svrmxdf

August 19, 2008

Thanks for the help its too have work

August 17, 2008

Adobe Flash Player ActiveX

Adobe Reader 6.0

AntivirXP08

BigFix

Digital Media Reader

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB935448)

Hotfix for Windows XP (KB952287)

Intel® Graphics Media Accelerator Driver

Java 2 Runtime Environment, SE v1.4.2

Java 6 Update 7

Learn2 Player (Uninstall Only)

LimeWire PRO 4.18.3

LiveUpdate (Symantec Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB930494)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft .NET Framework 3.0

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Picture It! Premium 10

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

MSXML 4.0 SP2 (KB936181)

MSXML 6.0 Parser (KB933579)

Multimedia Keyboard Driver

Nero BurnRights

Nero OEM

Norton Security Center

PowerDVD

RealPlayer Basic

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

SoftV92 Data Fax Modem with SmartCP

Sonic Encoders

Spyware Doctor 6.0

Update for Windows XP (KB904942)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB951072-v2)

Viewpoint Media Player

Windows Communication Foundation

Windows Imaging Component

Windows Internet Explorer 7

Windows Presentation Foundation

Windows Workflow Foundation

August 17, 2008

ComboFix 08-08-15.04 - Owner 2008-08-17 13:48:14.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2590 [GMT -7:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

* Created a new restore point

FILE ::

C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP

C:\WINDOWS\system32\efutkbyl.exe

C:\WINDOWS\system32\lphccvbj0e531.exe

C:\WINDOWS\system32\tcfkzkfg.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\zeruhqpu

C:\Documents and Settings\All Users\Application Data\zeruhqpu\jmhudwnc.exe

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk

C:\Documents and Settings\Owner\Application Data\rhc9vbj0e531

C:\Program Files\rhc9vbj0e531

C:\Program Files\rhc9vbj0e531\database.dat

C:\Program Files\rhc9vbj0e531\license.txt

C:\Program Files\rhc9vbj0e531\MFC71.dll

C:\Program Files\rhc9vbj0e531\MFC71ENU.DLL

C:\Program Files\rhc9vbj0e531\msvcp71.dll

C:\Program Files\rhc9vbj0e531\msvcr71.dll

C:\Program Files\rhc9vbj0e531\rhc9vbj0e531.exe

C:\Program Files\rhc9vbj0e531\rhc9vbj0e531.exe.local

C:\Program Files\rhc9vbj0e531\Uninstall.exe

C:\Program Files\vykhpud

C:\Program Files\vykhpud\DbHlp.dll

C:\WINDOWS\system32\blphccvbj0e531.scr

C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver

C:\WINDOWS\system32\efutkbyl.exe

C:\WINDOWS\system32\lphccvbj0e531.exe

C:\WINDOWS\system32\phccvbj0e531.bmp

C:\WINDOWS\system32\pphccvbj0e531.exe

C:\WINDOWS\system32\tcfkzkfg.exe

.

((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))

.

2008-08-17 13:16 . 2008-08-17 13:16 195,584 --a------ C:\WINDOWS\system32\sxwjqzqp.exe

2008-08-17 13:16 . 2008-08-17 13:16 73,728 --a------ C:\WINDOWS\system32\gxoniban.exe

2008-08-14 07:42 . 2008-08-14 07:42 <DIR> d-------- C:\Program Files\Trend Micro

2008-08-14 07:11 . 2008-08-14 07:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools

2008-08-14 07:11 . 2008-08-14 07:10 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys

2008-08-14 07:10 . 2008-08-14 07:11 <DIR> d-------- C:\Program Files\Common Files\PC Tools

2008-08-14 07:08 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-08-14 07:08 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-08-14 07:03 . 2008-08-17 13:16 <DIR> d-------- C:\Program Files\Spyware Doctor

2008-08-14 07:03 . 2008-08-14 07:03 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools

2008-08-14 07:03 . 2008-08-17 13:46 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-08-14 07:03 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-08-14 07:03 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-08-14 07:03 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-08-14 07:03 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-08-13 17:44 . 2008-05-01 07:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-11 06:46 . 2008-08-11 06:46 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP

2008-08-11 06:40 . 2008-08-11 06:40 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files

2008-08-10 22:26 . 2008-08-10 22:26 <DIR> d-------- C:\WINDOWS\Sun

2008-08-10 22:26 . 2008-08-16 17:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire

2008-08-10 22:26 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-10 22:23 . 2008-08-10 22:24 <DIR> d-------- C:\Program Files\LimeWire

2008-08-10 18:28 . 2008-08-10 18:28 2 --a------ C:\WINDOWS\msoffice.ini

2008-08-10 18:23 . 2008-08-11 06:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec

2008-08-10 14:34 . 2008-08-10 22:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Symantec

2008-08-10 14:34 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-08-10 14:34 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2008-08-10 14:33 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-08-10 14:33 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-08-10 14:33 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-08-10 14:33 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-08-10 14:33 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-10 14:33 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-08-09 17:08 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-08-09 17:08 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-09 16:57 . 2008-06-23 09:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-08-09 16:57 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-08-09 16:57 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-08-09 16:57 . 2008-06-23 09:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-08-09 16:57 . 2008-06-23 09:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-08-09 16:57 . 2008-06-23 09:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-08-09 16:57 . 2008-06-23 09:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-08-09 16:57 . 2008-06-23 09:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-08-09 16:57 . 2008-06-23 02:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-08-09 16:54 . 2008-08-09 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad

2008-08-09 16:52 . 2008-08-09 16:52 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-08-09 16:48 . 2008-08-09 16:48 <DIR> d-------- C:\Program Files\MSBuild

2008-08-09 16:44 . 2008-08-09 16:44 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-08-09 16:44 . 2008-08-09 16:44 <DIR> d-------- C:\Program Files\Reference Assemblies

2008-08-09 16:44 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-08-09 16:40 . 2007-12-04 11:38 550,912 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll

2008-08-09 16:40 . 2007-04-23 03:32 364,160 -----c--- C:\WINDOWS\system32\dllcache\update.sys

2008-08-09 16:40 . 2007-12-18 02:51 179,584 -----c--- C:\WINDOWS\system32\dllcache\mrxdav.sys

2008-08-09 16:38 . 2007-04-16 08:52 984,576 -----c--- C:\WINDOWS\system32\dllcache\kernel32.dll

2008-08-09 16:38 . 2007-07-09 06:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-08-09 16:38 . 2007-02-09 04:10 574,464 -----c--- C:\WINDOWS\system32\dllcache\ntfs.sys

2008-08-09 16:38 . 2007-03-17 06:43 292,864 -----c--- C:\WINDOWS\system32\dllcache\winsrv.dll

2008-08-09 16:38 . 2007-02-05 13:17 185,344 -----c--- C:\WINDOWS\system32\dllcache\upnphost.dll

2008-08-09 16:38 . 2007-04-25 07:21 144,896 -----c--- C:\WINDOWS\system32\dllcache\schannel.dll

2008-08-09 16:36 . 2006-12-06 23:40 2,362,184 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll

2008-08-09 16:35 . 2006-06-21 22:06 1,435,648 -----c--- C:\WINDOWS\system32\dllcache\query.dll

2008-08-09 16:34 . 2006-11-27 07:54 539,136 -----c--- C:\WINDOWS\system32\dllcache\msftedit.dll

2008-08-09 16:34 . 2006-05-05 02:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys

2008-08-09 16:34 . 2006-11-27 07:54 433,152 -----c--- C:\WINDOWS\system32\dllcache\riched20.dll

2008-08-09 16:34 . 2006-06-22 03:47 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll

2008-08-09 16:34 . 2006-05-05 02:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys

2008-08-09 16:34 . 2006-06-01 11:47 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll

2008-08-09 16:34 . 2008-06-20 10:41 148,992 --a--c--- C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-08-09 16:34 . 2006-05-19 05:59 111,616 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll

2008-08-09 16:34 . 2006-05-19 05:59 94,720 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll

2008-08-09 16:34 . 2006-06-01 11:47 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll

2008-08-09 16:33 . 2006-03-16 17:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe

2008-08-09 16:31 . 2008-08-13 19:51 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-08-09 16:31 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-09 15:04 . 2008-08-09 15:04 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-08-09 14:58 . 2008-08-09 14:58 <DIR> d-------- C:\WINDOWS\system32\RTCOM

2008-08-09 14:58 . 2004-12-01 11:54 163,840 --a------ C:\WINDOWS\system32\igfxres.dll

2008-08-09 14:57 . 2004-10-27 19:43 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS

2008-08-09 14:57 . 2008-08-09 14:52 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView

2008-08-09 14:57 . 2004-10-27 19:43 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS

2008-08-09 14:57 . 2008-08-09 14:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SampleView

2008-08-09 14:57 . 2008-08-16 19:45 <DIR> d-------- C:\Documents and Settings\Owner

2008-08-09 14:54 . 2008-08-09 14:54 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

2008-08-09 14:52 . 2005-01-09 20:32 181,938 --a------ C:\WINDOWS\Gateway.bmp

2008-08-09 14:52 . 2008-08-09 14:52 333 --a------ C:\WINDOWS\system32\$ncsp$.inf

2008-08-09 14:52 . 2008-08-09 14:52 0 --a------ C:\WINDOWS\system32\Gateway_832GM__.MRK

2008-08-09 14:51 . 2008-08-09 14:51 <DIR> d-------- C:\Program Files\Realtek

2008-08-09 14:51 . 2008-08-09 14:51 <DIR> d-------- C:\Program Files\MSN Encarta Plus

2008-08-09 14:50 . 2004-05-17 18:30 543,232 --a------ C:\WINDOWS\zHotkey.exe

2008-08-09 14:50 . 2003-05-26 19:19 532,544 --a------ C:\WINDOWS\PIC.dll

2008-08-09 14:50 . 2004-07-15 14:06 471,298 --a------ C:\WINDOWS\wallpg.exe

2008-08-09 14:50 . 2005-01-11 13:09 51,656 --a------ C:\WINDOWS\system32\OEMLOGO.bmp

2008-08-09 14:50 . 2003-09-19 09:09 36,864 --a------ C:\WINDOWS\ShowWnd.exe

2008-08-09 14:50 . 2001-07-02 20:36 24,576 --a------ C:\WINDOWS\HKNTDLL.dll

2008-08-09 14:50 . 2004-09-03 16:07 20,480 --a------ C:\WINDOWS\system32\Marker32.exe

2008-08-09 14:50 . 2000-08-07 11:57 5,280 --a------ C:\WINDOWS\hotbtnv.vxd

2008-08-09 14:50 . 2004-03-02 09:40 3,926 --a------ C:\WINDOWS\mHotkey.reg

2008-08-09 14:48 . 2008-08-09 14:48 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\McAfee

2008-08-09 14:48 . 2008-08-09 14:48 <DIR> d-------- C:\Program Files\Google

2008-08-09 14:48 . 2004-10-27 19:43 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS

2008-08-09 14:48 . 2008-08-09 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com

2008-08-09 14:48 . 2008-08-09 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2008-08-09 14:47 . 2008-08-09 14:47 <DIR> d-------- C:\Program Files\Viewpoint

2008-08-09 14:47 . 2008-08-10 18:57 <DIR> d-------- C:\Program Files\Pure Networks

2008-08-09 14:47 . 2008-08-09 14:47 <DIR> d-------- C:\Program Files\Learn2.com

2008-08-09 14:47 . 2008-08-09 14:47 <DIR> d-------- C:\Program Files\Common Files\Ahead

2008-08-09 14:47 . 2008-08-09 14:47 <DIR> d-------- C:\Program Files\BigFix

2008-08-09 14:47 . 2008-08-09 14:47 <DIR> d-------- C:\Program Files\Ahead

2008-08-09 14:47 . 2008-08-09 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint

2008-08-09 14:47 . 2008-08-09 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks

2008-08-09 14:46 . 2008-08-09 14:46 <DIR> d-------- C:\Program Files\Real

2008-08-09 14:46 . 2008-08-09 14:46 <DIR> d-------- C:\Program Files\CyberLink

2008-08-09 14:46 . 2008-08-09 14:46 <DIR> d-------- C:\Program Files\Common Files\Real

2008-08-09 14:46 . 2008-08-09 14:46 <DIR> d-------- C:\Program Files\Common Files\Nullsoft

2008-08-09 14:46 . 2008-08-10 18:28 <DIR> d-------- C:\Program Files\Common Files\AOL

2008-08-09 14:46 . 2008-08-09 14:46 <DIR> d-------- C:\My Music

2008-08-09 14:46 . 2008-08-09 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink

2008-08-09 14:46 . 2008-08-10 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL

2008-08-09 14:45 . 2008-08-09 14:45 <DIR> d-------- C:\Program Files\Microsoft Picture It! 10

2008-08-09 14:45 . 2008-08-09 14:45 <DIR> d-------- C:\Program Files\Intel

2008-08-09 14:44 . 2008-08-09 14:51 <DIR> d--h----- C:\Program Files\InstallShield Installation Information

2008-08-09 14:43 . 2008-08-09 14:43 <DIR> d-------- C:\Program Files\Microsoft Works

2008-08-09 14:43 . 2008-08-10 22:26 <DIR> d-------- C:\Program Files\Java

2008-08-09 14:43 . 2008-08-09 14:43 <DIR> d-------- C:\Program Files\Digital Media Reader

2008-08-09 14:43 . 2008-08-09 14:43 <DIR> d-------- C:\Program Files\Common Files\Java

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-09 21:46 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

.

((((((((((((((((((((((((((((( snapshot@2008-08-16_17.50.24.68 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-17 20:46:07 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat

+ 2008-08-17 20:46:07 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat

+ 2008-08-17 20:46:07 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]

"SrvAplApi"="C:\WINDOWS\system32\gxoniban.exe" [2008-08-17 13:16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 11:04 59392]

"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 15:04 135168]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]

"Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [2003-11-10 18:23 369664]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-01 12:00 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-01 11:55 126976]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216]

"CHotkey"="zHotkey.exe" [2004-05-17 18:30 543232 C:\WINDOWS\zHotkey.exe]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 17:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

"SoundMan"="SOUNDMAN.EXE" [2004-10-21 15:20 77824 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED

BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2008-08-09 14:47:50 1742384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

--a------ 2002-09-13 13:42 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

--a------ 2004-10-21 18:44 2744832 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]

--a------ 2003-09-19 09:09 36864 C:\WINDOWS\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-08-14 07:10]

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

2008-08-09 C:\WINDOWS\Tasks\ISP signup reminder 2.job

- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-10 12:00]

2008-08-09 C:\WINDOWS\Tasks\ISP signup reminder 3.job

- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-10 12:00]

2008-08-17 C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-628528A354-Owner).job

- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe []

2008-08-17 C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-628528A354-Owner).job

- C:\PROGRA~1\mcafee.com\agent []

.

- - - - ORPHANS REMOVED - - - -

SSODL-DbHlp-{3DF48099-CE48-2FC3-6A96-0A0FDB31A337} - C:\Program Files\vykhpud\DbHlp.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-17 13:52:01

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-17 13:53:42

ComboFix-quarantined-files.txt 2008-08-17 20:53:39

ComboFix2.txt 2008-08-17 00:52:22

Pre-Run: 233,098,575,872 bytes free

Post-Run: 233,083,629,568 bytes free

265 --- E O F --- 2008-08-14 02:51:18

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:54:11 PM, on 8/17/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\zHotkey.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://latino.aol.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [srvAplApi] C:\WINDOWS\system32\gxoniban.exe

O4 - Global Startup: MRI_DISABLED

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--

End of file - 5521 bytes

August 17, 2008