53,c8,7a,9d,a9,29,bf,b9,ef,d4,fb,02,92,94,f7,\
f9,b9,b5,ec,5b,d8,ff,9a,46,51,12,9d,67,85,b2,81,ae,96,8e,d4,40,d8,37,53,f0,\
ce,d6,e8,24,2d,15,c2,90,e8,d6,40,08,1f,c4,7f,d7,95,71,46,80,12,1c,8b,c3,d0,\
a8,e8,cf,d7,44,9b,69,5d,f7,f3,52,26,17,90,eb,de,c5,a6,cb,35,d8,7d,f3,d0,83,\
d2,72,c0,ea,ac,ec,78,f3,1b,17,88,e7,7e,29,f4,76,d3,d3,14,c4,c6,b6,df,95,a8,\
05,d6,1a,97,e7,64,c5,1f,06,04,c7,fa,fe,9c,af,03,bf,41,31,69,ce,1d,aa,37,ad,\
0f,66,7f,34,37,ed,79,07,97,02,5c,c1,f2,0c,b8,f4,56,cc,9a,4c,4e,92,27,ca,2d,\
8f,2a,90,32,f4,eb,d6,78,6c,18,fc,e9,89,31,aa,3b,f0,80,70,a5,ae,97,e7,8a,fe,\
79,0e,ac,fa,70,d9,13,75,6a,b8,76,ac,de,5c,1f,73,c9,e7,af,80,64,22,25,e9,1d,\
ad,6c,97,d9,3a,4c,ba,e7,5d,07,79,ee,73,f5,ae,dd,b6,a7,c6,16,c3,9d,3c,3a,12,\
24,ac,a2,7d,cc,ea,89,ef,90,44,97,16,82,39,3f,35,87,36,56,d8,4f,47,14,66,5a,\
6d,29,b6,bb,70,01,ba,b7,da,3d,0d,3e,b9,be,25,f3,52,22,7a,71,d6,1e,42,cf,7e,\
3c,51,22,5e,6d,bf,4c,64,17,da,15,ac,bb,8a,6f,3e,8a,8a,b5,ed,ba,03,47,af,5e,\
89,34,cc,ec,bb,26,1a,8e,3e,6a,f9,2c,78,6d,e0,4c,d3,15,fa,1b,31,3c,de,8f,de,\
49,ee,c0,f9,47,21,2c,bc,5d,3b,80,ee,48,45,e5,53,90,ec,d3,28,ed,9d,13,67,26,\
2b,cf,b1,79,47,8b,b8,b7,a4,c5,6a,8c,df,d1,5d,aa,36,e7,90,98,be,87,d5,02,4a,\
8c,78,24,57,c3,a1,17,1b,35,fd,c1,30,6b,aa,c2,c2,7f,1d,ba,c9,e7,54,ce,e2,3a,\
9e,43,d0,e7,a2,8e,72,6b,39,e8,86,29,d8,99,45,dc,aa,6f,d0,19,6a,37,2e,d3,93,\
d3,d2,d3,e2,32,4b,16,7d,98,f2,2a,a7,94,ca,6a,a7,3d,4d,5b,1d,72,99,b7,48,b9,\
d6,07,4b,59,4c,d9,74,27,4d,d0,4d,b8,ea,07,9c,c6,0e,64,21,55,9b,95,92,80,23,\
bd,31,4a,1b,f2,61,78,c5,3a,97,c3,8e,d9,5c,fe,5a,ab,22,6a,f7,16,be,60,3f,76,\
00,f1,76,46,a1,b1,0c,2a,10,a2,16,8c,a6,8d,50,06,1e,2d,5a,47,e6,3d,57,c9,9e,\
b5,d4,69,7d,ff,48,66,56,5e,3f,1b,fc,87,6a,90,c4,d3,f2,8f,9b,00,7f,68,f2,4f,\
c2,5e,be,34,a5,85,37,e8,a2,e5,c0,20,5d,4b,05,9b,62,e9,ae,24,6c,7c,0f,b4,7c,\
61,a8,d2,5e,90,51,a8,b2,99,0c,93,26,80,41,57,ed,85,ef,32,23,15,8f,80,1d,0a,\
cc,fd,15,7c,38,b9,d5,c1,72,a2,5f,43,00,67,38,ae,a3,1f,e8,09,70,1c,84,01,ab,\
01,79,23,dd,a8,42,c5,c2,ed,3f,36,53,60,ad,5b,05,ad,3f,0d,bb,07,01,85,b5,02,\
d2,19,e7,49,a5,e8,45,33,4b,02,51,4e,0c,60,cb,1a,28,e8,60,45,03,f0,a3,3f,62,\
70,eb,ad,b7,f1,16,c4,a5,17,ca,36,4d,05,17,02,cf,bf,f4,ca,c9,98,95,fb,9f,0b,\
