Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

      
2 Pages V   1 2 >  
 Closed TopicStart new topic
> [Resolved] HI JACK THIS LOG. my computer talks and plays music it, AM I INFECTED OR NOT HOW TO REMOVE?
Freddinand
post Aug 8 2008, 11:18 AM
Post #1


New Member
*

Group: New Member
Posts: 9
Joined: 8-August 08
Member No.: 80,832
Operating System: Windows XP
MY COMPUTER PLAYS MUSIC AND VOICES ITSELF AM I INFECTED,,I HAVE TRIED SEVERLA ANTISPY BUT NOTHING YET,,,AND HELP PLEASE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:02:24, on 08/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\program files\voipcheapcom\voipcheapcom.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\AFinding.exe
C:\WINDOWS\system32\WServing.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\sobicyt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0D346AE6-7887-4133-BD08-8A5E633AC7D2} - (no file)
O2 - BHO: (no name) - {4DF51B73-406B-456E-AAE2-CC06F894E368} - (no file)
O2 - BHO: (no name) - {6EB57906-D1F7-4E1A-B1EE-A63F92D7760B} - (no file)
O2 - BHO: (no name) - {7E86F980-C6C0-4FEC-BF53-AF9F885C29EC} - (no file)
O2 - BHO: (no name) - {A4DC4044-20D7-4789-8E15-04882D28EA7E} - (no file)
O2 - BHO: (no name) - {B68093C3-EBED-42C8-9CFB-856D2705C67D} - (no file)
O2 - BHO: (no name) - {C29079DA-FB01-4807-813C-B3B1E914D9E7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [BMbb85959d] Rundll32.exe "C:\WINDOWS\system32\howiowfo.dll",s
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipCheapCom] "C:\program files\voipcheapcom\voipcheapcom.exe" -nosplash -minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: geBtQigh - geBtQigh.dll (file missing)
O20 - Winlogon Notify: pmnmmJCU - pmnmmJCU.dll (file missing)
O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 11793 bytes
Go to the top of the page
 
+Quote Post
IndiGenus
post Aug 10 2008, 05:57 PM
Post #2


Anti-Malware Buddha
Group Icon

Group: Classroom Teacher
Posts: 3,565
Joined: 22-July 04
From: New England, USA
Member No.: 10,811
Operating System: Windows XP Pro SP2 ~ Vista Ultimate ~ Ubuntu Linux
Hi and welcome to the forums here at WTT. wavey.gif

You have several infections going on here...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Go to the top of the page
 
+Quote Post
Freddinand
post Aug 10 2008, 10:16 PM
Post #3


New Member
*

Group: New Member
Posts: 9
Joined: 8-August 08
Member No.: 80,832
Operating System: Windows XP
hi and thanks for yr reply, i just did what u said and below its the combofix log and the hijackthis note, and please let me know what else needed to be done,,thanks

ComboFix 08-08-10.02 - Fred 2008-08-11 0:01:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.580 [GMT -4:00]
Running from: C:\Documents and Settings\Fred\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\iolo\common\lib\ioloHL.dll
C:\Program Files\iolo\Common\Lib\sguard.dll


