Hi
First and foremost I would like to say thanks to www.geekstogo.com and everyone who is apart of this community.

I have a windows xp, and I recently installed Norton Antivirus 2009. Basically it detects Trojan.vundo and Trojan.MetaJuan. Norton Prompts me to restart. Once I reboot, I run the full system scan and the virus is there again. I believe that the virus is renaming itself, as the description said at wiki. Wiki gave me a basic overview of what it does. So my internet explorer is affected and I get pop ups.

I would really appreciate it if I could get some help in any way to remove these viruses.

Hello gr8joel !

Welcome to the site! My name's Egwene and I'll be helping clean up your computer. I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

***

First, please visited this link and follow these intructions : You Must Read This Before Posting A Hijackthis Log.

Then please post the MBAM repport and the HijackThis repport.

Regards,
Egwene.

Malwarebytes' Anti-Malware 1.28
Database version: 1211
Windows 5.1.2600 Service Pack 2

9/27/2008 1:46:18 AM
mbam-log-2008-09-27 (01-45-55).txt

Scan type: Quick Scan
Objects scanned: 54613
Time elapsed: 9 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 24
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 60

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jkkIBQgF.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ljJAQGyA.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nbjvaj.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21227287-c8fb-437d-93b3-f38f5238399e} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{21227287-c8fb-437d-93b3-f38f5238399e} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57df73c0-833c-48b7-9146-1e18930d57ff} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjaqgya (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{57df73c0-833c-48b7-9146-1e18930d57ff} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d365cf26-f356-4e88-815d-dc9af5c3e6a1} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d365cf26-f356-4e88-815d-dc9af5c3e6a1} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{06adaa90-a8a4-4ea2-ab79-8d5b990d390f} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{57df73c0-833c-48b7-9146-1e18930d57ff} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm37dce39f (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkkibqgf -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkibqgf -> No action taken.

Folders Infected:
C:\Program Files\WinBudget (Adware.AdMedia) -> No action taken.
C:\Program Files\WinBudget\bin (Adware.AdMedia) -> No action taken.
C:\WINDOWS\system32\kBin02 (Trojan.Agent) -> No action taken.
C:\Program Files\Mjcore (Trojan.BHO) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> No action taken.

Files Infected:
C:\WINDOWS\system32\jkkIBQgF.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\FgQBIkkj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\FgQBIkkj.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ljJAQGyA.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nbjvaj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ajmvcubh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hbucvmja.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hgGyyvww.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wwvyyGgh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wwvyyGgh.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\lcftnuhm.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mhuntfcl.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mbhdrhey.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yehrdhbm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ncfywihg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ghiwyfcn.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nypqqbbm.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mbbqqpyn.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xigqqxis.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sixqqgix.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\b155.exe (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\abxove.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ietknhtw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kobetnog.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pygtaeed.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rkshvx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tseopbqy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uedmlqbh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\cosxfoga.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hkqejh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hpnbgl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lldntm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nxktdj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tbjnfgjg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dfuktu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkIXnkK.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jtipaj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\buuykroa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXNfCRk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wwnxuswy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wwssel.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wxwvsh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xpophjif.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\epnfptaw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbXNFutU.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ccalrirf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jfmocajd.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MC5FDXJ7\nd82m0[1] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SL3SIN9I\upd105320[1] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\qtjgljit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM37dce39f.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM37dce39f.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\b158.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:29 AM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing)
O4 - HKLM\..\Run: [BM37dce39f] Rundll32.exe "C:\WINDOWS\system32\qtjgljit.dll",s
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\Desktop\New Folder (3)\P2kCommander-V3.3.0\P2kAutostart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127791643131
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: nbjvaj.dll
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe

--
End of file - 5072 bytes

Hello gr8joel,



First, Did you remove the bad junks found by MBAM ?

If not, please scan again with MBAM and apply the actions

1) Disable real-time protections :

--> Please disable MacAffee real-time protection, more help here : http://www.bleepingcomputer.com/forums/topic114351.html

2) Run LopSD option 1 :

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

3) Run Combofix :

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

ComboFix will disconnect the machine from the internet, this prevents fresh malware from coming in.
The connection shall be restored once ComboFix gets to the Find3M stage.
In the event that ComboFix terminates prematurely you can manually restore the connection by ...
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"



Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.



Regards,
Egwene.

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.80GHz )
BIOS : Default System BIOS
USER : Owner ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 74 Go Free : 49 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( Sat 09/27/2008|20:01 )

--------------------\\ Listing folders in APPLIC~1

[05/14/2008|03:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[05/14/2008|03:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intuit
[05/14/2008|03:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[05/14/2008|03:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec

[05/14/2008|03:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[06/16/2007|06:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[05/31/2007|06:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[05/31/2007|06:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[12/28/2007|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[07/30/2007|08:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Azureus
[10/07/2007|01:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[03/31/2005|06:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[09/27/2008|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[09/23/2008|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[09/25/2008|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[08/16/2007|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Corporation
[12/03/2007|01:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[03/02/2008|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[09/24/2008|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Norton
[09/24/2008|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[08/15/2008|02:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[09/21/2008|10:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[07/17/2008|03:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/30/2006|04:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[05/04/2008|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SweetIM
[09/24/2008|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[08/09/2008|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[11/02/2006|02:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[06/03/2007|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[09/26/2005|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[05/14/2008|04:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[05/04/2008|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[12/03/2007|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[09/25/2008|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[05/14/2007|11:54] C:\DOCUME~1\APPLIC~1\APPLIC~1\<DIR> Microsoft

[03/31/2005|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[03/31/2005|06:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intuit
[03/31/2005|06:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[03/31/2005|06:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec

[10/20/2006|02:13] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Adobe
[10/20/2006|08:18] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Google
[03/31/2005|04:50] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Identities
[03/31/2005|06:03] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Intuit
[10/20/2006|08:24] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Macromedia
[03/31/2005|06:00] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Microsoft
[03/31/2005|06:16] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Symantec

[10/17/2006|01:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[08/15/2008|09:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore

[03/31/2005|04:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[09/08/2008|11:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> SACore