62,9e,4e,44,51,2e,fa,a3,6a,2a,ba,ba,10,3e,32,67,66,e9,49,b5,68,2d,89,e7,fc,\
4f,ba,3f,9b,8d,26,69,6d,4a,ea,0b,14,1c,ca,f9,99,1e,ad,97,46,d5,bc,f8,4f,9d,\
df,fd,9c,85,27,4f,1d,f8,ac,32,74,74,57,7e,e0,6a,01,86,73,58,4e,54,9d,fd,87,\
99,db,a2,e2,bf,64,41,75,09,99,a9,e9,08,d3,f7,ac,6c,0c,91,fc,38,ae,3b,00,5e,\
b8,cb,2f,49,07,ae,e2,31,8f,a7,3e,be,bc,8f,46,36,8a,54,5d,44,4d,b9,2b,b8,79,\
56,f9,54,18,ef,8c,c0,7e,6b,b9,64,14,85,6c,73,48,4c,9a,23,56,f8,bb,21,76,78,\
32,b2,ba,ec,3a,26,17,95,d8,24,f5,bd,dc,df,33,97,cb,af,3d,bf,ae,4f,c5,7b,b5,\
bd,20,34,73,fd,86,2f,f3,2c,82,fd,41,b2,c0,1c,30,02,d7,e4,8d,fe,78,d3,e7,7c,\
36,19,5c,cd,e7,3c,ed,fa,05,37,42,04,e9,13,3f,2d,54,d0,db,bf,dc,22,40,d1,62,\
91,1c,3b,a6,e8,5e,85,42,67,f3,e5,2a,32,15,5b,cc,0e,8c,d7,f6,23,f2,14,2d,f5,\
97,67,49,89,2f,af,e1,aa,cf,9f,f4,df,89,78,99,92,5f,53,36,9f,97,06,a3,da,33,\
bd,1d,f0,9a,6b,8f,da,53,3a,47,01,b9,28,f0,d5,2f,d0,3a,1d,0e,7c,5c,f1,9f,b6,\
60,e6,7a,49,90,ec,3d,96,82,2a,4d,00,4a,a7,aa,23,20,e4,96,ae,c8,d3,96,fc,86,\
86,ae,ec,42,04,40,43,13,32,74,58,4f,34,40,46,24,2f,0e,5e,20,17,7f,ff,25,1f,\
42,3c,9a,e5,7b,f3,6f,34,73,21,90,20,7d,3a,a8,90,ce,a3,29,73,4d,36,81,1e,74,\
b9,32,8c,a4,2f,53,15,a2,22,09,fe,23,12,09,d8,64,ec,88,52,65,1e,8a,cb,a5,d5,\
90,34,b9,b6,e2,b5,a3,06,b6,fd,38,ba,00,da,07,57,4b,49,42,8f,06,0f,7a,fc,92,\
79,58,ec,09,bf,09,90,55,2d,4c,8a,24,ea,b5,72,67,9c,0e,eb,9f,fa,b5,fa,8d,04,\
7e,35,68,51,f0,27,dc,75,d7,c5,58,2d,02,5c,18,e8,41,2a,9f,c1,74,74,20,b3,7f,\
38,1e,9d,2b,cd,84,1b,20,bf,9f,d0,04,25,4b,23,af,8f,b1,04,5c,e3,98,1a,55,68,\
cc,27,a5,f0,d3,33,3b,73,7b,93,8f,e9,70,8e,ea,c5,34,8e,ec,b7,ef,75,e5,b9,87,\
cb,06,e4,1b,5e,76,72,fe,f9,84,d4,c4,08,5d,1b,49,cf,8d,cd,53,f9,04,5e,0d,1c,\
7e,5c,68,1a,21,dc,7b,27,b6,70,0d,24,74,28,a3,58,cf,9d,11,6c,29,1d,fd,00,82,\
e0,e6,8f,02,07,8c,d3,2b,9d,87,ff,d2,82,a8,20,d4,fe,30,44,58,9e,04,17,b9,bf,\
c1,60,c2,10,6b,01,5f,64,2a,6f,a8,9c,28,9a,d2,8b,6f,b2,5d,3f,c0,c1,88,c2,50,\
c8,d1,20,80,a9,34,31,6b,d7,e5,20,89,64,d0,a7,da,8b,1f,b6,50,66,f6,34,b8,66,\
da,ec,cb,1d,c3,9b,92,7d,a6,4b,a4,1e,70,5c,34,f6,1e,ff,8e,21,5a,9f,54,2f,d0,\
5e,8d,de,94,12,43,d3,42,14,53,5a,bd,d7,29,35,8a,51,d5,2c,a9,4f,1d,c7,d8,45,\
21,77,b4,70,37,ff,19,37,f5,64,94,34,1b,94,9b,ef,58,c1,7a,1e,4f,f1,f5,12,6c,\