((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2008-08-08 12:44 . 2008-08-08 12:44 <DIR> d-------- C:\WINDOWS\system32\HouseCall 6.6
2008-08-08 12:44 . 2008-08-08 12:44 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\HouseCall 6.6
2008-08-08 01:02 . 2008-08-08 01:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 16:12 . 2008-08-07 16:12 0 --a------ C:\WINDOWS\BMbb85959d.xml
2008-08-07 13:19 . 2005-06-23 21:09 73,728 --a--c--- C:\WINDOWS\system32\dllcache\wmplayer.exe
2008-08-07 12:50 . 2008-08-07 12:50 <DIR> d-------- C:\Program Files\GlobalSCAPE
2008-08-07 12:32 . 2008-08-07 12:32 <DIR> d-------- C:\Program Files\Windows Script Control
2008-08-07 12:32 . 2008-08-07 14:59 <DIR> d-------- C:\Program Files\PHPMaker 5
2008-08-07 12:32 . 2008-08-07 14:58 <DIR> d-------- C:\Program Files\Common Files\e.World
2008-08-06 15:05 . 2008-08-06 15:36 <DIR> d-------- C:\Program Files\RegCure
2008-08-06 14:27 . 2008-08-10 12:57 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\LimeWire
2008-08-03 15:24 . 2008-08-03 15:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-02 12:59 . 2008-08-02 12:59 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Grisoft
2008-08-02 12:58 . 2008-08-02 12:58 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-08-02 12:58 . 2008-08-02 12:58 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\iolo
2008-08-02 12:57 . 2008-07-11 18:18 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\toshiba
2008-08-02 12:57 . 2008-07-11 18:18 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Sonic
2008-08-02 12:57 . 2008-07-11 11:47 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Intel
2008-08-02 12:57 . 2008-08-02 12:57 <DIR> d-------- C:\Documents and Settings\Guest
2008-08-02 11:24 . 2008-08-06 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-02 10:56 . 2008-08-02 10:56 <DIR> d-------- C:\Program Files\Dachshund Software
2008-08-02 10:56 . 2008-08-02 10:59 250 --ah----- C:\WINDOWS\sysreg.dat
2008-08-02 10:44 . 2008-08-02 10:44 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Grisoft
2008-08-02 10:40 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-01 10:16 . 2008-08-01 10:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-01 03:31 . 2008-08-01 03:31 89,674 --a------ C:\WINDOWS\WinVerCheck.exe
2008-07-31 12:32 . 2008-07-31 12:32 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\SUPERAntiSpyware.com
2008-07-31 12:32 . 2008-07-31 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-31 10:59 . 2008-07-31 10:59 <DIR> d-------- C:\Program Files\TechSmith
2008-07-31 10:59 . 2008-07-31 10:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-31 10:58 . 2008-08-03 15:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 01:17 . 2008-07-31 01:17 131,072 --a------ C:\WINDOWS\winxml2a.dll
2008-07-30 23:23 . 2004-08-10 09:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-30 23:03 . 2008-07-30 23:20 <DIR> d-------- C:\Program Files\Antenna
2008-07-30 20:49 . 2008-07-30 20:49 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Sony
2008-07-30 12:44 . 2008-07-30 18:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-30 10:09 . 2008-07-30 10:09 131,072 --a------ C:\WINDOWS\winxml2c.dll
2008-07-30 09:50 . 2008-07-30 09:50 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Duplicate File Hunter
2008-07-30 01:27 . 2008-07-30 01:27 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-29 22:06 . 2008-07-29 22:06 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-28 14:54 . 2008-07-28 14:54 883 ---hs---- C:\Documents and Settings\Fred\SetupDL.exe
2008-07-28 11:50 . 2008-07-28 11:50 <DIR> d-------- C:\Program Files\MSBuild
2008-07-28 11:47 . 2008-07-28 11:47 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-28 11:46 . 2008-07-28 11:46 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-28 11:45 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-07-28 11:37 . 2008-07-28 11:38 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Sony Setup
2008-07-28 11:28 . 2008-07-28 11:28 <DIR> d-------- C:\Program Files\Portrait Professional Max 6
2008-07-28 11:28 . 2008-07-28 11:28 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Anthropics
2008-07-28 11:27 . 2008-07-28 11:27 883 ---hs---- C:\Documents and Settings\Fred\MediaTubeCodec_ver1.1463.0.exe
2008-07-28 11:03 . 2000-05-22 00:00 140,488 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-07-28 11:03 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-07-26 12:52 . 2008-07-31 20:38 <DIR> d-------- C:\Program Files\Webroot
2008-07-26 12:52 . 2008-07-26 12:52 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-26 12:52 . 2008-07-31 15:08 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Webroot
2008-07-26 12:52 . 2008-07-31 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-26 12:52 . 2007-11-26 14:47 194,888 --a------ C:\WINDOWS\Unwash6.exe
2008-07-26 11:16 . 2008-07-26 11:16 271 --a------ C:\WINDOWS\SysMech.INI
2008-07-25 14:25 . 2008-07-25 14:25 524,288 --a------ C:\WINDOWS\Setup_ver1.1530.0.exe
2008-07-23 16:29 . 2008-07-23 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-23 16:21 . 2008-08-04 09:06 <DIR> d-------- C:\Program Files\Bonjour
2008-07-23 16:08 . 2008-07-23 16:08 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-23 14:30 . 2008-07-28 14:49 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\.ABC
2008-07-23 14:27 . 2008-07-28 14:49 <DIR> d-------- C:\Program Files\ABC
2008-07-20 23:05 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-07-20 23:05 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-07-20 23:05 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-07-20 23:05 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-07-20 23:05 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-07-20 23:05 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-07-20 23:05 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-07-20 23:05 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-07-19 21:46 . 2008-07-19 21:46 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-07-19 21:46 . 2008-07-19 21:46 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-07-19 16:09 . 2008-07-19 16:09 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\AdobeUM
2008-07-19 09:58 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-18 17:45 . 2004-02-19 14:12 299,776 --a------ C:\WINDOWS\system32\drivers\snpstd.sys
2008-07-18 17:45 . 2003-04-21 13:09 245,408 --a------ C:\WINDOWS\Unicows.dll
2008-07-18 17:45 . 2003-12-10 13:17 57,344 --a------ C:\WINDOWS\system32\csnpstd.dll
2008-07-18 17:45 . 2003-10-22 08:40 53,248 --a------ C:\WINDOWS\system32\dsnpstd.dll
2008-07-18 17:45 . 2003-12-31 16:39 40,960 --a------ C:\WINDOWS\vsnpstd.exe
