Webuser Forums: trogen horse downloader .delf.12.an

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.228 [GMT 10:00]
Running from: C:\Documents and Settings\michael sylvester\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\michael sylvester\Start Menu\Programs\Adzgalore Games Collection
C:\Documents and Settings\michael sylvester\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk
C:\Documents and Settings\michael sylvester\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk
C:\Documents and Settings\michael sylvester\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk
C:\Documents and Settings\michael sylvester\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk
C:\Documents and Settings\michael sylvester\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk
.
---- Previous Run -------
.
C:\Program Files\Adzgalore Games Collection
C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adzgalore Games Collection\BobAndBill.exe
C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe
C:\Program Files\Adzgalore Games Collection\Lines.exe
C:\Program Files\Adzgalore Games Collection\uninstall.exe
C:\Program Files\Adzgalore Games Collection\VideoPool.exe
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\mediapipe
C:\Program Files\mediapipe\Agent.dll
C:\Program Files\mediapipe\insdl.dll
C:\Program Files\mediapipe\install.log
C:\Program Files\mediapipe\MediaPipe.ini
C:\Program Files\mediapipe\p2pl.exe
C:\Program Files\mediapipe\register.dll
C:\Program Files\MyWay
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\cpmsky-uninst.exe
C:\WINDOWS\system32\DcadsSocial-uninstall.exe
C:\WINDOWS\system32\gzmrot-uninst.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-27 18:46 . 2008-05-27 18:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-24 21:39 . 2008-05-30 20:20 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-22 15:09 . 2008-05-22 15:09 <DIR> d-------- C:\Documents and Settings\michael sylvester\Application Data\Malwarebytes
2008-05-22 14:59 . 2008-05-22 14:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 14:59 . 2008-05-22 14:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-22 14:59 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-22 14:59 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-22 14:52 . 2008-05-22 14:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-22 14:52 . 2008-05-22 14:52 <DIR> d-------- C:\Documents and Settings\michael sylvester\Application Data\SUPERAntiSpyware.com
2008-05-22 14:52 . 2008-05-22 14:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-05-22 11:17 . 2008-05-22 11:17 <DIR> d-------- C:\Program Files\Picasa2
2008-05-22 11:17 . 2006-10-05 12:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 11:17 . 2006-10-05 12:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 11:15 . 2008-05-22 11:15 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-05-22 11:13 . 2008-05-30 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-05-22 11:07 . 2008-05-31 13:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-05-20 20:51 . 2008-06-01 13:37 4,976,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-20 20:51 . 2008-05-31 22:05 58,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-20 20:35 . 2008-05-20 20:35 <DIR> d-------- C:\Documents and Settings\michael sylvester\Application Data\Uniblue
2008-05-20 20:34 . 2008-05-20 20:34 <DIR> d-------- C:\KAV
2008-05-20 19:20 . 2008-05-21 21:10 <DIR> d-------- C:\Documents and Settings\michael sylvester\Application Data\ErrorRepairTool
2008-05-18 17:44 . 2008-05-31 21:37 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-18 17:37 . 2008-06-01 13:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-18 17:37 . 2008-05-18 17:37 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-18 17:37 . 2008-05-18 17:37 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-18 17:36 . 2008-05-18 17:36 <DIR> d-------- C:\Program Files\AVG
2008-05-18 17:36 . 2008-05-18 17:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-17 11:35 . 2008-05-17 11:39 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-17 01:23 . 2008-05-17 01:23 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-07 17:56 . 2008-05-30 17:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-07 17:56 . 2008-05-07 17:56 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 08:03 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-30 10:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-05-22 11:24 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-05-22 07:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 06:47 --------- d-----w C:\Program Files\MSN Messenger
2008-05-22 05:07 --------- d-----w C:\Program Files\Morpheus
2008-05-22 05:07 --------- d-----w C:\Program Files\Google
2008-05-22 04:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 04:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 09:47 --------- d-----w C:\Program Files\BT Engine
2008-05-13 20:03 --------- d-----w C:\Documents and Settings\michael sylvester\Application Data\AdobeUM
2008-05-05 02:51 --------- d-----w C:\Program Files\Mystery Case Files - Madame Fate
2008-04-28 03:27 --------- d-----w C:\Documents and Settings\michael sylvester\Application Data\ROUTE 66 Sync
2008-04-27 03:47 --------- d-----w C:\Program Files\LimeWire
2008-04-13 06:58 --------- d-----w C:\Program Files\Picture Organiser
2008-04-12 02:36 --------- d-----w C:\Program Files\AxBx
2008-04-08 09:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-04-05 02:01 88,953 ----a-w C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-04 08:28 --------- d-----w C:\Program Files\Escape the Museum
2008-04-04 08:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\EscapeTheMuseum
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 06:49 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-13 21:18 54,888 ----a-w C:\Documents and Settings\michael sylvester\Application Data\GDIPFONTCACHEV1.DAT
2008-03-04 21:10 98,048 ----a-w C:\WINDOWS\system32\clusap.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-08-14 10:07 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-03-07 06:08 382 ----a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb1942.dat
2007-01-22 20:44 49 ----a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb41.dat
2006-12-02 09:34 179,200 ----a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb4827.dat
2006-12-02 09:34 151 ----a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb1664.dat
2006-12-02 09:34 13,046 ----a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb5436.dat
2006-12-02 09:34 0 -c--a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb4604.dat
2006-11-18 08:43 0 -c--a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb2391.dat
2006-11-17 05:37 0 -c--a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb153.dat
2006-11-13 06:34 0 -c--a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb8253.dat
2006-11-13 06:34 0 -c--a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb3902.dat
2006-10-05 04:45 9,216 ----a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb8467.dat
2006-10-05 04:45 0 -c--a-w C:\Documents and Settings\michael sylvester\Application Data\internaldb6334.dat
2004-10-11 09:46 205,312 ----a-w C:\Program Files\ltefx13n.dll
2004-03-11 02:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-01-19 04:31 153,600 ----a-w C:\Program Files\ltfil13n.DLL
2004-01-19 03:31 27,648 ----a-w C:\Program Files\lfiff13n.dll
2004-01-19 03:31 20,480 ----a-w C:\Program Files\lfCUT13n.dll
2004-01-19 02:31 453,120 ----a-w C:\Program Files\ltkrn13n.dll
2004-01-19 02:12 89,600 ----a-w C:\Program Files\Lfcgm13n.dll
2004-01-19 01:49 278,016 ----a-w C:\Program Files\LFJ2K13n.dll
2004-01-19 01:49 180,736 ----a-w C:\Program Files\Lfpng13n.dll
2004-01-19 01:47 76,800 ----a-w C:\Program Files\Lfwmf13n.dll
2004-01-19 01:47 509,440 ----a-w C:\Program Files\LFCMW13n.dll
2004-01-19 01:45 420,352 ----a-w C:\Program Files\LFCMP13n.DLL
2004-01-19 01:44 143,872 ----a-w C:\Program Files\lftif13n.dll
2004-01-19 01:36 65,536 ----a-w C:\Program Files\Lfpct13n.dll
2004-01-19 01:36 56,832 ----a-w C:\Program Files\lfpsd13n.dll
2004-01-19 01:36 26,624 ----a-w C:\Program Files\lfpcx13n.dll
2004-01-19 01:36 19,968 ----a-w C:\Program Files\lfpcd13n.dll
2004-01-19 01:36 18,944 ----a-w C:\Program Files\lfmsp13n.dll
2004-01-19 01:35 20,992 ----a-w C:\Program Files\lfimg13n.dll
2004-01-19 01:35 18,944 ----a-w C:\Program Files\lfmac13n.dll
2004-01-19 01:34 31,744 ----a-w C:\Program Files\lfclp13n.dll
2004-01-19 01:34 30,208 ----a-w C:\Program Files\lfbmp13n.dll
2004-01-19 01:33 444,928 ----a-w C:\Program Files\ltimg13n.dll
2004-01-19 01:32 265,216 ----a-w C:\Program Files\LTDIS13n.dll
2000-05-01 18:17 212,480 ----a-w C:\Program Files\PCDLIB32.DLL
1999-11-18 13:00 284,032 ----a-w C:\Program Files\XceedZip.dll
2003-01-13 01:20 278,528 ------w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 06:00 98,304 ------w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2007-03-09 09:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6681C392-B2BE-49BA-985A-BAC82300F294}]
2008-03-05 07:10 98048 --a------ C:\WINDOWS\system32\clusap.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 19:51 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 13:54 503808]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 21:54 188416]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-18 17:36 1177368]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 18:48 53760 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax
"VIDC.AP41"= APmpg4v1.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.lameacm"= LameACM.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.JDCT"= jl_jdct.drv