ac,d9,e1,d0,cb,48,78,a2,a5,0d,4e,62,c6,66,0f,bd,b1,84,23,55,93,bc,1f,05,51,\
67,90,3c,9a,32,f6,67,c8,5a,25,d1,8c,13,e2,21,c2,9c,36,f6,ad,fd,40,ad,e3,f6,\
7c,b6,62,05,09,fe,32,78,4e,17,6d,0a,7f,78,f1,bf,c4,92,db,a1,ca,f2,30,e1,a3,\
85,4f,e6,94,75,56,ed,03,4b,6c,4f,82,28,97,b3,34,2f,2b,e9,16,90,f7,f6,fb,15,\
c4,f5,09,38,45,6b,31,6f,a4,8a,d3,cd,52,32,5c,d6,e9,12,08,72,55,d4,11,40,dd,\
26,5b,0f,81,42,5e,c9,5a,c7,97,95,b5,17,7d,5c,9c,8b,1d,42,d1,97,a8,3c,a1,5f,\
84,4b,b7,0c,21,01,3d,1e,83,d0,5f,77,aa,da,a1,04,f6,ff,4e,ad,5f,8e,9d,04,f1,\
6e,2d,3c,1b,90,9e,d8,85,60,33,f0,2c,65,a5,72,92,bc,ed,c5,5a,67,5d,0b,6a,a1,\
1d,a1,b2,07,98,00,ba,45,a2,fd,fa,40,30,94,c7,51,af,22,4f,55,e0,cc,62,39,a3,\
f0,c4,1c,a0,89,a2,63,fe,72,31,c7,f3,a5,98,70,f5,49,40,bd,2a,bd,5d,2b,39,54,\
a9,cf,49,3b,b6,c4,56,5d,e7,92,48,a8,4d,58,1d,92,10,40,6e,7e,8b,18,a7,1e,5d,\
16,6d,4a,e9,fc,f3,2b,bb,62,17,2b,e8,34,d4,41,96,1f,95,8a,18,aa,f6,ea,94,c5,\
38,af,06,8b,ee,ae,54,4f,87,cc,42,6a,e8,4e,19,d0,99,d4,a7,1e,00,03,db,db,56,\
4b,2f,11,c3,8a,4c,9f,d4,54,61,1a,b5,41,02,76,be,78,06,ec,ed,cd,86,6f,99,a1,\
60,81,a3,d3,ea,b4,96,4e,20,10,28,29,89,c3,07,ab,93,31,c4,77,e8,f3,ca,a6,9c,\
f1,84,8b,ef,9c,23,bc,30,63,7f,21,7c,93,8b,09,c6,ba,9b,ca,5c,f0,89,03,c8,bb,\
02,c5,3f,08,52,35,f8,92,d1,97,ac,55,ea,62,0b,e8,fe,40,bc,d2,a7,bc,3b,33,5f,\
48,58,f0,03,df,e8,c5,8b,a5,6e,54,c6,1c,09,d4,b2,f7,8a,fc,48,80,7f,c6,f2,76,\
e8,5d,76,a4,19,06,66,05,72,70,d3,08,60,b3,75,2b,30,a2,43,3c,ae,1d,57,d7,f7,\
01,e5,16,07,9f,7f,0b,42,ae,19,50,20,d6,ce,91,b9,9f,8d,93,92,57,50,12,da,9e,\
79,94,df,de,50,67,07,71,5e,75,b2,11,eb,f7,3a,7b,14,d1,09,11,58,4c,6b,ab,b4,\
35,1d,c0,c3,1e,45,15,bd,e1,6f,c4,d7,f8,cd,08,8f,e2,bc,94,03,6d,bc,df,bc,ea,\
28,1e,e3,89,f9,9b,d3,7a,51,be,73,5e,d3,44,b1,9f,16,54,a4,97,fa,bc,04,ad,25,\
ed,b2,7f,5b,b2,a1,09,42,d8,02,3f,3a,5c,95,ea,de,36,5e,0d,0a,c4,cb,43,7f,dd,\
e4,0c,ae,aa,15,23,84,4f,82,a4,63,d3,af,c9,ad,cb,b1,ec,7b,67,e1,fd,ed,3a,52,\
dc,0d,59,35,a8,93,47,f7,9f,f2,81,8b,05,3f,e4,b2,c8,d0,20,0f,a6,3c,44,76,d4,\
84,dc,a1,82,f8,3c,5a,24,c0,42,09,14,1d,7e,38,60,62,b7,55,76,3e,98,0d,7a,a5,\
3d,bc,ac,63,9a,9b,bf,bb,b6,f2,2b,8d,da,ae,56,26,0d,10,cf,60,55,b9,49,cd,1b,\
e3,d6,e7,1a,36,51,4e,87,bf,91,32,1c,9a,56,7e,bc,99,1c,57,80,32,27,fc,da,0d,\