2008-07-18 17:45 . 2003-06-03 13:35 40,960 --a------ C:\WINDOWS\CleanDev.exe
2008-07-18 17:45 . 2004-01-28 16:59 36,864 --a------ C:\WINDOWS\system32\vsnpstd.dll
2008-07-18 17:45 . 2004-01-28 16:14 36,864 --a------ C:\WINDOWS\system32\dsnpstd.ax
2008-07-18 17:45 . 2004-02-16 17:15 15,541 --a------ C:\WINDOWS\snpstd.ini
2008-07-18 17:45 . 2003-01-17 16:35 13,023 --a------ C:\WINDOWS\snpstd.src
2008-07-18 10:07 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-18 10:07 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-18 10:07 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-18 10:07 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-18 10:07 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-18 10:07 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-18 10:07 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-18 10:07 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-18 10:07 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-18 00:03 . 2008-07-18 00:03 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData
2008-07-18 00:02 . 2008-07-18 00:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Skype
2008-07-17 21:36 . 2008-07-17 21:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-07-17 16:20 . 2008-07-17 16:20 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\InterVideo
2008-07-17 16:17 . 2008-07-17 16:17 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Media Player Classic
2008-07-17 16:17 . 2006-09-24 11:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-07-17 16:17 . 2004-01-25 12:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-07-17 16:17 . 2007-09-04 12:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-17 16:17 . 2007-09-20 20:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-07-17 16:17 . 2007-10-03 11:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-07-17 16:16 . 2008-07-17 16:16 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-17 16:16 . 2008-03-21 16:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-17 16:16 . 2008-01-10 08:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-17 16:16 . 2008-03-31 17:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-07-17 16:16 . 2008-01-10 08:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-17 16:16 . 2008-03-21 16:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-07-17 16:16 . 2008-03-28 13:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-17 16:16 . 2007-07-10 12:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-17 13:57 . 2008-08-01 14:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-17 13:57 . 2008-07-17 13:57 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Malwarebytes
2008-07-17 13:57 . 2008-07-17 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-17 13:57 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-17 13:44 . 2008-07-17 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-07-17 00:07 . 2008-08-10 01:28 <DIR> d-------- C:\Program Files\WebTV
2008-07-17 00:07 . 2008-07-17 00:07 <DIR> d-------- C:\Program Files\Common Files\Xstream
2008-07-17 00:07 . 2008-07-17 00:07 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\InstallShield
2008-07-17 00:07 . 2002-08-29 02:41 882,688 --------- C:\WINDOWS\system32\gdiplus.dll
2008-07-17 00:07 . 2005-03-14 17:27 338,432 --a------ C:\WINDOWS\system32\3dabm7u.ocx
2008-07-17 00:07 . 2003-04-21 13:09 245,408 --------- C:\WINDOWS\system32\unicows.dll
2008-07-17 00:07 . 2005-09-17 01:34 227,840 --------- C:\WINDOWS\system32\tssOfficeMenu1d.ocx
2008-07-17 00:07 . 2004-03-08 18:00 132,880 --a------ C:\WINDOWS\system32\msinet.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 20:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-11 22:26 --------- d-----w C:\Program Files\Synaptics
2008-07-11 22:26 --------- d-----w C:\Program Files\Sonic
2008-07-11 22:26 --------- d-----w C:\Program Files\SigmaTel
2008-07-11 22:26 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-11 22:25 --------- d-----w C:\Program Files\ltmoh
2008-07-11 22:25 --------- d-----w C:\Program Files\InterVideo
2008-07-11 22:24 --------- d-----w C:\Program Files\Common Files\Java
2008-07-11 22:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-11 22:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\toshiba
2008-07-11 22:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-11 16:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-11 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-11 15:47 --------- d-----w C:\Program Files\Intel
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 09:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-07-11 16:50 3739672]
"VoipCheapCom"="C:\program files\voipcheapcom\voipcheapcom.exe" [2007-02-20 14:23 7202360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 09:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-23 17:11 7340032]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-05-11 06:01 253952]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 06:31 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-08 12:58 761947]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-08-31 10:46 102400]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-21 09:52 1077330]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 07:42 49152]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41 602182]
"SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe" [2008-06-19 17:22 487776]
"000StTHK"="000StTHK.exe" [2001-06-22 23:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFNF5"="TFNF5.exe" [2005-12-09 13:36 581632 C:\WINDOWS\system32\TFNF5.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 09:29 88203 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-12-12 13:10 299008 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2005-12-12 13:10 102400 C:\WINDOWS\system32\TPSODDCtl.exe]
"TFncKy"="TFncKy.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingm52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqx41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"C:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"C:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 XPacket;iolo Personal Firewall Driver;C:\WINDOWS\system32\xpacket.sys [2008-04-17 10:36]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 TOS_SPS;TOSHIBA SPS Driver;C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys [2005-12-21 07:27]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys [2005-09-21 22:35]
S0 Wingm52;Wingm52;C:\WINDOWS\system32\Drivers\Wingm52.sys []
S0 Winqx41;Winqx41;C:\WINDOWS\system32\Drivers\Winqx41.sys []
S0 Winwc84;Winwc84;C:\WINDOWS\system32\Drivers\Winwc84.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-08-06 15:06]

