Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
5 Pages V   1 2 3 > »   
 Reply to this topicStart new topic
tracking cookie
murimuri
post Jul 26 2008, 08:31 AM
Post #1


Member
**
Posts: 39
OS: windows xp
if you can help, it'll be good.
there's SOMETHING wrong, but i'm not sure what it is...

I have AVG, norton (freeware), and NOD32 antivirus programs..

---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:16 PM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\vsnpstd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\windows\system32\slserv.exe
C:\windows\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: pluspoint - {0FB9FC89-46E5-4961-9515-788A9EDCFDE9} - C:\Program Files\pluspoint2\pluspoint2.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: jBrowse Toolbar - {9E5BD40E-6287-11D6-9772-0002A5DD2483} - C:\PROGRA~1\jBrowse\JBO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: pluspoint - {0F04D8F1-A1B7-4BA9-B091-E87E0EDD4940} - C:\Program Files\pluspoint2\pluspoint2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [pluspoint2] "C:\Program Files\pluspoint2\pluspoint2.exe" /start
O4 - HKLM\..\Run: [snpstd] C:\windows\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Online chin internet bolt] C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\wma about.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Delete Once] C:\DOCUME~1\user\APPLIC~1\BOLTRE~1\Mode memo.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ?????? - {62E65991-BAFA-4AFB-9B40-06039E276D28} - C:\Program Files\pluspoint2\pluspoint2.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.com/technical/helptools...a/SpeedCtrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {760FF20F-B852-4ED7-AE91-F1DE355C080F} (pluspoint) - http://file.pluscoin.co.kr/cashback2/downl...spoint2inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\windows\SYSTEM32\slserv.exe

--
End of file - 10192 bytes
Go to the top of the page
 
+Quote Post
Cookiegal
post Jul 27 2008, 02:41 PM
Post #2


Malware Expert
Group Icon
Posts: 721
From: Quebec, Canada
OS: XP Pro
You have a LOP infection.

Download and unzip the following to a new folder:
http://metallica.geekstogo.com/findlop.zip

Inside the folder locate findlop.bat

Double click it and it will create the file C:\findlop.txt
Find that file and copy and paste the contents into your next post.


Also, copy the part in bold below into notepad and save it as direxie.bat
Set File type to "All files"


cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt


Start the file by double clicking direxie.bat
That will open a file called directory.txt. Post the content of that file.
Go to the top of the page
 
+Quote Post
murimuri
post Jul 29 2008, 05:29 AM
Post #3


Member
**
Posts: 39
OS: windows xp
from lop! :
--
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A51918E0918A8E7C.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\user\applic~1\boltre~1\ref owns cdrom.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/29/2008 19:00:00
NextRun: 07/29/2008 20:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/17/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 1200 series#1201271611
.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe'
Parameters: '-I "#Hewlett-Packard#hp psc 1200 series#1201271611"'
WorkingDirectory: ''
Comment: ''
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/28/2008 22:37:00
NextRun: 07/29/2008 22:37:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 04/26/2008
EndDate: 00/00/0000
StartTime: 22:37
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 1200 series#1201327381
.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe'
Parameters: '-I "#Hewlett-Packard#hp psc 1200 series#1201327381"'
WorkingDirectory: ''
Comment: ''
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers


[TRACE] Activating job 'Norton Security Scan.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Norton Security Scan\Nss.exe'
Parameters: '/scan-full /scheduled'
WorkingDirectory: 'C:\Program Files\Norton Security Scan'
Comment: 'Norton Security Scan'
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/25/2008 18:00:03
NextRun: 07/30/2008 18:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: U..W.F.
StartDate: 03/01/2008
EndDate: 00/00/0000
StartTime: 18:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

----
Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/29/2008 10:47 AM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
07/29/2008 07:16 PM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,716,428,288 bytes free
Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/29/2008 10:47 AM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
07/29/2008 07:16 PM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,716,428,288 bytes free
Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/29/2008 10:47 AM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
07/29/2008 07:16 PM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,716,428,288 bytes free
Go to the top of the page
 
+Quote Post
Cookiegal
post Jul 29 2008, 02:34 PM
Post #4


Malware Expert
Group Icon
Posts: 721
From: Quebec, Canada
OS: XP Pro
I don't think you ran the second part correctly. Did you save the file as follows and save it in Notepad with a .bat file extension?

QUOTE
cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt
Go to the top of the page
 
+Quote Post
murimuri
post Jul 31 2008, 03:12 PM
Post #5


Member
**
Posts: 39
OS: windows xp
yeah i did. but just in case, here it is again.

Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/31/2008 06:14 PM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
08/01/2008 05:11 AM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,697,545,728 bytes free
Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/31/2008 06:14 PM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
08/01/2008 05:11 AM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,697,545,728 bytes free
Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/31/2008 06:14 PM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
08/01/2008 05:11 AM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,697,545,728 bytes free
Go to the top of the page
 
+Quote Post
murimuri
post Jul 31 2008, 03:13 PM
Post #6


Member
**
Posts: 39
OS: windows xp
oh, and here's the log for drive c:/
in case you wanted that o_o

Volume in drive C has no label.
Volume Serial Number is B0D1-4656

Directory of C:\Documents and Settings\user\Application Data

06/13/2008 09:54 PM <DIR> Adobe
02/16/2008 08:52 PM <DIR> AdobeUM
01/20/2008 10:29 AM <DIR> Ahead
07/06/2008 04:21 PM <DIR> BEARSH~1 BearShare
07/24/2008 04:13 PM <DIR> BOLTRE~1 bolt rect math
11/19/2007 02:15 AM <DIR> DivX
07/02/2008 02:32 PM <DIR> dvdcss
02/09/2008 06:13 PM <DIR> Flock
08/01/2008 05:12 AM <DIR> FREEDO~1 Free Download Manager
11/03/2007 02:01 PM <DIR> Google
11/03/2007 02:35 PM <DIR> GRETECH
11/03/2007 04:39 PM <DIR> Help
01/08/2008 10:52 AM <DIR> HEWLET~1 Hewlett-Packard
10/28/2007 03:10 PM <DIR> IDENTI~1 Identities
02/18/2008 08:10 PM <DIR> LEADER~1 Leadertech
05/02/2008 08:03 PM <DIR> LimeWire
03/01/2008 04:35 PM <DIR> MACROM~1 Macromedia
01/27/2008 03:08 PM <DIR> MEDIAP~1 Media Player Classic
08/01/2008 12:16 AM <DIR> MEGAUP~1 MegauploadToolbar
11/03/2007 01:48 PM <DIR> Mozilla
05/18/2008 01:27 PM <DIR> Opera
02/24/2008 08:32 PM <DIR> Real
11/03/2007 01:28 PM <DIR> STOIK
11/20/2007 10:36 AM <DIR> Sun
06/07/2008 07:59 PM <DIR> Talkback
05/07/2008 10:27 PM <DIR> TVUNET~1 TVU Networks
04/23/2008 10:17 PM <DIR> U3
11/18/2007 09:01 PM <DIR> vlc
06/19/2008 12:41 AM <DIR> Winamp
11/19/2007 01:49 AM <DIR> WinRAR
07/01/2008 05:37 PM <DIR> Xfire
0 File(s) 0 bytes
31 Dir(s) 1,374,130,176 bytes free
Volume in drive C has no label.
Volume Serial Number is B0D1-4656

Directory of C:\Documents and Settings\All Users\Application Data

06/13/2008 09:53 PM <DIR> Adobe
11/03/2007 01:37 PM <DIR> ADOBES~1 Adobe Systems
06/19/2008 04:05 AM <DIR> avg8
07/24/2008 04:12 PM <DIR> BAGSPL~1 Bags Plus Online Chin
11/03/2007 01:16 PM <DIR> Google
01/25/2008 10:30 PM 382 HPZINS~1.LOG hpzinstall.log
07/04/2008 03:44 PM <DIR> IJJIGame
02/26/2008 01:36 PM <DIR> MESSEN~1 Messenger Plus!
10/30/2007 11:12 AM <DIR> Nero
11/25/2007 11:33 AM <DIR> Outspark
01/21/2008 10:43 PM <DIR> Real
11/03/2007 02:04 PM <DIR> Skype
07/13/2008 07:45 AM <DIR> TEMP
05/07/2008 10:27 PM <DIR> TVUNET~1 TVU Networks
04/01/2008 04:10 AM <DIR> WINDOW~1 Windows Genuine Advantage
05/01/2008 07:38 PM <DIR> WLINST~1 WLInstaller
1 File(s) 382 bytes
15 Dir(s) 1,374,130,176 bytes free
Volume in drive C has no label.
Volume Serial Number is B0D1-4656

Directory of C:\Program Files

07/29/2008 10:28 AM <DIR> .
07/29/2008 10:28 AM <DIR> ..
02/18/2008 08:11 PM <DIR> Adobe
06/13/2008 09:53 PM <DIR> ADOBEM~1 Adobe Media Player
01/20/2008 10:32 AM <DIR> Aegisub
03/03/2008 01:43 AM <DIR> AOAAUD~1 AoA Audio Extractor
07/29/2008 10:31 AM <DIR> Athan
03/03/2008 01:38 AM <DIR> Audacity
06/19/2008 04:05 AM <DIR> AVG
07/06/2008 04:15 PM <DIR> BEARSH~1 BearShare Applications
07/24/2008 04:11 PM <DIR> BOLTRE~1 bolt rect math
03/15/2008 12:41 PM <DIR> CABALO~1 CABAL Online (SG MY)
06/01/2008 07:11 PM <DIR> CIRCLE~1 Circle Developement
07/02/2008 03:14 PM <DIR> COMMON~1 Common Files
10/28/2007 03:00 PM <DIR> COMPLU~1 ComPlus Applications
11/03/2007 01:18 PM <DIR> DIRECT~1 DirectVobSub
11/19/2007 02:08 AM <DIR> DivX
11/03/2007 01:14 PM <DIR> DVDDEC~1 DVD Decrypter
07/29/2008 11:38 PM <DIR> ESET
11/20/2007 05:35 PM <DIR> FlashGet
11/03/2007 01:15 PM <DIR> Flock
11/20/2007 05:22 PM <DIR> FREEDO~1 Free Download Manager
11/20/2007 01:12 AM <DIR> GNU
11/20/2007 08:53 AM <DIR> Google
11/03/2007 01:16 PM <DIR> GRETECH
01/08/2008 10:49 AM <DIR> HEWLET~1 Hewlett-Packard
07/26/2008 10:26 PM <DIR> HIJACK~1 Hijackthis
05/10/2008 10:35 PM <DIR> INTELL~1 Intelligent
06/11/2008 05:03 PM <DIR> INTERN~1 Internet Explorer
07/16/2008 03:53 PM <DIR> Java
11/03/2007 01:16 PM <DIR> jBrowse
02/11/2008 09:56 PM <DIR> JWPce
03/15/2008 11:37 AM <DIR> MAIET
06/12/2008 10:21 AM <DIR> MEGAUP~1 MegauploadToolbar
11/19/2007 09:17 AM <DIR> MESSEN~1 Messenger
04/10/2008 05:43 PM <DIR> MESSEN~2 Messenger Plus! Live
10/30/2007 11:08 AM <DIR> MICROS~3 Microsoft ActiveSync
10/28/2007 03:03 PM <DIR> MICROS~1 microsoft frontpage
10/30/2007 11:08 AM <DIR> MICROS~2 Microsoft Office
10/30/2007 11:08 AM <DIR> MICROS~1.NET Microsoft.NET
05/10/2008 10:30 PM <DIR> MOBILE~1 Mobile Partner
10/28/2007 03:00 PM <DIR> MOVIEM~1 Movie Maker
07/31/2008 10:42 PM <DIR> MOZILL~1 Mozilla Firefox
10/28/2007 02:58 PM <DIR> MSN
10/28/2007 02:59 PM <DIR> MSNGAM~1 MSN Gaming Zone
05/02/2008 10:23 AM <DIR> MSNMES~1 MSN Messenger
01/29/2008 05:19 AM <DIR> MSXML4~1.0 MSXML 4.0
10/30/2007 11:12 AM <DIR> Nero
10/28/2007 03:01 PM <DIR> NETMEE~1 NetMeeting
07/01/2008 05:44 PM <DIR> NHNUSA~1 NHN USA
07/30/2008 06:00 PM <DIR> NORTON~1 Norton Security Scan
05/16/2008 03:49 AM <DIR> ONLINE~1 Online Services
11/19/2007 09:16 AM <DIR> OUTLOO~1 Outlook Express
11/25/2007 04:09 PM <DIR> Outspark
03/02/2008 11:55 PM <DIR> PeerCast
07/14/2008 10:41 PM <DIR> Picasa2
06/19/2008 05:13 AM <DIR> PLUSPO~1 pluspoint2
05/18/2008 12:17 PM <DIR> PSCS2U~1 PSCS2Updater
06/05/2008 11:45 AM <DIR> QUICKT~1 QuickTime
01/21/2008 10:43 PM <DIR> REALAL~1 Real Alternative
07/08/2008 03:39 PM <DIR> Sun
01/26/2008 12:30 PM <DIR> SurgeRO
02/18/2008 08:31 PM <DIR> Surreal
07/13/2008 07:24 AM <DIR> SURVIV~1 SurvivalProject
07/26/2008 10:26 PM <DIR> TRENDM~1 Trend Micro
02/18/2008 09:06 AM <DIR> VEOHNE~1 Veoh Networks
12/26/2007 11:07 PM <DIR> VIDEOC~1 VideoCAM Eye
11/03/2007 02:42 PM <DIR> VideoLAN
05/11/2008 11:16 AM <DIR> WackGet
06/19/2008 04:25 AM <DIR> Winamp
11/03/2007 04:49 PM <DIR> WINAVI~1 WinAVI MP4 Converter
12/08/2007 11:58 AM <DIR> WINDOW~4 Windows Live
04/01/2008 04:17 AM <DIR> WI4DF6~1 Windows Media Connect 2
04/01/2008 04:38 AM <DIR> WINDOW~2 Windows Media Player
05/15/2008 03:44 AM <DIR> WINDOW~1 Windows NT
11/19/2007 01:48 AM <DIR> WinRAR
10/30/2007 11:04 AM <DIR> WinZip
10/28/2007 03:03 PM <DIR> xerox
0 File(s) 0 bytes
78 Dir(s) 1,374,117,888 bytes free
Go to the top of the page
 
+Quote Post
Cookiegal
post Aug 1 2008, 02:12 PM
Post #7


Malware Expert
Group Icon
Posts: 721
From: Quebec, Canada
OS: XP Pro
Copy everything inside the quote box below (starting with @) and paste it into notepad. Go up to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files". Save it as remlop.bat on your desktop.

QUOTE
@echo off
cd C:\WINDOWS\Tasks
attrib -r -s -h A51918E0918A8E7C.job
del A51918E0918A8E7C.job
exit


Double-click remlop.bat A window will open and close quickly, this is normal.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy all the text and file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    [Kill Explorer]
    C:\Documents and Settings\user\Application Data\bolt rect math
    C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin
    C:\Program Files\bolt rect math
    EMPTYTEMP
    [Start Explorer]


  • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be Moved" window under the blue bar and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Go to the top of the page
 
+Quote Post
murimuri
post Aug 1 2008, 08:54 PM
Post #8


Member
**
Posts: 39
OS: windows xp
does the OTMoveIt execution usually take very long? o_o
Go to the top of the page
 
+Quote Post
murimuri
post Aug 1 2008, 09:17 PM
Post #9


Member
**
Posts: 39
OS: windows xp
wait nvm. it was not responding apparently.
restarted it.

Unable to kill explorer.exe
C:\Documents and Settings\user\Application Data\bolt rect math moved successfully.
Folder move failed. C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin scheduled to be moved on reboot.
File/Folder C:\Program Files\bolt rect math not found.
< EMPTYTEMP >
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_73qMoOBBqtTBQsscGQig scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF1715.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF9704.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFE5D7.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08022008_111339

----
okay, I think it might not have been what you expected so I'll try to help a bit.. ehmm
The OTMoveIt.exe kinda died in the first round... so just to let you know what I did;

I opened the task manager (ctrl+alt+del) and ran the remlog.bat again. Then I ended the not responding OTMoveIT and opened a new one, the log of which I pasted up there. The first OTMoveIt.exe that I ran had a log whereby these:

C:\Documents and Settings\user\Application Data\bolt rect math
C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin
C:\Program Files\bolt rect math

were run successfully if I am not wrong. The execution just hanged when it read

File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_73qMoOBBqtTBQsscGQig scheduled to be deleted on reboot.

yeah.
So anyway, in the C:\_OTMoveIt\MovedFiles folder, there are two folders. 08022008_111339 and 08022008_103016
the latter folder contains the missing files that the 08022008_111339 log reported.

Does this help in any way?

Hmm.. I'm wondering if I should just move the files from the first folder to the second folder.

This post has been edited by murimuri: Aug 1 2008, 09:32 PM
Go to the top of the page
 
+Quote Post
Cookiegal
post Aug 2 2008, 08:26 AM
Post #10


Malware Expert
Group Icon
Posts: 721
From: Quebec, Canada
OS: XP Pro
No, it's fine. You don't need to move anything.

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
Go to the top of the page
 
+Quote Post
murimuri
post Aug 2 2008, 10:53 AM
Post #11


Member
**
Posts: 39
OS: windows xp
ComboFix 08-08-01.04 - user 2008-08-03 0:40:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.262 [GMT 8:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\MMMJHL84\iforex.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\MMMJHL84\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\MMMJHL84\interclick.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\MMMJHL84\interclick.com\ud.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\ijjistarter2.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-08-02 11:19 . 2008-08-02 11:19 <DIR> d-------- C:\Documents and Settings\user\Application Data\bolt rect math
2008-08-02 10:30 . 2008-08-02 10:30 <DIR> d-------- C:\_OTMoveIt
2008-08-01 05:13 . 2008-08-01 05:11 254 --a------ C:\log.bat
2008-07-29 23:38 . 2008-07-29 23:37 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-07-29 23:38 . 2008-07-29 23:37 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-07-29 23:38 . 2008-07-29 23:37 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-07-29 10:30 . 2008-07-29 10:28 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-07-29 10:28 . 2008-07-29 10:28 <DIR> d-------- C:\WINDOWS\system32\athan
2008-07-29 10:28 . 2008-07-29 10:31 <DIR> d-------- C:\Program Files\Athan
2008-07-26 22:26 . 2008-07-26 22:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-16 15:58 . 2008-08-01 13:50 23 --a------ C:\Documents and Settings\user\jagex_runescape_preferences.dat
2008-07-12 20:03 . 2008-07-12 20:03 244 --ah----- C:\sqmnoopt05.sqm
2008-07-12 20:03 . 2008-07-12 20:03 232 --ah----- C:\sqmdata05.sqm
2008-07-08 15:39 . 2008-07-08 15:39 <DIR> d-------- C:\Program Files\Sun
2008-07-06 16:16 . 2007-11-22 22:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-07-04 15:44 . 2008-07-04 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-07-02 15:14 . 2008-07-02 15:14 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 16:45 --------- d-----w C:\Documents and Settings\user\Application Data\Free Download Manager
2008-08-02 16:40 --------- d-----w C:\Program Files\ESET
2008-08-02 16:24 --------- d-----w C:\Documents and Settings\user\Application Data\MegauploadToolbar
2008-08-02 03:35 --------- d---a-w C:\Program Files\SurvivalProject
2008-08-02 02:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 10:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-24 08:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin
2008-07-16 07:53 --------- d-----w C:\Program Files\Java
2008-07-12 23:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-04 01:07 10,520 ----a-w C:\windows\system32\avgrsstx.dll
2008-07-04 01:05 96,520 ----a-w C:\windows\system32\drivers\avgldx86.sys
2008-07-02 06:32 --------- d-----w C:\Documents and Settings\user\Application Data\dvdcss
2008-07-01 14:48 --------- d--h--w C:\Documents and Settings\user\Application Data\ijjigame
2008-07-01 09:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 09:44 --------- d-----w C:\Program Files\NHN USA
2008-07-01 09:37 --------- d-----w C:\Documents and Settings\user\Application Data\Xfire
2008-06-26 20:10 42,320 ----a-w C:\windows\system32\xfcodec.dll
2008-06-20 17:41 245,248 ----a-w C:\windows\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\windows\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\windows\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\windows\system32\drivers\tcpip6.sys
2008-06-19 23:15 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-19 12:46 2,560 ----a-w C:\windows\system32\bitcometres.dll
2008-06-18 21:13 --------- d-----w C:\Program Files\pluspoint2
2008-06-18 20:25 --------- d-----w C:\Program Files\Winamp
2008-06-18 20:05 --------- d-----w C:\Program Files\AVG
2008-06-18 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-18 16:41 --------- d-----w C:\Documents and Settings\user\Application Data\Winamp
2008-06-18 12:02 --------- d-----w C:\Program Files\Common Files\NSV
2008-06-17 11:28 710,064 ----a-w C:\windows\system32\ijjiSetup.exe
2008-06-13 13:53 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-06-13 13:53 --------- d-----w C:\Program Files\Adobe Media Player
2008-06-13 13:10 272,128 ------w C:\windows\system32\drivers\bthport.sys
2008-06-12 02:21 --------- d-----w C:\Program Files\MegauploadToolbar
2008-06-11 15:01 58,800 ----a-w C:\windows\system32\ijjiPlugin2.dll
2008-06-07 11:59 --------- d-----w C:\Documents and Settings\user\Application Data\Talkback
2008-06-05 03:45 --------- d-----w C:\Program Files\QuickTime
2008-05-14 19:23 3,084 ----a-w C:\windows\system32\fscflist.ini.tmp
2008-05-07 05:18 1,287,680 ----a-w C:\windows\system32\quartz.dll
2008-05-02 02:36 3,000,000 ----a-w C:\windows\system32\wmsetup.exe
2008-01-25 14:51 160 ---ha-w C:\Documents and Settings\user\hpothb07.dat
2008-01-25 14:51 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2008-01-25 14:48 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-19 16:01 171448]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-11-19 00:40 2469935]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-07 12:53 3497984]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [2008-06-03 11:42 2596152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"snpstd"="C:\windows\vsnpstd.exe" [2004-06-10 13:48 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"=