Webuser Forums: possible malware and SpyShredder infection

OK - I hope I have done this correctly - the ComboFix log is below - HJT will follow in a couple of minutes

ComboFix 08-03-18.1 - Spencer 2008-03-20 20:01:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.222 [GMT 0:00]
Running from: C:\Documents and Settings\Spencer\Local Settings\Temporary Internet Files\Content.IE5\8IU5P9MV\ComboFix[1].exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-20 18:43 . 2008-03-20 18:43 3,740 --a------ C:\windows\system32\tmp.reg
2008-03-20 18:41 . 2007-09-05 23:22 289,144 --a------ C:\windows\system32\VCCLSID.exe
2008-03-20 18:41 . 2006-04-27 16:49 288,417 --a------ C:\windows\system32\SrchSTS.exe
2008-03-20 18:41 . 2008-03-14 09:09 86,528 --a------ C:\windows\system32\VACFix.exe
2008-03-20 18:41 . 2008-03-15 17:16 82,432 --a------ C:\windows\system32\IEDFix.exe
2008-03-20 18:41 . 2003-06-05 20:13 53,248 --a------ C:\windows\system32\Process.exe
2008-03-20 18:41 . 2004-07-31 17:50 51,200 --a------ C:\windows\system32\dumphive.exe
2008-03-20 18:41 . 2007-10-03 23:36 25,600 --a------ C:\windows\system32\WS2Fix.exe
2008-03-19 17:55 . 2008-03-19 17:57 <DIR> d-------- C:\Documents and Settings\GOD\Application Data\Yahoo!
2008-03-19 17:54 . 2008-03-19 17:54 <DIR> d-------- C:\Documents and Settings\GOD\Contacts
2008-03-19 14:32 . 2008-03-19 14:37 115,000 --a------ C:\windows\system32\drivers\SYMEVENT.SYS
2008-03-19 14:32 . 2008-03-19 14:37 48,776 --a------ C:\windows\system32\S32EVNT1.DLL
2008-03-19 14:32 . 2008-03-19 14:37 8,014 --a------ C:\windows\system32\drivers\SYMEVENT.CAT
2008-03-19 14:32 . 2008-03-19 14:37 806 --a------ C:\windows\system32\drivers\SYMEVENT.INF
2008-03-19 10:02 . 2008-03-19 13:37 <DIR> d-------- C:\Program Files\SpyShredder
2008-03-18 23:46 . 2008-03-18 23:46 <DIR> d-------- C:\Program Files\Adzgalore Games Collection
2008-03-18 23:46 . 2007-09-12 18:27 88,064 --a------ C:\windows\system32\capico.dll
2008-03-18 23:46 . 2008-03-18 23:46 84,761 --a------ C:\windows\system32\mysidesearch_sidebar_uninstall.exe
2008-03-18 23:46 . 2008-03-18 23:46 80,121 --a------ C:\windows\system32\adzgalore-remove.exe
2008-03-18 23:46 . 2008-03-18 23:46 40,713 --a------ C:\windows\system32\cpmsky-uninst.exe
2008-03-18 12:19 . 2008-03-18 12:19 153,600 --a------ C:\windows\system32\mysidesearch_sidebar.dll
2008-03-15 00:19 . 2008-03-19 11:15 <DIR> d-------- C:\Documents and Settings\Spencer\Application Data\LimeWire
2008-03-07 13:58 . 2008-03-07 13:58 60,416 --a------ C:\windows\system32\cpmsky.dll
2008-03-02 23:49 . 2008-03-18 22:34 <DIR> d-------- C:\Documents and Settings\Spencer\Application Data\Apple Computer
2008-03-02 23:49 . 2008-03-20 19:56 54,156 --ah----- C:\windows\QTFont.qfn
2008-03-02 23:49 . 2008-03-02 23:49 1,409 --a------ C:\windows\QTFont.for
2008-03-02 23:48 . 2008-03-02 23:48 <DIR> d-------- C:\Program Files\iPod
2008-03-02 23:47 . 2008-03-02 23:48 <DIR> d-------- C:\Program Files\iTunes
2008-03-02 23:47 . 2008-03-02 23:47 <DIR> d-------- C:\Program Files\Bonjour