2008-08-06 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-08-06 15:06]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-BMbb85959d - C:\WINDOWS\system32\howiowfo.dll
ShellExecuteHooks-{EF783F5D-2305-4617-BD82-08AAEBBE61AC} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-geBtQigh - geBtQigh.dll
Notify-pmnmmJCU - pmnmmJCU.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
C:\WINDOWS\Downloaded Program Files\hcImpl.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 00:03:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
-> C:\WINDOWS\system32\iavlsp.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
.
Completion time: 2008-08-11 0:04:50
ComboFix-quarantined-files.txt 2008-08-11 04:04:34

Pre-Run: 36,370,911,232 bytes free
Post-Run: 36,361,306,112 bytes free

272 --- E O F --- 2008-08-07 18:41:58




AND HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:43, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipCheapCom] "C:\program files\voipcheapcom\voipcheapcom.exe" -nosplash -minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9747 bytes
Go to the top of the page
 
+Quote Post
IndiGenus
post Aug 11 2008, 07:55 AM
Post #4


Anti-Malware Buddha
Group Icon

Group: Classroom Teacher
Posts: 3,565
Joined: 22-July 04
From: New England, USA
Member No.: 10,811
Operating System: Windows XP Pro SP2 ~ Vista Ultimate ~ Ubuntu Linux
Need you to run combofix again using a script I have prepared. Also have a question...what product are you running from Iolo? It doesn't look like the antivirus to me. If not we'll need to get an AV installed ASAP. Let me know on that please. Also, need you to update your Java.

