Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ddayv.dll problem [CLOSED]


  • This topic is locked This topic is locked

#1
Mistress Mercy

Mistress Mercy

    New Member

  • Member
  • Pip
  • 6 posts
i recently started getting virus alerts from my avast antivirus software that i had ddayv.dll infected witha trogan. I cannot get rid of it. Heres my HijackThis scan. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:14 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype .exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Logitech\QuickCam\Quickcam .exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Free Download Manager\FUM\fumoei .exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Mercy.[bleep]\My Documents\Other Stuff\Things to fix stuff\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddayv.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: KTBho Class - {25EDC164-41A6-47C3-80BD-5E4FBE1BA7AB} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O2 - BHO: (no name) - {3401DB32-7F00-4EC7-A890-A75F64973843} - C:\WINDOWS\system32\byxywuv.dll
O2 - BHO: (no name) - {4F95A30B-7AED-46A7-99EA-C080F7F4BE03} - C:\WINDOWS\system32\ddayv.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: SnapToolbarHelper Class - {8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838} - C:\Program Files\Snap Visual Search\snapbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Program Files\Snap Shots\snapbar5.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Program Files\Snap Shots\snapbar5.dll
O3 - Toolbar: Snap Visual Search - {EF56413F-9398-4DF5-BC88-6FC3B227D5C5} - C:\Program Files\Snap Visual Search\snapbar.dll
O3 - Toolbar: Kaboodle Toolbar - {92857633-2441-4A14-8236-DFCB97AD3E87} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [winpol] C:\WINDOWS\system32\winpol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mercy.[bleep]\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1177758730765
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1177760519828
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaste...View22RTEv4.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com.../crusher-us.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxywuv - C:\WINDOWS\SYSTEM32\byxywuv.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Auto HotKey Poller - Unknown owner - C:\WINDOWS\system32\winpol.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)

--
End of file - 15622 bytes
  • 0

Advertisements


#2
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)

Edited by sarahw, 05 January 2008 - 07:34 AM.

  • 0

#3
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Edited by sarahw, 05 January 2008 - 07:35 AM.

  • 0

#4
Mistress Mercy

Mistress Mercy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
My Combofix and new HijackThis log. ComboFix 08-01-04.1 - Mercy 2008-01-06 17:59:42.2 - NTFSx86
Running from: C:\Documents and Settings\Mercy.[bleep]\My Documents\Other Stuff\Things to fix stuff\ComboFix\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe

.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 17:36 . 2008-01-06 17:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 17:36 . 2008-01-06 17:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-05 07:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 06:22 . 2008-01-05 06:55 3,584 --a------ C:\WINDOWS\system32\ddayv.exe
2008-01-05 06:04 . 2008-01-05 06:04 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-05 05:19 . 2008-01-05 06:07 <DIR> d-------- C:\VundoFix Backups
2008-01-04 11:40 . 2008-01-04 11:42 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-04 11:32 . 2008-01-04 11:35 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-04 11:19 . 2008-01-04 11:48 68,965 --a------ C:\WINDOWS\hpoins05.dat
2008-01-04 11:19 . 2004-12-14 11:07 19,696 --------- C:\WINDOWS\hpomdl05.dat
2008-01-04 08:20 . 2008-01-04 06:43 68,852 --------- C:\WINDOWS\hpoins05.dat.temp
2008-01-04 08:20 . 2004-12-14 11:07 19,696 --------- C:\WINDOWS\hpomdl05.dat.temp
2008-01-04 05:19 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-04 05:19 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-04 05:19 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-04 05:19 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-04 05:19 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-04 05:19 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-04 05:19 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-04 05:19 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-03 15:36 . 2008-01-03 15:36 348,160 --a------ C:\WINDOWS\system32\RCX27A.tmp
2008-01-03 13:42 . 2008-01-03 15:36 114,688 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-03 13:42 . 2008-01-05 04:32 94,208 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-03 13:42 . 2008-01-05 04:32 77,824 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-03 13:40 . 2008-01-05 06:54 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-03 13:39 . 2008-01-05 04:32 397,312 --a------ C:\WINDOWS\system32\winpol .exe
2008-01-03 05:23 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-01-03 05:23 . 2002-03-04 13:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2008-01-03 05:23 . 2004-03-09 00:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-01-03 05:23 . 2001-04-20 02:28 28,672 --a------ C:\WINDOWS\system32\SysTray.ocx
2008-01-03 05:22 . 2008-01-03 05:22 38,912 --a------ C:\WINDOWS\system32\byxywuv.dll.vir
2008-01-01 22:33 . 2008-01-01 22:33 <DIR> d-------- C:\WINDOWS\system32\Plugins
2008-01-01 19:06 . 2008-01-01 19:06 <DIR> d-------- C:\Program Files\MySpace
2008-01-01 19:06 . 2008-01-01 19:06 <DIR> d-------- C:\Documents and Settings\Mercy.[bleep]\Application Data\MySpace
2007-12-27 00:38 . 2007-12-27 00:38 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-26 23:39 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-26 23:39 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-26 23:39 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-26 23:22 . 2007-12-26 23:22 <DIR> d-------- C:\Program Files\Flagship Studios
2007-12-26 13:16 . 2007-12-26 23:41 <DIR> d-------- C:\Program Files\Coupons
2007-12-26 13:16 . 2007-12-26 13:16 189,784 -rah----- C:\WINDOWS\system32\cpnprt2.cid
2007-12-21 17:54 . 2007-12-21 17:55 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-17 11:32 . 2007-12-17 11:32 <DIR> d-------- C:\Downloads
2007-12-14 11:57 . 2008-01-06 18:11 <DIR> d-------- C:\Program Files\QuickTime
2007-12-13 06:48 . 2007-12-13 06:48 <DIR> d-------- C:\WINDOWS\system32\SolidStateNetworks
2007-12-13 06:48 . 2007-12-13 06:48 <DIR> d-------- C:\WINDOWS\system32\AcclaimGames
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-07 20:27 . 2007-12-07 20:28 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 21:40 --------- d-----w C:\Documents and Settings\Mercy.[bleep]\Application Data\Free Download Manager
2008-01-06 17:55 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-01-06 17:21 --------- d-----w C:\Program Files\CursorXP
2008-01-06 16:55 --------- d-----w C:\Program Files\Soulseek
2008-01-05 17:22 --------- d-----w C:\Documents and Settings\Mercy.[bleep]\Application Data\Winamp
2008-01-05 07:34 --------- d-----w C:\Documents and Settings\Mercy.[bleep]\Application Data\uTorrent
2008-01-04 23:46 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-04 11:30 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-01-04 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-04 10:13 --------- d-----w C:\Program Files\Curse
2008-01-04 08:31 4,556,288 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-01-03 20:04 --------- d-----w C:\Program Files\Last.fm
2008-01-03 19:29 --------- d-----w C:\Program Files\Logitech
2008-01-03 19:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 18:47 --------- d-----w C:\Program Files\Rainlendar2
2007-12-30 20:48 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-30 20:35 --------- d-----w C:\Program Files\a-squared Free
2007-12-27 22:21 --------- d-----w C:\Documents and Settings\Mercy.[bleep]\Application Data\Skype
2007-12-27 06:06 --------- d-----w C:\Program Files\SoundSpectrum
2007-12-26 05:57 --------- d-----w C:\Documents and Settings\Mercy.[bleep]\Application Data\IMVU
2007-12-23 17:28 --------- d-----w C:\Program Files\Winamp
2007-12-23 16:03 --------- d-----w C:\Documents and Settings\Mercy.[bleep]\Application Data\SecondLife
2007-12-21 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-20 00:27 --------- d-----w C:\Documents and Settings\Mercy.[bleep]\Application Data\SoundSpectrum
2007-12-18 13:21 --------- d-----w C:\Program Files\Common Files\Stardock
2007-12-17 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-14 14:53 --------- d-----w C:\Program Files\World of Warcraft
2007-12-06 17:01 --------- d-----w C:\Program Files\Semagic
2007-12-05 17:32 --------- d-----w C:\Program Files\Snap Shots
2007-12-04 00:13 --------- d-----w C:\Program Files\Main