2008-03-02 23:45 . 2008-03-02 23:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-03-02 23:39 . 2008-03-02 23:39 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-02 23:38 . 2008-03-02 23:38 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-02 23:38 . 2008-03-02 23:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-03-01 16:51 . 2008-03-01 16:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-01 11:05 . 2008-03-01 11:05 <DIR> d-------- C:\MWASPI
2008-03-01 11:05 . 1997-06-11 19:01 30,208 --------- C:\windows\system32\WNASPI32.DLL
2008-03-01 11:05 . 2000-03-29 17:11 8,096 --------- C:\windows\system32\drivers\MASPINT.SYS
2008-03-01 11:05 . 1999-10-22 17:58 4,030 --------- C:\windows\system\WINASPI.DLL
2008-03-01 11:05 . 1997-02-28 03:00 2,486 --------- C:\windows\system\AS16POST.BIN
2008-03-01 11:05 . 2008-03-01 11:05 291 --a------ C:\windows\msfsetup.ini
2008-03-01 10:56 . 2008-03-01 10:56 <DIR> d-------- C:\Program Files\PIXELA
2008-03-01 10:53 . 2003-09-03 07:45 274,432 --a------ C:\windows\system32\FFTIFF16.dll
2008-03-01 10:53 . 2003-09-06 07:57 159,744 --a------ C:\windows\system32\FFRAFLIB.DLL
2008-03-01 10:53 . 2001-11-25 11:11 81,924 --------- C:\windows\system32\drivers\VC4CB104.SYS
2008-03-01 10:52 . 2002-02-05 16:33 69,632 --------- C:\windows\system32\FREGSHEX.DLL
2008-03-01 10:52 . 2002-02-27 11:27 65,536 --------- C:\windows\system32\FINFCHECK.dll
2008-03-01 10:52 . 2002-06-25 10:06 45,056 --------- C:\windows\system32\FINFCOPY.dll
2008-03-01 10:52 . 2002-02-13 10:00 45,056 --------- C:\windows\system32\FCLKBTN.DLL
2008-02-27 22:16 . 2008-02-27 22:16 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-26 13:29 . 2008-02-26 13:29 <DIR> d-------- C:\Documents and Settings\Gina.HOME-C65E1D5633\Contacts
2008-02-23 03:53 . 2008-02-23 03:53 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-02-23 03:53 . 2008-02-23 03:53 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-02-23 03:53 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 15:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-03-19 18:05 --------- d-----w C:\Program Files\Java
2008-03-19 14:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-19 14:38 --------- d-----w C:\Program Files\Symantec
2008-03-19 14:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-03-19 14:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\yahoo!
2008-03-19 11:29 --------- d-----w C:\Program Files\LimeWire
2008-03-11 10:23 --------- d-----w C:\Documents and Settings\Gina.HOME-C65E1D5633\Application Data\Yahoo!
2008-03-02 23:46 --------- d-----w C:\Program Files\QuickTime
2008-03-01 10:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 10:53 --------- d-----w C:\Program Files\FinePixViewer
2008-03-01 10:52 --------- d-----w C:\Program Files\REGSHAVE
2008-02-27 22:16 348,160 ------w C:\WINDOWS\system32\msvcr71.dll
2008-02-27 22:16 --------- d-----w C:\Program Files\Real
2008-02-27 22:16 --------- d-----w C:\Program Files\Common Files\Real
2008-02-27 16:11 --------- d-----w C:\Program Files\Windows Live
2008-02-26 16:55 --------- d-----w C:\Program Files\MSN Messenger
2008-02-26 16:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-02-26 16:29 --------- d-----w C:\Documents and Settings\Spencer\Application Data\Yahoo!