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 7.
  • Go to the Sun Java Website
  • Click on the download button next to Java Runtime Environment (JRE) 6 Update 7
  • Check the circle next to I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click on the link Windows Offline Installation, Multi-language and save the downloaded file to your hard disk.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
Driver::
Wingm52
Winqx41
Winwc84

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingm52.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqx41.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc84.sys]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


Let me know how it's running too please.
Go to the top of the page
 
+Quote Post
Freddinand
post Aug 11 2008, 09:13 AM
Post #5


New Member
*

Group: New Member
Posts: 9
Joined: 8-August 08
Member No.: 80,832
Operating System: Windows XP
hi.
i am using system mechanis professional 8. it has iolo antivirus and firewall etc etc.

ok here is the log for the combofix

ComboFix 08-08-10.02 - Fred 2008-08-11 11:04:27.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.603 [GMT -4:00]
Running from: C:\Documents and Settings\Fred\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINGM52
-------\Legacy_WINQX41
-------\Legacy_WINWC84
-------\Service_Wingm52
-------\Service_Winqx41
-------\Service_Winwc84


((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2008-08-11 10:42 . 2008-08-11 10:42 <DIR> d-------- C:\Program Files\Sun
2008-08-11 10:42 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-08 12:44 . 2008-08-08 12:44 <DIR> d-------- C:\WINDOWS\system32\HouseCall 6.6
2008-08-08 12:44 . 2008-08-08 12:44 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\HouseCall 6.6
2008-08-08 01:02 . 2008-08-08 01:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 16:12 . 2008-08-07 16:12 0 --a------ C:\WINDOWS\BMbb85959d.xml
2008-08-07 13:19 . 2005-06-23 21:09 73,728 --a--c--- C:\WINDOWS\system32\dllcache\wmplayer.exe
2008-08-07 12:50 . 2008-08-07 12:50 <DIR> d-------- C:\Program Files\GlobalSCAPE
2008-08-07 12:32 . 2008-08-07 12:32 <DIR> d-------- C:\Program Files\Windows Script Control
2008-08-07 12:32 . 2008-08-07 14:59 <DIR> d-------- C:\Program Files\PHPMaker 5
2008-08-07 12:32 . 2008-08-07 14:58 <DIR> d-------- C:\Program Files\Common Files\e.World
2008-08-06 15:05 . 2008-08-06 15:36 <DIR> d-------- C:\Program Files\RegCure
2008-08-06 14:27 . 2008-08-10 12:57 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\LimeWire
2008-08-03 15:24 . 2008-08-03 15:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-02 12:59 . 2008-08-02 12:59 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Grisoft
2008-08-02 12:58 . 2008-08-02 12:58 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-08-02 12:58 . 2008-08-02 12:58 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\iolo
2008-08-02 12:57 . 2008-07-11 18:18 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\toshiba
2008-08-02 12:57 . 2008-07-11 18:18 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Sonic
2008-08-02 12:57 . 2008-07-11 11:47 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Intel
2008-08-02 12:57 . 2008-08-02 12:57 <DIR> d-------- C:\Documents and Settings\Guest
2008-08-02 11:24 . 2008-08-06 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-02 10:56 . 2008-08-02 10:56 <DIR> d-------- C:\Program Files\Dachshund Software
2008-08-02 10:56 . 2008-08-02 10:59 250 --ah----- C:\WINDOWS\sysreg.dat
2008-08-02 10:44 . 2008-08-02 10:44 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Grisoft
2008-08-02 10:40 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-01 10:16 . 2008-08-01 10:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-01 03:31 . 2008-08-01 03:31 89,674 --a------ C:\WINDOWS\WinVerCheck.exe
2008-07-31 12:32 . 2008-07-31 12:32 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\SUPERAntiSpyware.com
2008-07-31 12:32 . 2008-07-31 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-31 10:59 . 2008-07-31 10:59 <DIR> d-------- C:\Program Files\TechSmith
2008-07-31 10:59 . 2008-07-31 10:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-31 10:58 . 2008-08-03 15:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 01:17 . 2008-07-31 01:17 131,072 --a------ C:\WINDOWS\winxml2a.dll
2008-07-30 23:23 . 2004-08-10 09:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-30 23:03 . 2008-07-30 23:20 <DIR> d-------- C:\Program Files\Antenna
2008-07-30 20:49 . 2008-07-30 20:49 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Sony
2008-07-30 12:44 . 2008-07-30 18:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-30 10:09 . 2008-07-30 10:09 131,072 --a------ C:\WINDOWS\winxml2c.dll
2008-07-30 09:50 . 2008-07-30 09:50 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Duplicate File Hunter
2008-07-30 01:27 . 2008-07-30 01:27 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-29 22:06 . 2008-07-29 22:06 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-28 14:54 . 2008-07-28 14:54 883 ---hs---- C:\Documents and Settings\Fred\SetupDL.exe