1e,b8,7c,52,8f,98,3b,3d,a4,12,2e,98,46,da,e4,c0,b3,3a,59,97,3c,2f,41,de,0e,\
2e,b1,7f,ce,29,1a,90,75,32,42,93,cb,1d,8f,96,38,a0,db,42,11,73,66,53,b1,d4,\
87,56,de,56,26,8d,8b,c5,66,47,72,5e,e8,50,8f,6a,82,30,3c,91,01,ac,6c,82,48,\
5e,0d,e6,dc,91,10,46,d2,d4,73,af,87,e9,dd,2d,cd,ba,ae,b1,17,93,8a,94,5a,c7,\
d9,2b,33,aa,df,9d,a3,50,cd,36,d0,e8,b5,8c,3e,29,df,4e,85,46,90,d6,42,2c,69,\
b9,19,c0,cc,ed,83,1c,0b,4c,c8,54,7c,f6,4a,a6,05,58,f3,69,f9,8a,ee,71,02,e4,\
26,cd,12,14,2a,b5,20,7f,74,98,63,d8,1b,fb,d4,92,bf,b3,0c,c9,6a,9c,a4,77,6f,\
c2,d0,8c,43,7d,f8,33,06,ed,2d,7c,21,61,5f,f9,a3,ca,f2,a7,29,d1,b7,2b,ab,39,\
f0,80,da,29,e9,63,8d,cf,1a,f3,bc,8f,37,99,3d,fb,c9,7f,81,27,4c,c1,30,51,4d,\
cd,61,b3,7f,0a,7f,00,ad,83,d8,a7,cb,46,66,28,0b,b6,b5,99,67,7c,fd,42,17,0b,\
20,f8,7e,d5,dc,1a,04,cc,2d,56,e2,2a,4f,ec,06,59,99,5c,f1,66,11,04,85,00,2b,\
fd,e6,93,a7,b0,92,23,ec,aa,a5,35,fb,e1,ca,12,5d,ca,45,03,22,d0,c4,2b,4b,47,\
82,b0,ab,65,65,e6,10,ca,93,9e,6c,11,7f,14,e8,58,c5,31,a0,de,67,0f,62,21,7e,\
fc,f5,e2,f5,65,12,f4,fc,d7,43,5a,70,a6,80,ca,38,51,45,1b,e5,d7,db,b1,43,70,\
e2,74,05,2a,f5,b8,57,a5,69,74,59,8a,64,28,61,4e,df,e3,a6,07,45,2a,86,9a,de,\
84,b4,60,ea,2b,12,cd,a1,07,7a,05,ae,98,44,99,50,74,fa,83,d3,b3,2f,14,88,b0,\
4b,ea,4d,39,e9,70,75,53,e8,7a,47,33,40,d2,45,d3,3c,fd,6d,1a,a1,0c,c8,60,d7,\
5d,7c,9c,9f,55,72,4c,bb,52,99,b7,cd,4e,2b,d5,02,95,98,3f,fd,8f,8b,55,29,d3,\
b8,4d,71,ac,c6,77,d4,7f,e9,11,36,d8,12,7d,75,dc,27,e8,03,4f,e0,40,ae,46,85,\
23,52,8f,a5,82,ef,e8,e8,33,b9,3d,e2,95,23,be,64,c3,32,19,a5,19,68,9a,ad,da,\
dc,31,48,86,48,ba,5a,a3,a9,d8,cb,73,55,fe,25,17,91,7f,08,c1,ff,e0,86,bb,d0,\
20,66,5b,31,ab,e6,b9,49,16,18,bb,cc,b4,81,f8,12,1c,cd,44,ae,57,33,a1,2d,f3,\
b8,d3,81,42,a6,1e,ad,68,70,ad,7b,8e,16,45,82,1c,ea,fb,49,98,0a,e4,fa,f7,90,\
ba,5e,ae,60,25,7c,96,31,7c,a0,96,11,97,b9,44,f9,e1,e1,b9,ba,be,e3,00,0e,e7,\
c5,5e,3b,da,5c,b2,77,83,45,e4,13,fa,d8,a5,09,bf,ce,38,a2,2a,6f,03,29,04,ec,\
3c,89,83,d1,9b,04,4d,b0,12,f3,f3,47,92,74,19,88,18,96,1e
"rkeysecu"=hex:95,83,e7,a1,77,da,2f,22,23,83,6d,fb,1e,3e,74,84
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-08 22:40:35
ComboFix-quarantined-files.txt 2009-01-09 03:39:32
ComboFix2.txt 2009-01-09 00:07:26