[HKLM\~\startupfolder\C:^Documents and Settings^michael sylvester^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"MSI Configuration"=msiconf.exe
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpeedOptimizer"=C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"Desktop Service Centre"=C:\Program Files\OptusNet DSL Internet\DSC.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"hid_start"=C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"spa_start"=C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AVP"="C:\Documents and Settings\All Users.WINDOWS\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_20-36[1].exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\OptusNet DSL Internet\\DSC.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\ICLASS\\ICscores.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\KAV\\Kaspersky Anti-Virus 7.0.1.325\\english\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:P2P

R0 iyxihhfl;iyxihhfl;C:\WINDOWS\system32\drivers\mlmumkrq.dat []
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-18 17:37]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-18 17:36]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 22:00]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 06:00]
S3 glauiad;D-Link DSL-302G Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2003-03-07 14:07]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-22 16:52]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-04-10 11:36]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-05-13 13:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 11:16:23 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-30 07:52:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 03:28:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-22 00:07:17 C:\WINDOWS\Tasks\ErrorRepairTool Scheduled Scan.job"
- C:\Program Files\ErrorRepairTool\ErrorRepairTool.ex
- C:\Program Files\ErrorRepairTool
"2008-05-30 09:34:06 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-01 03:17:09 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-05-31 10:34:32 C:\WINDOWS\Tasks\User_Feed_Synchronization-{BE4D5117-025F-4EB6-A45E-7FF97BC5EFDA}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 13:36:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\"C:\Documents and Settings\All Users.WINDOWS\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_20-36
[1].exe\" -r"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iyxihhfl]
"ImagePath"="system32\drivers\mlmumkrq.dat"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\setup_7.0.0.180_18.05.2008_20-36[1]]
"ImagePath"="\"C:\Documents and Settings\All Users.WINDOWS\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_20-36
.
Completion time: 2008-06-01 13:39:13
ComboFix-quarantined-files.txt 2008-06-01 03:39:02

Pre-Run: 64,946,737,152 bytes free
Post-Run: 64,958,074,880 bytes free

277

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\All Users.WINDOWS\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_20-36[1].exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6681C392-B2BE-49BA-985A-BAC82300F294} - C:\WINDOWS\system32\clusap.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144283160906
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: setup_7.0.0.180_18.05.2008_20-36[1] - Kaspersky Lab - C:\Documents and Settings\All Users.WINDOWS\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_20-36[1].exe

--
End of f

Post Extras