2008-07-28 11:50 . 2008-07-28 11:50 <DIR> d-------- C:\Program Files\MSBuild
2008-07-28 11:47 . 2008-07-28 11:47 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-28 11:46 . 2008-07-28 11:46 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-28 11:45 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-07-28 11:37 . 2008-07-28 11:38 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Sony Setup
2008-07-28 11:28 . 2008-07-28 11:28 <DIR> d-------- C:\Program Files\Portrait Professional Max 6
2008-07-28 11:28 . 2008-07-28 11:28 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Anthropics
2008-07-28 11:27 . 2008-07-28 11:27 883 ---hs---- C:\Documents and Settings\Fred\MediaTubeCodec_ver1.1463.0.exe
2008-07-28 11:03 . 2000-05-22 00:00 140,488 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-07-28 11:03 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-07-26 12:52 . 2008-07-31 20:38 <DIR> d-------- C:\Program Files\Webroot
2008-07-26 12:52 . 2008-07-26 12:52 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-26 12:52 . 2008-07-31 15:08 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Webroot
2008-07-26 12:52 . 2008-07-31 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-26 12:52 . 2007-11-26 14:47 194,888 --a------ C:\WINDOWS\Unwash6.exe
2008-07-26 11:16 . 2008-07-26 11:16 271 --a------ C:\WINDOWS\SysMech.INI
2008-07-25 14:25 . 2008-07-25 14:25 524,288 --a------ C:\WINDOWS\Setup_ver1.1530.0.exe
2008-07-23 16:29 . 2008-07-23 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-23 16:21 . 2008-08-04 09:06 <DIR> d-------- C:\Program Files\Bonjour
2008-07-23 16:08 . 2008-07-23 16:08 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-23 14:30 . 2008-07-28 14:49 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\.ABC
2008-07-23 14:27 . 2008-07-28 14:49 <DIR> d-------- C:\Program Files\ABC
2008-07-20 23:05 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-07-20 23:05 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-07-20 23:05 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-07-20 23:05 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-07-20 23:05 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-07-20 23:05 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-07-20 23:05 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-07-20 23:05 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-07-19 21:46 . 2008-07-19 21:46 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-07-19 21:46 . 2008-07-19 21:46 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-07-19 16:09 . 2008-07-19 16:09 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\AdobeUM
2008-07-19 09:58 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-18 17:45 . 2004-02-19 14:12 299,776 --a------ C:\WINDOWS\system32\drivers\snpstd.sys
2008-07-18 17:45 . 2003-04-21 13:09 245,408 --a------ C:\WINDOWS\Unicows.dll
2008-07-18 17:45 . 2003-12-10 13:17 57,344 --a------ C:\WINDOWS\system32\csnpstd.dll
2008-07-18 17:45 . 2003-10-22 08:40 53,248 --a------ C:\WINDOWS\system32\dsnpstd.dll
2008-07-18 17:45 . 2003-12-31 16:39 40,960 --a------ C:\WINDOWS\vsnpstd.exe
2008-07-18 17:45 . 2003-06-03 13:35 40,960 --a------ C:\WINDOWS\CleanDev.exe
2008-07-18 17:45 . 2004-01-28 16:59 36,864 --a------ C:\WINDOWS\system32\vsnpstd.dll
2008-07-18 17:45 . 2004-01-28 16:14 36,864 --a------ C:\WINDOWS\system32\dsnpstd.ax
2008-07-18 17:45 . 2004-02-16 17:15 15,541 --a------ C:\WINDOWS\snpstd.ini
2008-07-18 17:45 . 2003-01-17 16:35 13,023 --a------ C:\WINDOWS\snpstd.src
2008-07-18 10:07 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-18 10:07 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-18 10:07 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-18 10:07 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-18 10:07 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-18 10:07 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-18 10:07 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-18 10:07 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-18 10:07 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-18 00:03 . 2008-07-18 00:03 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData
2008-07-18 00:02 . 2008-07-18 00:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Skype
2008-07-17 21:36 . 2008-07-17 21:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-07-17 16:20 . 2008-07-17 16:20 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\InterVideo
2008-07-17 16:17 . 2008-07-17 16:17 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Media Player Classic
2008-07-17 16:17 . 2006-09-24 11:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-07-17 16:17 . 2004-01-25 12:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-07-17 16:17 . 2007-09-04 12:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-17 16:17 . 2007-09-20 20:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-07-17 16:17 . 2007-10-03 11:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-07-17 16:16 . 2008-07-17 16:16 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-17 16:16 . 2008-03-21 16:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-17 16:16 . 2008-01-10 08:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-17 16:16 . 2008-03-31 17:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-07-17 16:16 . 2008-01-10 08:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-17 16:16 . 2008-03-21 16:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-07-17 16:16 . 2008-03-28 13:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-17 16:16 . 2007-07-10 12:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-17 13:57 . 2008-08-01 14:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-17 13:57 . 2008-07-17 13:57 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Malwarebytes
2008-07-17 13:57 . 2008-07-17 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-17 13:57 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-17 13:44 . 2008-07-17 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-07-17 00:07 . 2008-08-10 01:28 <DIR> d-------- C:\Program Files\WebTV
2008-07-17 00:07 . 2008-07-17 00:07 <DIR> d-------- C:\Program Files\Common Files\Xstream
2008-07-17 00:07 . 2008-07-17 00:07 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\InstallShield
2008-07-17 00:07 . 2002-08-29 02:41 882,688 --------- C:\WINDOWS\system32\gdiplus.dll
2008-07-17 00:07 . 2005-03-14 17:27 338,432 --a------ C:\WINDOWS\system32\3dabm7u.ocx
2008-07-17 00:07 . 2003-04-21 13:09 245,408 --------- C:\WINDOWS\system32\unicows.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 14:42 --------- d-----w C:\Program Files\Java
2008-08-07 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 20:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-11 22:26 --------- d-----w C:\Program Files\Synaptics
2008-07-11 22:26 --------- d-----w C:\Program Files\Sonic
2008-07-11 22:26 --------- d-----w C:\Program Files\SigmaTel
2008-07-11 22:26 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-11 22:25 --------- d-----w C:\Program Files\ltmoh
2008-07-11 22:25 --------- d-----w C:\Program Files\InterVideo
2008-07-11 22:24 --------- d-----w C:\Program Files\Common Files\Java
2008-07-11 22:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-11 22:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\toshiba
2008-07-11 22:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-11 16:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-11 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-11 15:47 --------- d-----w C:\Program Files\Intel
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 09:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-07-11 16:50 3739672]
"VoipCheapCom"="C:\program files\voipcheapcom\voipcheapcom.exe" [2007-02-20 14:23 7202360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 09:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-23 17:11 7340032]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-05-11 06:01 253952]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 06:31 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-08 12:58 761947]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-08-31 10:46 102400]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-21 09:52 1077330]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 07:42 49152]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41 602182]
"SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe" [2008-06-19 17:22 487776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"000StTHK"="000StTHK.exe" [2001-06-22 23:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFNF5"="TFNF5.exe" [2005-12-09 13:36 581632 C:\WINDOWS\system32\TFNF5.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 09:29 88203 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-12-12 13:10 299008 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2005-12-12 13:10 102400 C:\WINDOWS\system32\TPSODDCtl.exe]
"TFncKy"="TFncKy.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"C:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"C:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 XPacket;iolo Personal Firewall Driver;C:\WINDOWS\system32\xpacket.sys [2008-04-17 10:36]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 TOS_SPS;TOSHIBA SPS Driver;C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys [2005-12-21 07:27]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys [2005-09-21 22:35]
.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-08-06 15:06]

2008-08-06 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-08-06 15:06]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
C:\WINDOWS\Downloaded Program Files\hcImpl.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 11:06:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
-> C:\WINDOWS\system32\iavlsp.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
.
Completion time: 2008-08-11 11:07:48
ComboFix-quarantined-files.txt 2008-08-11 15:07:33
ComboFix2.txt 2008-08-11 04:04:50

Pre-Run: 35,623,297,024 bytes free
Post-Run: 35,609,903,104 bytes free

267 --- E O F --- 2008-08-07 18:41:58

here is for the hijajack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:23, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility&