Please Help! My Computer is Running Multiple Viruses/malware.

**Mybabbits** · #41 9th Jul 2009, 21:43

ComboFix 09-07-09.06 - Owner 07/09/2009 22:46.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.510.247 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
FW: F-Secure Anti-Virus 2006 6.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

FILE ::
"C:\ciuge.exe"
"C:\gjpipkpu.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ciuge.exe
C:\gjpipkpu.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-09 17:19 . 2002-06-19 23:03 151552 ----a-w- c:\windows\system32\igfxres.dll
2009-07-09 17:14 . 2002-06-21 15:45 26169 ----a-w- c:\windows\system32\drivers\a303.sys
2009-07-09 17:14 . 2002-06-21 15:44 10297 ----a-w- c:\windows\system32\drivers\a302.sys
2009-07-09 16:58 . 2009-07-09 16:58 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-07-09 13:59 . 2009-07-09 14:04 -------- d-----w- c:\documents and settings\Owner\DoctorWeb
2009-07-08 05:03 . 2003-08-25 22:06 182880 -c--a-w- c:\windows\system32\dllcache\iuengine.dll
2009-07-08 05:03 . 2003-08-25 22:06 182880 ----a-w- c:\windows\system32\iuengine.dll
2009-07-08 05:02 . 2009-07-08 05:02 43520 ---h--w- c:\windows\system32\secupdat.dat
2009-07-08 01:14 . 2001-08-18 02:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2009-07-08 01:13 . 2003-07-16 20:33 6656 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2009-07-08 01:12 . 2003-07-16 20:22 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2009-07-08 01:11 . 2001-08-18 02:36 312832 -c--a-w- c:\windows\system32\dllcache\EXCH_aqueue.dll
2009-07-08 01:04 . 2009-07-08 01:04 -------- d-----w- c:\documents and settings\Default User\Application Data\DivX
2009-07-08 01:02 . 2003-07-16 20:46 106562 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2009-07-08 01:02 . 2003-07-16 20:35 3346432 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2009-07-08 01:02 . 2003-07-16 20:36 28160 -c--a-w- c:\windows\system32\dllcache\msobshel.dll
2009-07-08 01:02 . 2003-07-16 20:36 16896 -c--a-w- c:\windows\system32\dllcache\msobweb.dll
2009-07-08 01:02 . 2003-07-16 20:36 14336 -c--a-w- c:\windows\system32\dllcache\msobdl.dll
2009-07-08 00:58 . 2003-07-16 20:52 117248 -c--a-w- c:\windows\system32\dllcache\wmiapsrv.exe
2009-07-08 00:55 . 2002-08-29 05:32 5888 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-07-08 00:55 . 2001-08-17 17:59 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-07-08 00:48 . 2002-08-29 05:27 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-07-08 00:46 . 2001-08-18 02:36 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-07-08 00:44 . 2002-08-29 07:46 38024 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-07-08 00:41 . 2003-07-16 20:43 696320 -c--a-w- c:\windows\system32\dllcache\sapi.dll
2009-07-08 00:41 . 2003-07-16 20:51 132096 ----a-w- c:\windows\system\WINSPOOL.DRV
2009-07-08 00:41 . 2003-07-16 20:46 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-08 00:41 . 2003-07-16 20:46 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-08 00:41 . 2003-07-16 20:30 10496 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2009-07-08 00:41 . 2003-07-16 20:30 10496 ----a-w- c:\windows\system32\drivers\irenum.sys
2009-07-08 00:41 . 2003-07-16 20:30 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-08 00:41 . 2003-07-16 20:30 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-08 00:41 . 2002-08-29 07:41 71168 ----a-w- c:\windows\system32\storprop.dll
2009-07-07 18:24 . 2009-07-07 18:24 117760 ----a-w- c:\documents and settings\Guest\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-07-07 18:23 . 2009-07-07 18:23 -------- d-----w- c:\documents and settings\Guest\Application Data\SUPERAntiSpyware.com
2009-07-07 17:54 . 2009-07-09 14:01 -------- d-----w- c:\program files\sfx
2009-06-28 04:57 . 2009-07-02 03:06 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-28 04:56 . 2009-06-28 04:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-26 07:05 . 2009-06-26 07:06 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2009-06-26 07:02 . 2009-06-26 07:02 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2009-06-24 06:26 . 2006-10-12 16:29 83504 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\TEMP\ProgUpd.dll
2009-06-24 03:42 . 2009-06-24 03:42 -------- d-----w- c:\program files\Electronic Arts
2009-06-24 03:37 . 2009-06-24 03:37 -------- d-----w- c:\program files\Common Files\Java
2009-06-23 13:44 . 2009-05-19 05:35 1025328 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\gui.dll
2009-06-23 13:44 . 2009-05-19 05:36 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-06-23 13:44 . 2007-08-17 13:34 107872 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\aolsetup.exe
2009-06-23 13:44 . 2009-05-19 05:36 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-06-23 13:44 . 2009-05-19 05:35 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLFirewallMgr. dll
2009-06-23 13:44 . 2009-05-19 05:35 120368 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\aoldlmgr.exe
2009-06-23 13:44 . 2009-05-19 05:35 69104 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amos.exe
2009-06-23 13:44 . 2009-05-19 05:35 37888 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amoinst.exe
2009-06-23 13:44 . 2009-05-19 05:36 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-06-23 13:44 . 2009-05-19 05:35 550024 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMLang.exe
2009-06-23 13:44 . 2009-05-19 05:35 2402104 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMinst.exe
2009-06-22 06:15 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-22 06:12 . 2009-06-22 06:12 -------- d-----w- c:\program files\Panda Security
2009-06-18 18:04 . 2009-06-18 18:04 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-18 15:58 . 2009-07-08 15:50 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-18 15:57 . 2009-06-18 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-18 15:54 . 2009-06-18 15:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-18 15:54 . 2009-06-18 15:54 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-18 15:53 . 2009-06-18 15:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-18 15:42 . 2009-06-18 15:42 -------- d-----w- c:\program files\CCleaner
2009-06-18 04:28 . 2009-06-18 04:28 -------- d-----w- c:\program files\Trend Micro
2009-06-13 06:00 . 2009-06-13 06:00 444 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-13 05:01 . 2009-06-13 05:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-13 04:44 . 2009-06-18 04:53 -------- d-----w- c:\program files\Startup Optimizer
2009-06-12 23:31 . 2009-06-12 23:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-12 22:21 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 22:21 . 2009-06-12 22:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-12 22:21 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 19:18 . 2009-06-12 23:26 45 ----a-w- c:\windows\system32\ca.dat
2009-06-12 18:56 . 2008-03-04 19:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2009-06-12 18:56 . 2008-02-07 16:03 179640 ----a-w- c:\windows\system32\drivers\PavProc.sys
2009-06-12 18:21 . 2009-06-12 18:56 -------- d-----w- c:\program files\Common Files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-08 10:42 . 2009-07-07 18:06 4 ---h--w- c:\windows\Fonts\mlog
2009-07-08 05:11 . 2006-05-03 02:44 14720 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 01:00 . 2006-05-02 03:16 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-30 22:24 . 2009-03-29 21:27 -------- d-----w- c:\documents and settings\Owner\Application Data\n-Track Studio6
2009-06-26 02:16 . 2009-01-12 01:18 -------- d-----w- c:\program files\Java
2009-06-24 03:20 . 2009-01-05 00:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-13 04:50 . 2009-01-05 04:50 -------- d-----w- c:\program files\Web Publish
2009-06-13 04:49 . 2008-08-20 22:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-12 22:57 . 2009-04-16 15:22 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-06-12 18:22 . 2006-05-02 03:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 16:10 . 2009-04-19 18:00 -------- d-----w- c:\program files\Google
2009-05-19 05:36 . 2009-06-23 13:45 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-23 13:45 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-23 13:45 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-23 13:45 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-23 13:45 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:35 . 2009-06-23 13:45 11568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\tbinst.dll
2009-05-19 05:35 . 2009-06-23 13:45 376568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unagi3.exe
2009-05-19 05:35 . 2009-06-23 13:45 383128 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\tbsetup.exe
2009-05-19 05:35 . 2009-06-23 13:45 4480040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ocpinst.exe
2009-05-19 05:35 . 2009-06-23 13:45 15144 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ocpchk.dll
2009-05-19 05:35 . 2009-06-23 13:45 74536 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\instSup.dll
2009-05-19 05:35 . 2009-06-23 13:45 1225352 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\msvc9rt.exe
2009-05-19 05:35 . 2009-06-23 13:45 231216 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\migrator.exe
2009-05-19 05:35 . 2009-06-23 13:45 10544 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\imappver.dll
2009-05-19 05:35 . 2009-06-23 13:45 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\postproc.exe
2009-05-19 05:35 . 2009-06-23 13:45 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\setup.exe
2009-05-19 05:35 . 2009-06-23 13:45 83752 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ProgUpd.dll
2009-05-15 13:30 . 2006-07-15 14:36 -------- d-----w- c:\program files\QuickTime
2009-05-15 13:30 . 2006-07-15 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-15 13:29 . 2009-05-15 13:29 -------- d-----w- c:\program files\Apple Software Update
2009-05-15 13:29 . 2009-05-15 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-12 19:53 . 2009-05-12 19:53 16141 ----a-w- c:\documents and settings\Owner\Application Data\Help\lego.exe
2009-05-12 19:53 . 2009-05-12 19:53 11410 ----a-w- c:\documents and settings\Owner\Application Data\Identities\msgdi.dll
2009-05-12 19:53 . 2009-05-12 19:53 10121 ----a-w- c:\documents and settings\Owner\Application Data\Lavasoft\kern.dll
2009-05-12 19:53 . 2009-05-12 19:53 422 ----a-w- c:\documents and settings\Owner\Application Data\Apple Computer\socks1.exe
2009-05-12 19:53 . 2009-05-12 19:53 145131 ----a-w- c:\documents and settings\Owner\Application Data\DivX\nomad.exe
2009-05-12 19:53 . 2009-05-12 19:53 13221 ----a-w- c:\documents and settings\Owner\Application Data\Adobe\rengo.dll
2009-05-12 19:53 . 2009-05-12 19:53 11232 ----a-w- c:\documents and settings\Owner\Application Data\acccore\shalom.exe
2009-05-11 14:21 . 2009-05-11 14:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-11 14:20 . 2009-05-11 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-15 20:25 . 2009-04-19 18:01 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-04-15 20:25 . 2009-04-19 18:01 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-04-19 18:01 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-04-19 18:01 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-04-19 18:01 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2009-04-19 18:01 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-02-26 16:20 . 2009-02-26 16:20 6309376 ----a-w- c:\program files\ntrack.exe
2009-02-26 16:05 . 2009-02-26 16:05 126976 ----a-w- c:\program files\AMGateway.ax
2009-02-26 16:05 . 2009-02-26 16:05 63168 ----a-w- c:\program files\RegisterComponents.exe
2009-02-26 16:05 . 2009-02-26 16:05 163520 ----a-w- c:\program files\ReportDump.exe
2009-02-26 16:04 . 2009-02-26 16:04 86016 ----a-w- c:\program files\vstscan.exe
2009-02-26 16:04 . 2009-02-26 16:04 45056 ----a-w- c:\program files\ball.ax
2009-02-26 16:01 . 2009-02-26 16:01 78848 ----a-w- c:\program files\EmptyProjectAction.dll
2009-02-26 16:01 . 2009-02-26 16:01 147456 ----a-w- c:\program files\nTrackDotControls.dll
2009-02-26 16:00 . 2009-02-26 16:00 637440 ----a-w- c:\program files\NativeControls6.dll
2009-02-26 15:59 . 2009-02-26 15:59 99328 ----a-w- c:\program files\SurroundVSTGui.dll
2009-02-26 15:59 . 2009-02-26 15:59 45056 ----a-w- c:\program files\yeti.mmedia.dll
2009-02-26 15:59 . 2009-02-26 15:59 40960 ----a-w- c:\program files\cdcopier.dll
2009-02-26 15:59 . 2009-02-26 15:59 28672 ----a-w- c:\program files\Ripper.dll
2009-02-26 15:59 . 2009-02-26 15:59 8704 ----a-w- c:\program files\ntrack3rdparty.dll
2009-02-26 15:59 . 2009-02-26 15:59 5120 ----a-w- c:\program files\WindowsFormsBase.dll
2009-02-26 15:59 . 2009-02-26 15:59 36864 ----a-w- c:\program files\nttest.dll
2009-02-26 15:59 . 2009-02-26 15:59 32768 ----a-w- c:\program files\nTrackDotNet.dll
2009-02-26 15:59 . 2009-02-26 15:59 24576 ----a-w- c:\program files\AVFader.dll
2009-02-26 15:59 . 2009-02-26 15:59 6656 ----a-w- c:\program files\nativecontrolsinterop.dll
2009-02-07 22:10 . 2009-02-07 22:10 528726 ----a-w- c:\program files\n-Track.htm
2009-02-06 00:15 . 2009-02-06 00:15 225792 ----a-w- c:\program files\AutoVol.dll
2009-02-06 00:14 . 2009-02-06 00:14 228352 ----a-w- c:\program files\Chorus.dll
2009-02-06 00:14 . 2009-02-06 00:14 228864 ----a-w- c:\program files\Echo.dll
2009-02-06 00:12 . 2009-02-06 00:12 369152 ----a-w- c:\program files\ntrck_PitchShift.dll
2009-02-06 00:11 . 2009-02-06 00:11 176128 ----a-w- c:\program files\Riverbero.dll
2009-02-06 00:09 . 2009-02-06 00:09 434688 ----a-w- c:\program files\facomp10.dll
2009-02-06 00:08 . 2009-02-06 00:08 379904 ----a-w- c:\program files\dxirewire.dll
2009-02-06 00:06 . 2009-02-06 00:06 951808 ----a-w- c:\program files\fa4bdeq.dll
2009-01-13 14:16 . 2009-01-13 14:16 3455 ----a-w- c:\program files\order.html
2008-11-28 00:23 . 2008-11-28 00:23 642840 ----a-w- c:\program files\n-track.cfg
2008-10-25 23:46 . 2008-10-25 23:46 4920 ----a-w- c:\program files\order_upgrade.html
2008-09-02 23:06 . 2008-09-02 23:06 231936 ----a-w- c:\program files\ShellCtl.dll
2008-08-31 13:20 . 2008-08-31 13:20 105056 ----a-w- c:\program files\Setup.bmp
2008-06-20 18:37 . 2008-06-20 18:37 24576 ----a-w- c:\program files\ScrollerAbout.dll
2008-06-20 18:18 . 2008-06-20 18:18 831058 ----a-w- c:\program files\banks_default.txt
2008-06-20 18:18 . 2008-06-20 18:18 709 ----a-w- c:\program files\ntrack.exe.config
2008-06-20 18:18 . 2008-06-20 18:18 22124 ----a-w- c:\program files\us428_faders.dat
2008-06-20 18:18 . 2008-06-20 18:18 22124 ----a-w- c:\program files\us224_faders.dat
2008-06-20 18:17 . 2008-06-20 18:17 4035 ----a-w- c:\program files\n-track_help.cnt
2008-06-20 18:17 . 2008-06-20 18:17 169585 ----a-w- c:\program files\Drum Example.sng
2008-06-20 18:17 . 2008-06-20 18:17 15457 ----a-w- c:\program files\FACOMP10.HLP
2008-06-20 18:17 . 2008-06-20 18:17 25698 ----a-w- c:\program files\FA4BDEQ.HLP
2008-06-20 18:16 . 2008-06-20 18:16 19339 ----a-w- c:\program files\N-TRACK_EFX.HLP
2004-06-11 20:19 . 2004-06-11 20:19 25214 ----a-w- c:\program files\help_icon.ico
2004-06-07 13:23 . 2004-06-07 13:23 25214 ----a-w- c:\program files\link_icon.ico
2000-11-12 03:30 . 2000-11-12 03:30 86 ----a-w- c:\program files\BUYIT!.URL
2000-11-12 03:28 . 2000-11-12 03:28 73 ----a-w- c:\program files\n-Track.url
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

.
((((((((((((((((((((((((((((( SnapShot_2009-07-09_20.14.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-05-03 02:17 . 2009-07-10 02:45 262144 c:\windows\system32\config\systemprofile\ntuser.da t
- 2006-05-03 02:17 . 2009-07-09 20:03 262144 c:\windows\system32\config\systemprofile\ntuser.da t
+ 2009-02-06 16:35 . 2009-02-06 16:35 1486208 c:\windows\system32\LegitCheckControl.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-19 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-19 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.e xe" [2003-07-16 40960]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2003-07-16 51200]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\beep.sys]
@="beep"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"53:TCP"= 53:TCP:websrvx

R?2 sfx;sfx;c:\windows\system32\svchost.exe -k sfx [7/16/2003 4:47 PM 12800]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [6/22/2009 2:15 AM 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [6/12/2009 2:56 PM 41144]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [6/12/2009 2:56 PM 179640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/5/2009 6:56 PM 24652]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\windows\system32\drivers\Vch.sys [7/9/2009 1:15 PM 20023]
S2 gupdate1c9c119864b630;Google Update Service (gupdate1c9c119864b630);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2009 2:02 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
sfx REG_MULTI_SZ sfx
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 18:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Search
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a8c9lkqd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 22:52
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E85C18E 7-C293-4424-9DD0-B31D8DB27013}\InProcServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\iehelper.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\System32\hccutils.DLL

- - - - - - - > 'lsass.exe'(664)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\dssenh.dll
.
Completion time: 2009-07-10 22:56
ComboFix-quarantined-files.txt 2009-07-10 02:56
ComboFix2.txt 2009-07-09 20:19
ComboFix3.txt 2009-07-08 21:47
ComboFix4.txt 2009-07-05 11:25
ComboFix5.txt 2009-07-10 02:44

Pre-Run: 5,159,026,688 bytes free
Post-Run: 5,147,299,840 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=1 Sets=1,2,3,4
326

http://www.2shared.com/file/6631345/773d7b67/KAS.html

**sjb007** · #42 9th Jul 2009, 23:35

Hi there

Things are looking much better again. What Kaspersky found is all in quarantine. How are things running in general now.

**Mybabbits** · #43 10th Jul 2009, 04:20

Everything seems to be working fine, Thank You!

Now it's just a matter of getting windows activated so I can upgrade everything (which I'm hoping doesn't turn into a problem in itself).

**sjb007** · #44 10th Jul 2009, 06:11

Glad to hear things are normal again...

Now that you appear to be free from malware lets help you stay that way!

>> IMPORTANT <<

The following will uninstall combofix and implement some cleanup procedures as well as reset System Restore points:

Windows XP Users: Click Start > Select Run and copy/paste the following bolded text below into the Run box and click OK:

Windows Vista Users: Press the Windows key and r to brin up the run dialogue, copy and paste the text below into the run box and click OK:

ComboFix /u

Update windows on a regular basis - If you do not have automatic updates enabled then visit Microsoft's Update Page and update your computer from there.

Update your virus checker on a regular basis - It is no use having a virus checker with out of date definitions.
Keep an eye on your firewall. check what it wants to allow, do not simply allow everything, If there is any processes that you are unsure of then dont be afraid to ask for advice. For more information on firewalls read this article here

Safer Browsing
Use software such as Web of Trust to help you stay away from unsuspecting sites that have malicious purposes.
Use Spywareblaster to help prevent the installation of unwanted BHO's (Browser Helper Objects)

Use an alternative browser
Other browsers tend to be more secure than IE as they do not make use of active x objects, active x objects can be used by spyware as an infection point on your computer. Safer non active x browsers include Opera browser and, more recently, Firefox browser.

NB: Please note that although your browser may be more secure without active x it will not throw a ring of steel around your computer. If you purposly visit sites that are dubious in nature then infection will prevail.

Computer Maintenance
Malware can breed in temporary locations. Use a program such as ccleaner slim to clear out temporary files your computer on a regular basis.

Scan your computer regularly for malware
Scan on a regular basis to keep your computer clean, free software such as Spybot's Search & Destroy can help you stay clear. Other alternative software that runs under licience and monitors your computer continuously in the background for malware is Malwarebytes Anti-Malware (MBAM) and SUPERAntiSpyware- Please note that these products can also be run as free without a licience as a scan on demand scanner.

Secure your router
Change your routers default username and password, do not leave it at factory preset, doing so makes it easy for unauthorised access.

Encrypt your network. Set your wireless network encryption to a minimum level of WPA-PSK [TKIP]. This will help prevent any unauthorised users "piggybacking" onto your network and stealing your bandwidth which you have rightly paid for.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preveting malware, and how to stay safe whilst browsing the internet.

-> So How Did I Get Infected In First Place - By TonyKlein
-> How to prevent Malware - By miekiemoes
-> I'm not pulling your leg, honest - By Sandi Hardmeie

**Kindly respond one more time and let me know if we may consider this thread resolved.

**Mybabbits** · #45 12th Jul 2009, 21:21

I just wanted to thank you for all of your help. I finally got a chance to read through all of the little extras, and they have helped a lot. I'm still running frequent scans just to make sure, but so far everything looks good :)

Thanks again for all of your help! You're awesome!

**sjb007** · #46 13th Jul 2009, 09:54

Not a problem, only too glad to lend a hand

Good luck and happy safe surfing!