Pre-Run: 58,383,953,920 bytes free
Post-Run: 58,367,238,144 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
361 --- E O F --- 2008-12-17 22:56:52


Report •

#7
January 8, 2009 at 20:05:31
Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 11 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •

#8
January 9, 2009 at 21:16:44
----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 10, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 09, 2009 22:50:41
Records in database: 1595702
----------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 129110
Threat name: 4
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 02:48:23


File name / Threat name / Threats count
C:\Documents and Settings\tanya\.housecall\Quarantine\loaderadv714.jar-489c03b-7dcf582a.zip.bac_a02704 Infected: Trojan-Downloader.Java.OpenStream.c 1
C:\Documents and Settings\tanya\Application Data\Sun\Java\Deployment\cache\6.0\63\28fedf7f-2b640cac Infected: Trojan-Downloader.Java.OpenStream.c 1
C:\Documents and Settings\tanya\Desktop\backups\backup-20090106-000053-937.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1
C:\Documents and Settings\tanya\My Documents\My Received Files\FF-Loader.exe Infected: Trojan.Win32.Agent.lr 1
C:\Documents and Settings\tanya\My Documents\My Received Files\FF-Loader.zip Infected: Trojan.Win32.Agent.lr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\evbpih.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ffkuz.dll.vir Infected: Trojan-Downloader.Win32.Murlo.vn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kqtdubsg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vluuoc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wdhabdwg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1

The selected area was scanned.


Report •

#9
January 11, 2009 at 17:04:38
Navigate to and delete the contents of this folder, not the folder itself:

C:\Documents and Settings\tanya\.housecall\Quarantine

Go to start> control panel> java> temporary internet files> settings> delete files> apply>ok> ok.

Navigate to and delete these files if found:

C:\Documents and Settings\tanya\Desktop\backups\backup-20090106-000053-937.dll


C:\Documents and Settings\tanya\My Documents\My Received Files\FF-Loader.exe


C:\Documents and Settings\tanya\My Documents\My Received Files\FF-Loader.zip

Your computer appears to be clean, except for the items found by Kaspersky.

Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Go to start> control panel> add/remove programs and uninstall these programs:

Hijack This

Malwarebytes

Kaspersky

You should keep AFT Cleaner and run it weekly.


You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?


Report •

#10
January 13, 2009 at 14:34:08
Thank you so much for your help. The comp is running much smoother now. I finally am able to update my AVG and spybot now that the trojan's gone, and I downloaded Spywareblaster too. Thanks again, happy virus hunting ;)

Report •

#11
January 13, 2009 at 18:48:27
Glad we could help.

Report •


Ask Question