2008-02-19 03:11 --------- d-----w C:\Documents and Settings\Spencer\Application Data\Leadertech
2008-02-09 18:30 --------- d-----w C:\Documents and Settings\Spencer\Application Data\MSNInstaller
2008-02-06 10:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 21:57 --------- d-----w C:\Program Files\Windows Live Favorites
2008-02-05 21:56 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-01 11:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-28 00:55 --------- d-----w C:\Documents and Settings\Administrator.HOME-C65E1D5633\Application Data\InterVideo
2008-01-25 20:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-23 22:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-01-23 22:15 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-23 22:14 --------- d-----w C:\Program Files\MSBuild
2008-01-23 22:09 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-23 16:00 --------- d-----w C:\Documents and Settings\Administrator.HOME-C65E1D5633\Application Data\Yahoo!
2008-01-23 15:53 --------- d-----w C:\Documents and Settings\Administrator.HOME-C65E1D5633\Application Data\Motive
2008-01-23 15:51 --------- d-----w C:\Program Files\BT Broadband Desktop Help
2008-01-23 15:50 --------- d-----w C:\Program Files\Motive
2008-01-23 15:49 --------- d-----w C:\Program Files\Common Files\Motive
2008-01-22 14:52 --------- d-----w C:\Program Files\Google
2008-01-22 13:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-01-22 13:37 --------- d-----w C:\Program Files\BT Broadband Talk Softphone
2008-01-22 13:34 --------- d-----w C:\Program Files\btbb_wcm
2008-01-22 13:33 155,995 ----a-w C:\WINDOWS\Java\Packages\MYSMGT3B.ZIP
2008-01-22 13:21 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-22 13:11 --------- d-----w C:\Program Files\Snapshot Viewer
2008-01-22 13:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SBT
2008-01-22 13:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-22 13:03 --------- d-----w C:\Documents and Settings\Administrator.HOME-C65E1D5633\Application Data\Microsoft Web Folders
2008-01-22 10:53 --------- d-----w C:\Program Files\BrowsingAdvisor
2008-01-21 22:45 --------- d-----w C:\Program Files\Enigma Software Group
2008-01-21 21:50 --------- d-----w C:\Program Files\Dcads Games Collection
2008-01-21 15:07 --------- d-----w C:\Documents and Settings\Administrator.SPENCER-2A3E2D2\Application Data\LimeWire
2008-01-20 13:13 --------- d-----w C:\Program Files\Dell
2008-01-20 12:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-20 12:40 --------- d-----w C:\Program Files\SigmaTel
2007-08-22 07:15 5,108,880 ----a-w C:\Program Files\bb_help_installer.exe
2007-05-28 13:23 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-03-24 13:50 7,718,504 ----a-w C:\Program Files\winzip110.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17BEBAF2-267A-425B-AE21-A75109B4B148}]
2007-09-12 18:27 88064 --a------ C:\WINDOWS\system32\capico.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B0A4117-5002-4327-A362-0185DF8CCD3A}]
2007-09-12 18:27 88064 --a------ C:\WINDOWS\system32\capico.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F7702F-C45B-4B10-9925-6FC28702E68F}]
2007-09-12 18:27 88064 --a------ C:\WINDOWS\system32\capico.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCA95E31-1FBF-4F84-8F23-1BA653007A1E}]
2008-03-07 13:58 60416 --a------ C:\WINDOWS\system32\cpmsky.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C17E102B-BD29-4e92-B699-1A21D2CB8E6C}]
2008-03-18 12:19 153600 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:18 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MSI Configuration"="msiconf.exe" []
"SpyShredder"="C:\Program Files\SpyShredder\SpyShredder.exe" [2008-03-19 10:02 408576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [2005-03-01 15:44 733292]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-12-07 06:59 935936]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 13:48 509224]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 13:34 936960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-27 22:16 185896]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 07:11 771704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:18 15360]

C:\Documents and Settings\Administrator.SPENCER-2A3E2D2\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 21:32:57 147456]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2008-01-23 15:50:12 217088]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-29 15:58:05 124400]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 21:46:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-20 19:38:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 20:05:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-20 20:06:07
ComboFix-quarantined-files.txt 2008-03-20 20:05:51
ComboFix2.txt 2008-03-20 11:52:44
.
2008-03-12 12:36:07 --- E O F ---

Post Extras