2007-12-04 00:12 1,833 ----a-w C:\Program Files\script.ini
2007-12-04 00:12 --------- d-----w C:\Program Files\download
2007-12-02 16:33 116 ----a-w C:\Program Files\Dream Of Mirror Online Website.url
2007-12-02 14:45 --------- d-----w C:\Program Files\CamGrab-2LE
2007-12-02 12:49 --------- d-----w C:\Program Files\Wizards of the Coast
2007-12-01 20:18 --------- d-----w C:\Program Files\UserData
2007-12-01 20:03 --------- d-----w C:\Program Files\UpdateLog
2007-12-01 20:03 --------- d-----w C:\Program Files\Texture
2007-12-01 20:02 902,656 ----a-w C:\Program Files\domopatch.exe
2007-12-01 20:02 902,656 ----a-w C:\Program Files\_domopatch.exe
2007-12-01 20:02 196,608 ----a-w C:\Program Files\DomoPatch.tds
2007-12-01 20:01 806,400 ----a-w C:\Program Files\cc3270mt.dll
2007-12-01 20:01 29,696 ----a-w C:\Program Files\borlndmm.dll
2007-12-01 19:41 82 ----a-w C:\Program Files\Get Aeria Points.url
2007-12-01 19:41 249,599 ----a-w C:\Program Files\Uninst.exe
2007-12-01 19:41 --------- d-----w C:\Program Files\offline
2007-12-01 19:41 --------- d-----w C:\Program Files\cursor
2007-12-01 19:40 --------- d-----w C:\Program Files\Temp
2007-12-01 19:40 --------- d-----w C:\Program Files\Sound
2007-12-01 19:39 --------- d-----w C:\Program Files\Shader
2007-12-01 19:39 --------- d-----w C:\Program Files\ScreenShot
2007-12-01 19:39 --------- d-----w C:\Program Files\Music
2007-12-01 19:39 --------- d-----w C:\Program Files\Movie
2007-12-01 19:39 --------- d-----w C:\Program Files\Motion
2007-12-01 19:39 --------- d-----w C:\Program Files\Model
2007-12-01 19:37 --------- d-----w C:\Program Files\Map
2007-12-01 19:32 --------- d-----w C:\Program Files\Mail
2007-12-01 19:32 --------- d-----w C:\Program Files\Act
2007-11-30 09:03 --------- d-----w C:\Program Files\Windows Live
2007-11-30 09:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-20 16:09 104,320 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-11-17 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\View22
2007-11-17 03:27 --------- d-----w C:\Program Files\Soulseek-Test
2007-11-16 12:13 --------- d-----w C:\Program Files\SecondLifeWindLight
2007-11-15 09:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-14 17:59 --------- d-----w C:\Program Files\Xvid
2007-11-14 17:15 --------- d-----w C:\Program Files\Gabest
2007-11-14 17:14 --------- d-----w C:\Program Files\AviSynth 2.5
2007-11-14 05:17 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2007-11-13 13:24 --------- d-----w C:\Program Files\kaboodle
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 08:08 --------- d-----w C:\Program Files\IMVU
2007-11-09 04:07 --------- d-----w C:\Program Files\SecondLife
2007-11-08 08:44 --------- d-----w C:\Program Files\Yahoo!
2007-11-08 08:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-08 08:39 --------- d-----w C:\Program Files\Skype
2007-11-08 08:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-11-08 08:38 --------- d-----w C:\Program Files\Common Files\Skype
2007-11-07 04:01 127 ----a-w C:\Program Files\iniurl.ini
2007-11-06 07:09 --------- d-----w C:\Documents and Settings\Mercy.[bleep]\Application Data\Miranda
2007-11-06 06:35 --------- d-----w C:\Program Files\Miranda IM
2007-11-06 04:22 230,899 ----a-w C:\Program Files\DOMOuninstall.ico
2007-11-06 03:20 234,096 ----a-w C:\Program Files\DOMO.ico
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-23 22:06 585,728 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 16:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 14:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 14:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 14:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-09 18:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 18:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 18:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
2007-10-09 18:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 18:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 18:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
.
<pre>
----a-w			39,792 2008-01-05 12:16:05  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w			79,224 2008-01-05 11:56:12  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w		   563,984 2008-01-05 12:16:16  C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
----a-w		   480,256 2008-01-04 10:13:42  C:\Program Files\Curse\CurseClient .exe
----a-w		   140,288 2008-01-05 12:16:29  C:\Program Files\CursorXP\CursorXP .exe
----a-w			40,960 2008-01-05 12:16:35  C:\Program Files\Free Download Manager\FUM\fumoei .exe
----a-w			49,152 2008-01-05 12:16:23  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   132,496 2008-01-05 12:16:04  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		 2,178,832 2008-01-05 12:16:30  C:\Program Files\Logitech\QuickCam\Quickcam .exe
----a-w		   813,912 2008-01-05 12:16:03  C:\Program Files\Microsoft IntelliType Pro\itype .exe
----a-w		   286,720 2008-01-06 22:36:07  C:\Program Files\QuickTime\qttask .exe
----a-w		 1,365,504 2008-01-03 18:44:21  C:\Program Files\Rainlendar2\Rainlendar2 .exe
----a-w		   987,187 2008-01-04 08:30:45  C:\Program Files\WinCustomize\LogonStudio\logonstudio .exe
----a-w		   224,248 2008-01-05 12:16:09  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
----a-w		   208,952 2008-01-05 11:56:09  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
----a-w			15,360 2008-01-05 11:54:54  C:\WINDOWS\system32\ctfmon .exe
----a-w			77,824 2008-01-05 09:32:46  C:\WINDOWS\system32\hkcmd .exe
----a-w		   114,688 2008-01-03 20:36:53  C:\WINDOWS\system32\igfxpers .exe
----a-w			94,208 2008-01-05 09:32:47  C:\WINDOWS\system32\igfxtray .exe
----a-w		   397,312 2008-01-05 09:32:44  C:\WINDOWS\system32\winpol .exe
----a-w			59,392 2008-01-05 11:56:08  C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
----a-w		   455,168 2008-01-05 11:56:06  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
</pre>