[05/14/2008|03:59] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[07/22/2008|01:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[11/01/2007|10:11] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[01/31/2008|06:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ArcSoft
[08/17/2007|12:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Azureus
[05/14/2008|04:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ErrorSmart
[11/18/2006|09:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[03/31/2005|04:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[01/21/2006|03:30] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InterVideo
[03/31/2005|06:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Intuit
[10/18/2006|01:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Leadertech
[04/16/2006|02:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[09/27/2008|01:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[05/09/2008|09:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[10/26/2006|01:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSNInstaller
[05/14/2007|11:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MySpace
[02/24/2008|10:27] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Nero
[08/14/2008|11:44] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SiteAdvisor
[10/18/2006|01:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sonic
[11/05/2006|07:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[09/21/2008|10:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/31/2006|05:27] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Template
[08/14/2008|05:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> U3
[06/03/2007|09:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Viewpoint
[09/02/2007|07:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Walgreens
[07/25/2007|08:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> WinRAR
[09/28/2007|05:34] C:\DOCUME~1\Owner\APPLIC~1\<DIR> yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/25/2008 03:30 AM][--a------] C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job
[03/08/2008 04:00 AM][--a------] C:\WINDOWS\tasks\XoftSpySE.job
[09/27/2008 08:01 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[05/14/2008|03:59] C:\Program Files\<DIR> Adobe
[02/07/2008|11:58] C:\Program Files\<DIR> Apoint2K
[11/07/2006|09:48] C:\Program Files\<DIR> ArcSoft
[05/14/2008|04:03] C:\Program Files\<DIR> CACE Technologies
[09/27/2008|01:34] C:\Program Files\<DIR> Common Files
[11/07/2006|09:53] C:\Program Files\<DIR> epson
[09/24/2008|06:39] C:\Program Files\<DIR> Free DVD Ripper
[03/31/2005|06:10] C:\Program Files\<DIR> Fujitsu
[09/25/2008|12:55] C:\Program Files\<DIR> InstallShield Installation Information
[03/31/2005|05:31] C:\Program Files\<DIR> Intel
[09/25/2008|12:35] C:\Program Files\<DIR> Internet Explorer
[09/26/2005|08:18] C:\Program Files\<DIR> InterVideo
[10/23/2007|06:46] C:\Program Files\<DIR> Java
[08/14/2008|09:47] C:\Program Files\<DIR> LimeWire
[07/26/2007|11:57] C:\Program Files\<DIR> Logitech
[09/27/2008|01:35] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[01/30/2008|06:51] C:\Program Files\<DIR> Messenger
[05/14/2008|03:42] C:\Program Files\<DIR> Microsoft ActiveSync
[12/03/2007|07:14] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[03/31/2005|04:50] C:\Program Files\<DIR> microsoft frontpage
[04/28/2008|12:09] C:\Program Files\<DIR> Microsoft Office
[12/03/2007|01:52] C:\Program Files\<DIR> Microsoft Works
[03/31/2005|04:45] C:\Program Files\<DIR> Movie Maker
[10/18/2006|01:22] C:\Program Files\<DIR> MSN
[03/31/2005|04:43] C:\Program Files\<DIR> MSN Gaming Zone
[11/11/2006|01:25] C:\Program Files\<DIR> MTV Networks
[03/31/2005|04:45] C:\Program Files\<DIR> NetMeeting
[09/24/2008|12:49] C:\Program Files\<DIR> Norton AntiVirus
[09/25/2008|02:16] C:\Program Files\<DIR> Norton Support
[09/24/2008|12:49] C:\Program Files\<DIR> NortonInstaller
[03/31/2005|04:46] C:\Program Files\<DIR> Online Services
[06/13/2007|10:01] C:\Program Files\<DIR> Outlook Express
[08/16/2007|11:24] C:\Program Files\<DIR> Quicken
[07/17/2008|03:19] C:\Program Files\<DIR> QuickTime
[08/07/2008|08:17] C:\Program Files\<DIR> Shockwave.com
[10/01/2007|12:18] C:\Program Files\<DIR> SigmaTel
[11/07/2006|09:46] C:\Program Files\<DIR> Smart Panel
[03/31/2005|06:13] C:\Program Files\<DIR> Sonic
[12/28/2007|09:09] C:\Program Files\<DIR> Stardock
[09/21/2008|10:45] C:\Program Files\<DIR> SUPERAntiSpyware
[03/11/2007|03:34] C:\Program Files\<DIR> support.com
[09/24/2008|12:50] C:\Program Files\<DIR> Symantec
[09/27/2008|01:47] C:\Program Files\<DIR> Trend Micro
[12/29/2007|11:02] C:\Program Files\<DIR> vghd
[05/31/2007|06:21] C:\Program Files\<DIR> Viewpoint
[05/14/2008|04:06] C:\Program Files\<DIR> Windows Live
[11/21/2007|12:27] C:\Program Files\<DIR> Windows Media Connect 2
[02/07/2008|11:58] C:\Program Files\<DIR> Windows Media Player
[03/31/2005|04:42] C:\Program Files\<DIR> Windows NT
[09/22/2008|12:23] C:\Program Files\<DIR> Windows Sidebar
[03/31/2005|04:47] C:\Program Files\<DIR> WindowsUpdate
[03/31/2005|04:50] C:\Program Files\<DIR> xerox
[09/25/2008|12:13] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/31/2008|04:59] C:\Program Files\Common Files\<DIR> {34EFD0AC-0707-1033-0519-050203200001}
[03/27/2008|10:49] C:\Program Files\Common Files\<DIR> Adobe
[05/14/2008|04:04] C:\Program Files\Common Files\<DIR> Designer
[09/27/2008|01:34] C:\Program Files\Common Files\<DIR> Download Manager
[03/31/2005|06:02] C:\Program Files\Common Files\<DIR> InstallShield
[11/05/2006|07:44] C:\Program Files\Common Files\<DIR> Java
[07/26/2007|11:57] C:\Program Files\Common Files\<DIR> Logitech
[05/14/2008|04:08] C:\Program Files\Common Files\<DIR> Microsoft Shared
[12/10/2006|11:43] C:\Program Files\Common Files\<DIR> MimarSinan
[07/30/2008|06:10] C:\Program Files\Common Files\<DIR> Motorola Shared
[03/31/2005|04:45] C:\Program Files\Common Files\<DIR> MSSoap
[03/02/2008|08:35] C:\Program Files\Common Files\<DIR> Nero
[03/31/2005|08:35] C:\Program Files\Common Files\<DIR> ODBC
[03/31/2005|04:45] C:\Program Files\Common Files\<DIR> Services
[03/31/2005|08:34] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/15/2007|11:34] C:\Program Files\Common Files\<DIR> Stardock
[09/24/2008|01:02] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/13/2007|10:01] C:\Program Files\Common Files\<DIR> System
[05/14/2008|04:08] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[03/11/2007|03:36] C:\Program Files\Common Files\<DIR> wmku

--------------------\\ Process

( 25 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Owner\Cookies\owner@us1.darkorbit.bigpoint[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 20:03:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\Complete\Adobe Photoshop CS2 v9 0 FinaL KeyGeN by DvS Radar rar 3591305 TPB.zip
C:\DOCUME~1\Owner\Complete\Age of Empires III Full Game + No DVD CPU Crack[k] - [www slotorrent net].zip
C:\DOCUME~1\Owner\Complete\BearShare PRO 6 0 FULL with CRACK (latest version) (pree release).zip
C:\DOCUME~1\Owner\Complete\Bigfish Games - Flower Shop - Big City Break + Crack (Reflexive).zip
C:\DOCUME~1\Owner\Complete\Bigfish Games - Jewels of Cleopatra + Crack (Reflexive).zip
C:\DOCUME~1\Owner\Complete\Bigfish Games - Zodiac Tower + Crack (REQUESTED) (Reflexive).zip
C:\DOCUME~1\Owner\Complete\Clone DVD 3+KeyGen.zip
C:\DOCUME~1\Owner\Complete\Cracking the Millionaire Code Your Key to Enlightened Wealth.zip
C:\DOCUME~1\Owner\Complete\Cucusoft Mpeg-Mov-Rm-Divx-Avi To Dvd-Vcd-Svcd Creator Pro 7 07 + With Working Keygen Not Trial Versi.zip
C:\DOCUME~1\Owner\Complete\FEAR Extraction Point with update crack{www IPTorrents com}.zip
C:\DOCUME~1\Owner\Complete\Google Earth Pro Map with Crack by DvS Radar zip 3590829 TPB.zip
C:\DOCUME~1\Owner\Complete\Google Earth Pro Map with Crack by DvS Radar.zip
C:\DOCUME~1\Owner\Complete\Jedi Knight II Jedi Outcast Crack of Doom map .zip
C:\DOCUME~1\Owner\Complete\KeyGen RC4 Emailer 1.zip
C:\DOCUME~1\Owner\Complete\KeyGen RC4 Encryption Key Maker 2.1.1.zip
C:\DOCUME~1\Owner\Complete\Microsoft Office 2007 Applications Keygen Only-MiCROSOFT.zip
C:\DOCUME~1\Owner\Complete\Nero 7 5 9 0 Incl Keygen.zip
C:\DOCUME~1\Owner\Complete\New Vista RTM Timer Stopper Crack.zip
C:\DOCUME~1\Owner\Complete\PalmCrack 1.1.zip
C:\DOCUME~1\Owner\Complete\Photoshop CS2 Final Keygen Doom1911.zip
C:\DOCUME~1\Owner\Complete\Photoshop CS3 beta + Crack + Patch FR - [HwC].zip
C:\DOCUME~1\Owner\Complete\PowerISO 3 5 + keygen zip.zip
C:\DOCUME~1\Owner\Complete\Registry Mechanic 7 0 Newest Version + Crack! Full!!.zip
C:\DOCUME~1\Owner\Complete\Spyware Doctor 5 1 Newest version + Crack! FULL!!.zip
C:\DOCUME~1\Owner\Complete\Steam Keygen Unlock all games.zip
C:\DOCUME~1\Owner\Complete\The GodFather-The Game- PC with Crack,Trainer &amp; Daemon Tools.zip
C:\DOCUME~1\Owner\Complete\Tom Clancys Rainbow Six Vegas CRACK ONLY-HATRED NewTorrents.info ownz .zip
C:\DOCUME~1\Owner\Complete\TuneUp Utilities 2007 6.0.1255.0 FINAL with keygen by tsrh.zip
C:\DOCUME~1\Owner\Complete\Virtual Pool 3 crack update{www IPTorrents com}.zip
C:\DOCUME~1\Owner\Complete\Vista Activation Crack By #Vistatalk on EFnet-ViSTATALK.zip
C:\DOCUME~1\Owner\Complete\Vista Work Around GEN2 - 20-12-06 + WGA Validation Crack III (2 AIO).zip
C:\DOCUME~1\Owner\Complete\Webroot SpySweeper 6 0 Newest version + Crack! FULL!.zip
C:\DOCUME~1\Owner\Complete\WGA Patcher Windows keygen updated 11 11 06 by DvS Radar rar 3591100 TPB.zip
C:\DOCUME~1\Owner\Complete\Winamp 5 32 Pro - Full + Keygen rar.zip
C:\DOCUME~1\Owner\Complete\Windows Genuine Advantage Validation LATEST and crack rar.zip
C:\DOCUME~1\Owner\Complete\Windows Media Player 11 + Crack rar.zip
C:\DOCUME~1\Owner\Complete\WinZip 10 PRO + Keygen.zip
C:\DOCUME~1\Owner\Complete\XP Repair Pro v3 1 6 Incl Keygen and Patch.zip
C:\DOCUME~1\Owner\Complete\[PC-Game] Pirates of the Caribbean The Legend of Jack Sparrow - Full with crack www gamerzone com b.zip
C:\DOCUME~1\Owner\Favorites\Hacking Guide - Dictionary, Windows, Telnet, Cracks, IRC.url
C:\DOCUME~1\Owner\Recent\aircrack-2.41.lnk
C:\DOCUME~1\Owner\Recent\WEPCrack-0.1.0.tar.lnk


[F:5526][D:298]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:61][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:1395][D:4]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 09/27/2008|20:05 - Option : [1]

--------------------\\ Scan completed at 20:05:12


ComboFix 08-09-27.01 - Owner 2008-09-27 20:25:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.251 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp1.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp2.tmp
C:\Program Files\Common Files\{34EFD~1
C:\Program Files\Common Files\{34EFD~1\system.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\IA
C:\WINDOWS\stem32~1
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\sysmwwod.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TNIDRIVER
-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-27 19:58 . 2008-09-27 20:05 <DIR> d-------- C:\Lop SD
2008-09-27 01:47 . 2008-09-27 01:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-27 01:35 . 2008-09-27 01:35 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-27 01:35 . 2008-09-27 01:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-27 01:35 . 2008-09-27 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 01:35 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-27 01:35 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 01:34 . 2008-09-27 01:34 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-09-25 13:47 . 2008-09-25 14:16 <DIR> d-------- C:\Program Files\Norton Support
2008-09-25 13:44 . 2008-09-27 00:15 988,779 ---hs---- C:\WINDOWS\system32\piemfctt.ini
2008-09-25 13:43 . 2008-09-25 13:43 105,472 --a------ C:\WINDOWS\system32\sxgveaqd.dll
2008-09-25 13:20 . 2008-09-25 13:39 921,917 ---hs---- C:\WINDOWS\system32\ofyodqdo.ini
2008-09-25 13:18 . 2008-09-25 13:18 105,472 --a------ C:\WINDOWS\system32\eyaubwfq.dll
2008-09-25 13:09 . 2008-09-25 13:09 921,797 ---hs---- C:\WINDOWS\system32\jbyovcsx.ini
2008-09-25 13:07 . 2008-09-25 13:07 105,472 --a------ C:\WINDOWS\system32\hhacjdxx.dll
2008-09-25 11:57 . 2008-09-25 13:02 921,737 ---hs---- C:\WINDOWS\system32\fnnastjw.ini
2008-09-25 11:54 . 2008-09-25 11:54 105,472 --a------ C:\WINDOWS\system32\wfyfsgic.dll
2008-09-25 09:16 . 2008-09-25 11:48 474 ---hs---- C:\WINDOWS\system32\hasqqtgk.ini
2008-09-25 09:13 . 2008-09-25 09:13 105,472 --a------ C:\WINDOWS\system32\xgjhusvi.dll
2008-09-25 01:13 . 2008-09-25 00:48 294 --ahs---- C:\WINDOWS\system32\skwsbxpb.ini
2008-09-25 00:46 . 2008-09-25 00:46 912,132 ---hs---- C:\WINDOWS\system32\skwsbxpb.tmp
2008-09-24 18:38 . 2008-09-24 18:39 <DIR> d-------- C:\Program Files\Free DVD Ripper
2008-09-24 09:13 . 2008-09-24 09:13 95,232 --a------ C:\WINDOWS\system32\ripyfeif.dll
2008-09-24 02:25 . 2008-09-24 02:25 115,200 --a------ C:\WINDOWS\system32\hrfknm.dll
2008-09-24 02:25 . 2008-09-24 02:25 115,200 --a------ C:\WINDOWS\system32\hdkftjbm.dll
2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\Symantec
2008-09-24 00:50 . 2008-09-24 00:50 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-24 00:50 . 2008-09-24 00:50 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-24 00:50 . 2008-09-24 00:50 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-09-24 00:49 . 2008-09-24 00:49 <DIR> d-------- C:\WINDOWS\system32\drivers\NAV
2008-09-24 00:49 . 2008-09-24 00:49 <DIR> d-------- C:\Program Files\NortonInstaller
2008-09-24 00:49 . 2008-09-24 00:49 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-09-24 00:49 . 2008-09-24 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-24 00:49 . 2008-09-24 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-09-23 20:13 . 2008-09-23 20:15 1,100,503 ---hs---- C:\WINDOWS\system32\ygrtgfyn.ini
2008-09-23 20:12 . 2008-09-23 20:12 96,256 --a------ C:\WINDOWS\system32\hrvkjyax.dll
2008-09-22 01:15 . 2008-09-23 20:12 1,100,279 ---hs---- C:\WINDOWS\system32\hiQBIkkj.ini
2008-09-22 01:15 . 2008-09-22 01:15 221,184 --a------ C:\WINDOWS\system32\owjamccc.dll
2008-09-22 01:15 . 2008-09-22 01:15 108,544 --a------ C:\WINDOWS\system32\khfCuTLB.dll
2008-09-22 00:23 . 2008-09-22 00:23 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-09-22 00:21 . 2008-09-24 00:50 10,635 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-22 00:21 . 2008-09-24 00:50 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-22 00:14 . 2008-09-22 00:14 121 ---hs---- C:\WINDOWS\system32\aamgjnda.ini
2008-09-21 22:42 . 2008-09-21 22:42 121 ---hs---- C:\WINDOWS\system32\nhbximyd.ini
2008-09-08 11:21 . 2008-09-08 11:21 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SACore
2008-09-07 15:39 . 2008-09-24 09:17 1,384,455 --a------ C:\WINDOWS\setupapi.log.2.old
2008-09-07 15:37 . 2006-11-08 01:51 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys
2008-09-07 15:37 . 2006-11-08 01:51 10,752 --------- C:\WINDOWS\system32\rspndr.exe
2008-09-07 15:20 . 2008-09-07 15:29 1,298,847 ---hs---- C:\WINDOWS\system32\nierltkl.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-25 19:13 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 07:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 08:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-24 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-23 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-22 05:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-09-22 05:45 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-22 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 16:45 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SACore
2008-08-15 09:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-15 06:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-08-15 04:47 --------- d-----w C:\Program Files\LimeWire
2008-08-15 00:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-08-10 06:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-08 03:17 --------- d-----w C:\Program Files\Shockwave.com
2008-07-31 05:07 24,192 ----a-w C:\Documents and Settings\Owner\usbsermptxp.sys
2008-07-31 05:07 22,768 ----a-w C:\Documents and Settings\Owner\usbsermpt.sys
2008-07-31 01:11 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-07-31 01:11 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-07-31 01:11 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-07-31 01:11 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-07-31 01:10 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-07-30 00:39 16,246 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-05-06 02:28 35,528 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-05-29 02:29 374 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2007-05-29 02:27 18,432 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2007-05-29 01:18 538 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
1999-12-23 22:12 11,264 ----a-w C:\Documents and Settings\Owner\Sporder.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-r 313,472 2006-03-31 00:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-r 163,840 2004-07-02 11:48:26 C:\Program Files\Apoint2K\bak\Apoint.exe

----a-w 242,688 2005-02-25 18:36:40 C:\Program Files\Fujitsu\Application Panel\bak\QuickTouch.exe

----a-w 61,440 2005-02-25 18:15:18 C:\Program Files\Fujitsu\BtnHnd\bak\BtnHnd.exe

----a-w 69,632 2005-02-25 18:13:54 C:\Program Files\Fujitsu\FUJ02E3\bak\FUJ02E3.exe

----a-w 81,920 2005-02-28 18:20:38 C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\bak\IndicatorUty.exe

----a-w 132,496 2007-09-25 08:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe

----a-w 204,288 2006-10-19 04:05:26 C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe

----a-w 224,248 2007-06-08 14:59:38 C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe

----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 126,976 2005-04-13 07:17:10 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 98,304 2004-03-04 11:00:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATI9AA.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2kAutostart"="C:\Documents and Settings\Owner\Desktop\New Folder (3)\P2kCommander-V3.3.0\P2kAutostart.exe" [N/A]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-05 17:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nbjvaj.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^DesktopBeautifier.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\DesktopBeautifier.lnk
backup=C:\WINDOWS\pss\DesktopBeautifier.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Webmakq]
C:\WINDOWS\??stem32\n?pdb.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\34efd003]
C:\WINDOWS\system32\nyfgtrgy.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM37dce39f]
--a------ 2008-09-23 20:12 96256 C:\WINDOWS\system32\hrvkjyax.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Haos]
C:\DOCUME~1\Owner\MYDOCU~1\SMANTE~1\ati2evxx.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton AntiVirus\osCheck.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skra]
C:\Program Files\Skra\Skra.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
c:\Program Files\Zune\ZuneLauncher.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-12-19 23:10 88358 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 gmhxxcla;gmhxxcla;C:\WINDOWS\system32\drivers\psjgpcqb.dat [ ]
R0 ri576tsk;ri576tsk;C:\WINDOWS\system32\DRIVERS\ri576tsk.sys [2004-12-20 20992]
R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMEFA.SYS [2008-09-24 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2008-09-24 254512]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2008-09-24 362544]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20080923.001\IDSxpx86.sys [2008-09-24 274808]
R2 Norton AntiVirus;Norton AntiVirus;C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe /s Norton AntiVirus /m C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll [ ]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{23FBADFE-3028-4BF2-87E7-4E5868CD2558} - C:\WINDOWS\system32\dhcpcsv.dll
BHO-{5da4506c-78fc-4361-905e-ff7d5cc1cd40} - C:\WINDOWS\system32\suxasq.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O8 -: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 20:30:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gmhxxcla]
"ImagePath"="system32\drivers\psjgpcqb.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-09-27 20:37:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 03:37:03

Pre-Run: 53,108,277,248 bytes free
Post-Run: 55,243,296,768 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

270 --- E O F --- 2008-08-10 06:42:18


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:44 PM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing)
O2 - BHO: (no name) - {23FBADFE-3028-4BF2-87E7-4E5868CD2558} - C:\WINDOWS\system32\dhcpcsv.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing)
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\Desktop\New Folder (3)\P2kCommander-V3.3.0\P2kAutostart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127791643131
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: nbjvaj.dll
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe

--
End of file - 5476 bytes