((((((((((((((((((((((((((((( [email protected]_ 8.33.32.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-04 16:35:33 49,152 ----a-r C:\WINDOWS\Installer\{17293791-C82E-476C-9997-9A0FF234A19B}\NewShortcut1_17293791C82E476C99979A0FF234A19B.exe
+ 2008-01-05 13:41:19 49,152 ----a-r C:\WINDOWS\Installer\{17293791-C82E-476C-9997-9A0FF234A19B}\NewShortcut1_17293791C82E476C99979A0FF234A19B.exe
- 2008-01-04 11:31:20 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe
+ 2008-01-05 13:17:15 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe
- 2008-01-04 11:31:20 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2008-01-05 13:17:16 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
- 2008-01-04 11:31:20 53,248 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
+ 2008-01-05 13:17:16 53,248 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
- 2007-10-23 22:57:44 295,606 -c--a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81000000003}\SC_Reader.exe
+ 2008-01-06 17:17:13 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81000000003}\SC_Reader.exe
- 2007-04-28 13:26:02 25,214 -c--a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\ARPPRODUCTICON.exe
+ 2008-01-06 17:55:31 25,214 ----a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\ARPPRODUCTICON.exe
- 2007-04-28 13:26:02 25,214 -c--a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\DS_CPL.exe
+ 2008-01-06 17:55:31 25,214 ----a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\DS_CPL.exe
- 2007-04-28 13:26:02 25,214 -c--a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\ITP_HCG.exe
+ 2008-01-06 17:55:31 25,214 ----a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\ITP_HCG.exe
- 2007-04-28 13:26:02 4,846 -c--a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\ITP_KeyboardUG.exe
+ 2008-01-06 17:55:31 4,846 ----a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\ITP_KeyboardUG.exe
- 2007-04-28 13:26:02 29,926 -c--a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\NewShortcut1_5D5B9E6A344C497695ABABBDC648E5DA.exe
+ 2008-01-06 17:55:31 29,926 ----a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\NewShortcut1_5D5B9E6A344C497695ABABBDC648E5DA.exe
- 2007-04-28 13:26:02 29,926 -c--a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\NewShortcut2_5D5B9E6A344C497695ABABBDC648E5DA.exe
+ 2008-01-06 17:55:31 29,926 ----a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\NewShortcut2_5D5B9E6A344C497695ABABBDC648E5DA.exe
- 2007-04-28 13:26:02 25,214 -c--a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\PGM_CPL.exe
+ 2008-01-06 17:55:31 25,214 ----a-r C:\WINDOWS\Installer\{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}\PGM_CPL.exe
- 2007-12-15 18:54:59 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-01-05 14:04:43 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-01-06 17:58:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_558.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838}]
2007-09-22 14:13 282624 --a------ C:\Program Files\Snap Visual Search\snapbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B}]
2007-12-05 12:32 397312 --a------ C:\Program Files\Snap Shots\snapbar5.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D32BC363-8D07-4DF2-9D81-F3EA37C283F6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{981FE6A8-260C-4930-960F-C3BC82746CB0}
{8CD8EA48-D284-477E-B6DF-85D1E39D855F}
{EF56413F-9398-4DF5-BC88-6FC3B227D5C5}
{92857633-2441-4A14-8236-DFCB97AD3E87}

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]
[HKEY_CLASSES_ROOT\TypeLib\{F57712B7-CEDB-4C0E-915B-4BB043CEF769}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8CD8EA48-D284-477E-B6DF-85D1E39D855F}"= C:\Program Files\Snap Shots\snapbar5.dll [2007-12-05 12:32 397312]

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]
[HKEY_CLASSES_ROOT\TypeLib\{F57712B7-CEDB-4C0E-915B-4BB043CEF769}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:44 140288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" [2003-10-14 10:52 2301952 C:\WINDOWS\CMICNFG.CPL]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 02:56 380416 C:\WINDOWS\system32\irprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 00:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 20:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 20:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 20:39 455168]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 17:36 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 20:17 443968]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Documents and Settings\Mercy.[bleep]\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-10-16 06:29:15]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-10-11 01:31 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:56]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl []
S3 XDva011;XDva011;C:\WINDOWS\system32\XDva011.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Setup.exe -auto

.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 07:16:55 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-31 18:30:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-06 22:58:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-06 17:56:41 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 18:11:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 18:20:09
ComboFix-quarantined-files.txt 2008-01-06 23:20:05
ComboFix2.txt 2008-01-05 13:34:06
.
2007-12-21 23:21:17 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:53 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mercy.[bleep]\My Documents\Other Stuff\Things to fix stuff\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pageflakes.com/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: KTBho Class - {25EDC164-41A6-47C3-80BD-5E4FBE1BA7AB} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: SnapToolbarHelper Class - {8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838} - C:\Program Files\Snap Visual Search\snapbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Program Files\Snap Shots\snapbar5.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Program Files\Snap Shots\snapbar5.dll
O3 - Toolbar: Snap Visual Search - {EF56413F-9398-4DF5-BC88-6FC3B227D5C5} - C:\Program Files\Snap Visual Search\snapbar.dll
O3 - Toolbar: Kaboodle Toolbar - {92857633-2441-4A14-8236-DFCB97AD3E87} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mercy.[bleep]\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1177758730765
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1177760519828
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaste...View22RTEv4.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com.../crusher-us.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)

--
End of file - 13861 bytes
  • 0

#5
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,


  • Download RenV.exe by sUBs to your desktop
  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as Log.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
----a-w            39,792 2008-01-05 12:16:05  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe----a-w            79,224 2008-01-05 11:56:12  C:\Program Files\Alwil Software\Avast4\ashDisp .exe----a-w           563,984 2008-01-05 12:16:16  C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe----a-w           480,256 2008-01-04 10:13:42  C:\Program Files\Curse\CurseClient .exe----a-w           140,288 2008-01-05 12:16:29  C:\Program Files\CursorXP\CursorXP .exe----a-w            40,960 2008-01-05 12:16:35  C:\Program Files\Free Download Manager\FUM\fumoei .exe----a-w            49,152 2008-01-05 12:16:23  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe----a-w           132,496 2008-01-05 12:16:04  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe----a-w         2,178,832 2008-01-05 12:16:30  C:\Program Files\Logitech\QuickCam\Quickcam .exe----a-w           813,912 2008-01-05 12:16:03  C:\Program Files\Microsoft IntelliType Pro\itype .exe----a-w           286,720 2008-01-06 22:36:07  C:\Program Files\QuickTime\qttask .exe----a-w         1,365,504 2008-01-03 18:44:21  C:\Program Files\Rainlendar2\Rainlendar2 .exe----a-w           987,187 2008-01-04 08:30:45  C:\Program Files\WinCustomize\LogonStudio\logonstudio .exe----a-w           224,248 2008-01-05 12:16:09  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe----a-w           208,952 2008-01-05 11:56:09  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE----a-w            15,360 2008-01-05 11:54:54  C:\WINDOWS\system32\ctfmon .exe----a-w            77,824 2008-01-05 09:32:46  C:\WINDOWS\system32\hkcmd .exe----a-w           114,688 2008-01-03 20:36:53  C:\WINDOWS\system32\igfxpers .exe----a-w            94,208 2008-01-05 09:32:47  C:\WINDOWS\system32\igfxtray .exe----a-w           397,312 2008-01-05 09:32:44  C:\WINDOWS\system32\winpol .exe----a-w            59,392 2008-01-05 11:56:08  C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe----a-w           455,168 2008-01-05 11:56:06  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

Posted Image


Refering to the picture above, drag Log.txt into RenV.exe and attach the resulting report to your reply.
  • 0

#6
Mistress Mercy

Mistress Mercy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ran on Mon 01/07/2008 -  3:31:48.00



----a-w			39,792 2008-01-05 12:16:05  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe

----a-w			79,224 2008-01-05 11:56:12  C:\Program Files\Alwil Software\Avast4\ashDisp .exe

----a-w		   563,984 2008-01-05 12:16:16  C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe

----a-w		   480,256 2008-01-04 10:13:42  C:\Program Files\Curse\CurseClient .exe

----a-w		   140,288 2008-01-05 12:16:29  C:\Program Files\CursorXP\CursorXP .exe

----a-w			40,960 2008-01-05 12:16:35  C:\Program Files\Free Download Manager\FUM\fumoei .exe

----a-w			49,152 2008-01-05 12:16:23  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe

----a-w		   132,496 2008-01-05 12:16:04  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe

----a-w		 2,178,832 2008-01-05 12:16:30  C:\Program Files\Logitech\QuickCam\Quickcam .exe

----a-w		   813,912 2008-01-05 12:16:03  C:\Program Files\Microsoft IntelliType Pro\itype .exe

----a-w		   286,720 2008-01-06 22:36:07  C:\Program Files\QuickTime\qttask .exe

----a-w		 1,365,504 2008-01-03 18:44:21  C:\Program Files\Rainlendar2\Rainlendar2 .exe

----a-w		   987,187 2008-01-04 08:30:45  C:\Program Files\WinCustomize\LogonStudio\logonstudio .exe

----a-w		   224,248 2008-01-05 12:16:09  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe

----a-w		   208,952 2008-01-05 11:56:09  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE

----a-w			15,360 2008-01-05 11:54:54  C:\WINDOWS\system32\ctfmon .exe

----a-w			77,824 2008-01-05 09:32:46  C:\WINDOWS\system32\hkcmd .exe

----a-w		   114,688 2008-01-03 20:36:53  C:\WINDOWS\system32\igfxpers .exe

----a-w			94,208 2008-01-05 09:32:47  C:\WINDOWS\system32\igfxtray .exe

----a-w		   397,312 2008-01-05 09:32:44  C:\WINDOWS\system32\winpol .exe

----a-w			59,392 2008-01-05 11:56:08  C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe

----a-w		   455,168 2008-01-05 11:56:06  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE



 Entries:			   22  (22)

 Directories:			0  Files:			22

 Bytes:		  8,805,459  Blocks:	   17,202

  • 0

#7
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.



Posted Image


Refering to the picture above, drag Log.txt into RenV.exe and attach the resulting report to your reply.
  • 0

#8
Mistress Mercy

Mistress Mercy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ran on Wed 01/09/2008 -  1:50:53.54



----a-w			39,792 2008-01-05 12:16:05  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe

----a-w			79,224 2008-01-05 11:56:12  C:\Program Files\Alwil Software\Avast4\ashDisp .exe

----a-w		   563,984 2008-01-05 12:16:16  C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe

----a-w		   480,256 2008-01-04 10:13:42  C:\Program Files\Curse\CurseClient .exe

----a-w		   140,288 2008-01-05 12:16:29  C:\Program Files\CursorXP\CursorXP .exe

----a-w			40,960 2008-01-05 12:16:35  C:\Program Files\Free Download Manager\FUM\fumoei .exe

----a-w			49,152 2008-01-05 12:16:23  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe

----a-w		   132,496 2008-01-05 12:16:04  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe

----a-w		 2,178,832 2008-01-05 12:16:30  C:\Program Files\Logitech\QuickCam\Quickcam .exe

----a-w		   813,912 2008-01-05 12:16:03  C:\Program Files\Microsoft IntelliType Pro\itype .exe

----a-w		   286,720 2008-01-06 22:36:07  C:\Program Files\QuickTime\qttask .exe

----a-w		 1,365,504 2008-01-09 03:18:43  C:\Program Files\Rainlendar2\Rainlendar2 .exe

----a-w		   987,187 2008-01-04 08:30:45  C:\Program Files\WinCustomize\LogonStudio\logonstudio .exe

----a-w		   224,248 2008-01-05 12:16:09  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe

----a-w		   208,952 2008-01-05 11:56:09  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE

----a-w			15,360 2008-01-05 11:54:54  C:\WINDOWS\system32\ctfmon .exe

----a-w			77,824 2008-01-05 09:32:46  C:\WINDOWS\system32\hkcmd .exe

----a-w		   114,688 2008-01-03 20:36:53  C:\WINDOWS\system32\igfxpers .exe

----a-w			94,208 2008-01-05 09:32:47  C:\WINDOWS\system32\igfxtray .exe

----a-w		   397,312 2008-01-05 09:32:44  C:\WINDOWS\system32\winpol .exe

----a-w			59,392 2008-01-05 11:56:08  C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe

----a-w		   455,168 2008-01-05 11:56:06  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE



 Entries:			   22  (22)

 Directories:			0  Files:			22

 Bytes:		  8,805,459  Blocks:	   17,202

  • 0

#9
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
For some reason its not working.
Please delete your old version of combofix and RenV, download a new version of Combofix from here:
http://subs.geekstog...ta/ComboFix.exe
Run a scan and post the report in a reply.
  • 0

#10
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP