Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware Infection on my Computer- Please Help

Started by Ammar , Jan 31 2008 11:20 PM

This topic is locked

#1
Ammar

Posted 31 January 2008 - 11:20 PM

Member

Member
119 posts

I have been having a problem with my computer for the past coupl eof weeks.
First I started getting errors such as the TMP3E7 is not a valid image on your diskette. And stuff like that. I would get lots of errors such as those.
Then I started getting spware and viruses. I have never gotten these for some reason, as I have been lucky, and didnt know what these things are. I am good with Computer but since I have never experienced this type of stufff Im tottaly lost.
I downloaded Ad- Aware to delete many of my infections and i have ran Norton Scans but I still get pop ups such as "Your Ccomputer Has Been Effected" and "A critical error could occur", and i read on a site once that these errors come from the spyware StorageProtector and everynow and again StroageProtector installs itself on the comp in Program Files and runs a scan. I am also gettin fake messages on my Desktop of "Help and Support" icons, and "Windows Update" Stuff.
These are the problems that I have and I am gettin Bad Image errors too
Some of the spyware I find on Task Messenger that ihave to end process are:
strpmon .exe
uccokw.exe
and many more
Please help me, and tell me what I need to do
I can post my Hijackthis Log once someone can tell me how to do that
I have created a System Restore point just incase
Thanks in Advance

#2
Rorschach112

Posted 01 February 2008 - 01:08 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3
Ammar

Posted 02 February 2008 - 04:49 AM

Member

Topic Starter
Member
119 posts

Hi there!
Thanks man in advance, heres my hijackthis log
first is main.txt and then comes exrta.txt
thanks once again

Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-02 03:37:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-02-02 02:46:37 UTC - RP542 - Deckard's System Scanner Restore Point
2: 2008-02-01 04:58:23 UTC - RP541 - Before Malware
1: 2008-02-01 01:10:21 UTC - RP540 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:00 AM, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Media\csrss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cricket.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.c...://ca.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrs.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: {98a33fab-a652-2039-c844-d0b8228d33a4} - {4a33d822-8b0d-448c-9302-256abaf33a89} - C:\WINDOWS\system32\rxqjkbxa.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Ares\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tgrcfyhl.dll
O2 - BHO: (no name) - {AB37AD5A-B0ED-4661-B04D-CEFDC5418EA3} - C:\WINDOWS\system32\ssqrs.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Ares\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\wvuttut.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Cricinfo Desktop Alerts] "C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [0e5b1d43] rundll32.exe "C:\WINDOWS\system32\gvfvnkao.dll",b
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(7)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(8)] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\ineen\ineen.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Ares\spyware doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ammarhakim.sp...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.zapak.com...h2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129506290012
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave...tg.1.0.0.33.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay10...ex/HMAtchmt.ocx
O20 - Winlogon Notify: tgrcfyhl - C:\WINDOWS\SYSTEM32\tgrcfyhl.dll
O20 - Winlogon Notify: wvuttut - wvuttut.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINDOWS\msstl.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ILT - Unknown owner - C:\WINDOWS\ilt.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Ares\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14389 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 NetworkX - c:\windows\system32\ckldrv.sys

S2 OMSCAN - \syse? (file missing)
S3 remon - c:\windows\system32\remon.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
R2 lxct_device - c:\windows\system32\lxctcoms.exe -service <Not Verified; ; Printer Communication System>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S2 BusinessContinuity (BusinessC) - "c:\windows\msstl.exe" (file missing)
S2 ILT - "c:\windows\ilt.exe" (file missing)
S2 SDhelper (PC Tools Spyware Doctor) - c:\program files\ares\spyware doctor\sdhelp.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 sdAuxService (PC Tools Auxiliary Service) - c:\program files\spyware doctor\pctsauxs.exe (file missing)
S3 sdCoreService (PC Tools Security Service) - c:\program files\spyware doctor\pctssvc.exe (file missing)
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-02-02 03:00:02 362 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-02-02 00:48:58 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-02-02 00:47:32 448 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-02-02 00:47:32 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-02-01 20:00:02 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-01-24 08:41:18 372 --a------ C:\WINDOWS\Tasks\RegCure.job

-- Files created between 2008-01-02 and 2008-02-02 -----------------------------

2008-02-02 03:42:19 0 d-------- C:\Program Files\Trend Micro
2008-02-02 03:38:38 7168 --a------ C:\WINDOWS\system32\windows
2008-02-01 17:14:45 92224 --a------ C:\WINDOWS\system32\cpmbyjhn.dll
2008-02-01 17:13:08 92736 --a------ C:\WINDOWS\system32\rxqjkbxa.dll
2008-01-31 21:31:42 7274496 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-30 00:13:41 290776 --ahs---- C:\WINDOWS\system32\srqss.ini2
2008-01-30 00:13:07 334848 --a------ C:\WINDOWS\system32\ssqrs.dll
2008-01-29 22:46:54 0 d--hs---- C:\FOUND.000
2008-01-29 17:49:00 0 d-------- C:\Documents and Settings\Owner\Application Data\storageprotector
2008-01-29 17:44:01 0 dr------- C:\Documents and Settings\All Users\Application Data\storageprotector
2008-01-29 17:42:31 0 d-------- C:\Program Files\Common Files\StorageProtector
2008-01-28 22:08:25 0 d-------- C:\Program Files\Youdagames
2008-01-28 15:37:39 0 d-------- C:\Documents and Settings\Owner\Application Data\Jasc Software Inc
2008-01-28 15:27:34 0 d-------- C:\Program Files\Jasc Software Inc
2008-01-28 15:17:57 338432 --a------ C:\WINDOWS\system32\ssqrs.exe
2008-01-28 15:14:03 0 d-------- C:\WINDOWS\etb
2008-01-28 14:51:40 11534336 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-01-27 15:04:17 7034368 --a------ C:\WINDOWS\system32\LXSUPMON.EXE
2008-01-27 03:01:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-01-27 02:58:04 0 d-------- C:\Program Files\Uniblue
2008-01-26 23:46:10 0 d-------- C:\Program Files\Lavasoft
2008-01-26 23:46:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 23:44:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 22:44:00 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-01-25 23:21:33 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-25 22:55:45 87104 --a------ C:\WINDOWS\system32\gvfvnkao.dll
2008-01-25 22:49:45 76352 --a------ C:\WINDOWS\system32\wjcdcaas.dll
2008-01-25 22:46:48 163904 --a------ C:\WINDOWS\system32\tgrcfyhl.dll
2008-01-25 22:46:45 163904 --a------ C:\WINDOWS\system32\jqichfnk.dll
2008-01-22 15:10:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Youdagames
2008-01-20 22:29:16 6928896 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-20 21:28:33 6695936 --a------ C:\WINDOWS\system32\LXSUPMON .EXE

-- Find3M Report ---------------------------------------------------------------

2007-12-09 20:27:50 0 d-------- C:\Program Files\USB Disk Win98 Driver
2007-12-03 22:40:42 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4a33d822-8b0d-448c-9302-256abaf33a89}]
01/02/2008 05:13 PM 92736 --a------ C:\WINDOWS\system32\rxqjkbxa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
25/01/2008 10:46 PM 163904 --a------ C:\WINDOWS\system32\tgrcfyhl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB37AD5A-B0ED-4661-B04D-CEFDC5418EA3}]
30/01/2008 12:13 AM 334848 --a------ C:\WINDOWS\system32\ssqrs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA16FE06-B462-470E-9653-79C54B1871FF}]
C:\WINDOWS\system32\wvuttut.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" []
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.exe" [02/02/2008 12:48 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/02/2008 12:49 AM]
"Athan"="C:\Program Files\Athan\Athan.exe" [02/02/2008 12:49 AM]
"RecSche"="C:\Program Files\TVR\RecSche.exe" []
"WinDVRCtrl"="C:\WINDOWS\WDVRCtrl.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [02/02/2008 12:49 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [02/02/2008 12:49 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/02/2008 12:50 AM]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE" [01/02/2008 05:12 PM]
"ScanRegistry"="C:\W" []
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [01/02/2008 05:12 PM]
"SiSPower"="SiSPower.dll" []
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [01/02/2008 05:13 PM]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [02/02/2008 12:51 AM]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [02/02/2008 12:52 AM]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [07/06/2006 05:09 AM]
"Cricinfo Desktop Alerts"="C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/02/2008 12:52 AM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [02/02/2008 12:53 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [02/02/2008 12:53 AM]
"USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [02/02/2008 12:53 AM]
"0e5b1d43"="C:\WINDOWS\system32\gvfvnkao.dll" [25/01/2008 10:55 PM]
"Salestart(1)"="C:\Program Files\Common Files\StorageProtector\strpmon .exe" [02/02/2008 12:53 AM]
"Salestart(2)"="C:\Program Files\Common Files\StorageProtector\strpmon .exe" [02/02/2008 12:53 AM]
"Salestart(3)"="C:\Program Files\Common Files\StorageProtector\strpmon .exe" [02/02/2008 12:53 AM]
"Salestart(4)"="C:\Program Files\Common Files\StorageProtector\strpmon .exe" [02/02/2008 12:53 AM]
"Salestart(5)"="C:\Program Files\Common Files\StorageProtector\strpmon .exe" [02/02/2008 12:53 AM]
"Salestart(6)"="C:\Program Files\Common Files\StorageProtector\strpmon .exe" []
"Salestart(7)"="C:\Program Files\Common Files\StorageProtector\strpmon .exe" []
"Salestart(8)"="C:\Program Files\Common Files\StorageProtector\strpmon.exe" [02/02/2008 12:53 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="C:\Program Files\ineen\ineen.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [02/02/2008 12:48 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/02/2008 12:48 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Spyware Doctor"="C:\Program Files\Ares\spyware doctor\swdoctor.exe" [02/02/2008 12:48 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Ares\Spyware Doctor\swdoctor.exe" /Q

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FA16FE06-B462-470E-9653-79C54B1871FF}"= C:\WINDOWS\system32\wvuttut.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe C:\WINDOWS\Media\csrss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tgrcfyhl]
tgrcfyhl.dll 25/01/2008 10:46 PM 163904 C:\WINDOWS\system32\tgrcfyhl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuttut]
wvuttut.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqrs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
C:\W

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System service75]
C:\WINDOWS\etb\pokapoka75.exe

-- Hosts -----------------------------------------------------------------------

127.0.0.1 NtKrnlpa.info
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD

61 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-02-02 03:47:43 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 511.49 MiB / 289.07 MiB
Pagefile Memory (total/avail): 1250.14 MiB / 879.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.45 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 29.29 GiB total, 6.62 GiB free.
D: is Fixed (FAT32) - 7.95 GiB total, 7.69 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is CDROM (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR 6L040J2 - 37.28 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 29.3 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 7.97 GiB - D:

\\.\PHYSICALDRIVE1 - Lexmark USB Mass Storage USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Cricinfo Desktop Alerts\\Cricinfo_Desktop_Alerts.exe"="C:\\Program Files\\Cricinfo Desktop Alerts\\Cricinfo_Desktop_Alerts.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Sop Cast\\SopCast.exe"="C:\\Program Files\\Sop Cast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\WINDOWS\\System32\\lxctcoms.exe"="C:\\WINDOWS\\System32\\lxctcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Cricinfo Desktop Alerts\\Cricinfo_Desktop_Alerts.exe"="C:\\Program Files\\Cricinfo Desktop Alerts\\Cricinfo_Desktop_Alerts.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\HelpCtr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CICERO-7QQKBJ5X
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\CICERO-7QQKBJ5X
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=CICERO-7QQKBJ5X
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Owner (admin)
Home (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 5.5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.5\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 5.5\Uninst.dll"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Ares 1.8.7 --> "C:\Program Files\Ares\uninstall.exe"
Athan Basic 3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Athan\irunin.ini"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AVIVO --> MsiExec.exe /X{5399ACAF-7B15-43D5-9233-4E797B184FD2}
AVS Video Converter 4.1.1.302 --> "C:\Program Files\AVSMedia\VideoConverter4\unins000.exe"
AVS Video Converter 4.3.1.370 --> "C:\Program Files\AVSMedia\VideoConverter4\unins001.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Barbie™ Explorer™ --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\BrbExpPCUn.exe
Baseball Mogul 2006 --> MsiExec.exe /I{24F218C7-37CA-4387-B1A4-5B19B5EAAB4F}
Baseball Mogul 2008 --> "C:\Documents and Settings\All Users\Application Data\{B9DFDEF4-3471-4379-BDBB-DEDA8A9809DF}\BB2K8-Setup.exe" REMOVE=TRUE MODIFY=FALSE
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Forms On CD - Landlords Rental Kit --> C:\WINDOWS\iun6002.exe "C:\Program Files\Forms On CD\Landlords Rental Kit\irunin.ini"
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Lexmark 5400 Series --> C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
Lexmark Supplies Monitor --> C:\WINDOWS\System32\LXSMUNIN.EXE
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
Lexmark Z23-Z33 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxaiUN5C.EXE -dLexmark Z23-Z33
LifeView 713X WDM Driver --> C:\WINDOWS\System32\Setup.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft AntiSpyware --> MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MotionView! Video Analysis Software by ALLSPORTSTEC (remove only) --> "C:\Program Files\MotionView\uninstall.exe"
Mozilla Firefox (1.5.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)"
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\mtbs.exe c
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Essentials --> MsiExec.exe /X{AAB93551-3FFE-42B2-8315-96252BBC1033}
Norton AntiVirus 2004 Professional --> MsiExec.exe /X{C6B28661-7910-442E-ADDD-72EAA8395380}
Norton AntiVirus 2004 Professional (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6B28661-7910-442E-ADDD-72EAA8395380}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem7.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SopCore 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Spyware Doctor 4.0 --> "C:\Program Files\Ares\Spyware Doctor\unins000.exe"
STOIK Capturer --> MsiExec.exe /X{CD7F9976-33AE-4C07-BAE5-FCB50CA6E371}
SuperVideoCap V5.39 Build 1690 --> "C:\Program Files\SuperVideoCap\unins000.exe"
SWiSH v2.0 --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH v2.0\uninstal.log
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims Makin' Magic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}\setup.exe" -l0009
USB Disk Win98 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF5EE349-90CD-4422-A43B-661778180173}\Setup.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Dj Studio 5.3 --> "C:\Program Files\VDJ5\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{F80BA35D-D1CD-4B8B-8129-9FC918F9D42D}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Youda Camper --> MsiExec.exe /I{3AA3CE5E-5CC3-406B-A84D-A6231C3721C9}

-- Application Event Log -------------------------------------------------------

Event Record #/Type533 / Error
Event Submitted/Written: 02/02/2008 00:50:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ssqrs.exe, version 0.0.0.0, faulting module ssqrs.exe, version 0.0.0.0, fault address 0x00004202.
Processing media-specific event for [ssqrs.exe!ws!]

Event Record #/Type523 / Error
Event Submitted/Written: 02/01/2008 05:13:42 PM / 02/01/2008 05:13:44 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ssqrs.exe, version 0.0.0.0, faulting module ssqrs.exe, version 0.0.0.0, fault address 0x00004202.
Processing media-specific event for [ssqrs.exe!ws!]

Event Record #/Type513 / Error
Event Submitted/Written: 01/31/2008 09:35:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ssqrs.exe, version 0.0.0.0, faulting module ssqrs.exe, version 0.0.0.0, fault address 0x00004202.
Processing media-specific event for [ssqrs.exe!ws!]

Event Record #/Type503 / Error
Event Submitted/Written: 01/31/2008 07:57:38 PM / 01/31/2008 07:57:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ssqrs.exe, version 0.0.0.0, faulting module ssqrs.exe, version 0.0.0.0, fault address 0x00004202.
Processing media-specific event for [ssqrs.exe!ws!]

Event Record #/Type490 / Error
Event Submitted/Written: 01/31/2008 04:32:25 PM / 01/31/2008 04:32:27 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ssqrs.exe, version 0.0.0.0, faulting module ssqrs.exe, version 0.0.0.0, fault address 0x00004202.
Processing media-specific event for [ssqrs.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type181519 / Error
Event Submitted/Written: 02/02/2008 03:41:14 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Microsoft cache control service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Event Record #/Type181517 / Error
Event Submitted/Written: 02/02/2008 03:41:06 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Microsoft cache control service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Event Record #/Type181515 / Error
Event Submitted/Written: 02/02/2008 03:40:43 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Microsoft cache control service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Event Record #/Type181509 / Error
Event Submitted/Written: 02/02/2008 03:18:25 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Microsoft cache control service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Event Record #/Type181507 / Error
Event Submitted/Written: 02/02/2008 03:18:15 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Microsoft cache control service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

-- End of Deckard's System Scanner: finished at 2008-02-02 03:47:43 ------------

#4
Rorschach112

Posted 02 February 2008 - 07:02 AM

Ralphie

Retired Staff
47,710 posts

Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#5
Ammar

Posted 02 February 2008 - 03:04 PM

Member

Topic Starter
Member
119 posts

Ok. Thanks alot. I have performed the combo fix scan and it said deleted files/folders:
6 different versions of strpmon .exe
storage protector
and windows
All of these above were the files that were creating problems and when I restarted my computer and logged back on, I didnt get any startup errors or bad image errors!!!!! Also the 6000+ files I had in C:/ drive are all gone!!
And in the Windows Task Messenger, the files that use to come up and were the spyware, didnt show up either!!!!

I have a question, Do I repost my Hijackthis log from my last post or do I create a new one by clicking the HijackThis program???
For now I have posted in the next post a new version of the HijackThis log by clicking the program and creating a new one.

Heres my ComboFix log:

ComboFix 08-02.03.1 - Owner 2008-02-02 13:15:16.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.251 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ssqrs.dll
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\Owner\Application Data\storageprotector
C:\Documents and Settings\Owner\Application Data\storageprotector\Logs\update.log
C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK .EXE
C:\PROGRA~1\NORTON~2\AdvTools\AdvChk.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD .exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Ares\spyware doctor\swdoctor .exe
C:\Program Files\Ares\spyware doctor\swdoctor.exe
C:\Program Files\Athan\Athan .exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\StorageProtector
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched .exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Lexmark 5400 Series\ezprint .exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Lexmark 5400 Series\fm3032 .exe
C:\Program Files\Lexmark 5400 Series\fm3032.exe
C:\Program Files\Lexmark 5400 Series\lxctmon .exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ .exe
C:\Program Files\Norton AntiVirus\AdvTools\ADVCHK .EXE
C:\Program Files\Norton AntiVirus\AdvTools\ADVCHK.EXE
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\system32\cpmbyjhn.dll
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\gvfvnkao.dll
C:\WINDOWS\system32\jqichfnk.dll
C:\WINDOWS\system32\LXSUPMON .EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nhjybmpc.ini
C:\WINDOWS\system32\oaknvfvg.ini
C:\WINDOWS\system32\rxqjkbxa.dll
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini2
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ssqrs.exe
C:\WINDOWS\system32\tgrcfyhl.dll
C:\WINDOWS\system32\tgrcfyhl.dll . . . . failed to delete
C:\WINDOWS\system32\tgrcfyhl.dllbox
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wjcdcaas.dll
C:\WINDOWS\UMStor\Res .EXE
C:\WINDOWS\UMStor\Res.EXE

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_REMON
-------\LEGACY_SFSYNC02
-------\remon
-------\sfsync02

((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-02 12:50 . 2008-02-02 12:50 338,432 --a------ C:\WINDOWS\system32\RCX468F.tmp
2008-02-02 12:46 . 2008-02-02 12:46 <DIR> d--hs---- C:\FOUND.001
2008-02-02 03:42 . 2008-02-02 03:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 19:45 . 2008-02-01 19:45 <DIR> d-------- C:\Deckard
2008-01-31 21:36 . 2008-01-31 21:36 338,432 --a------ C:\WINDOWS\system32\RCX416F.tmp
2008-01-31 16:33 . 2008-01-31 16:33 338,432 --a------ C:\WINDOWS\system32\RCX3C9C.tmp
2008-01-30 12:25 . 2008-01-30 12:25 338,432 --a------ C:\WINDOWS\system32\RCX3288.tmp
2008-01-29 22:51 . 2008-01-29 22:51 338,432 --a------ C:\WINDOWS\system32\RCX3218.tmp
2008-01-29 22:46 . 2008-01-29 22:46 <DIR> d--hs---- C:\FOUND.000
2008-01-29 18:55 . 2008-01-29 18:55 338,432 --a------ C:\WINDOWS\system32\RCX315C.tmp
2008-01-28 22:08 . 2008-01-28 22:08 <DIR> d-------- C:\Program Files\Youdagames
2008-01-28 15:37 . 2008-01-28 15:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jasc Software Inc
2008-01-28 15:27 . 2008-01-28 15:27 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-01-28 15:20 . 2008-01-28 15:20 338,432 --a------ C:\WINDOWS\system32\RCX285E.tmp
2008-01-28 15:14 . 2008-01-28 15:14 <DIR> d-------- C:\WINDOWS\etb
2008-01-28 13:36 . 2008-01-13 20:07 955 --a------ C:\WINDOWS\win.tmp
2008-01-28 13:36 . 2007-12-03 22:41 258 --a------ C:\WINDOWS\system.tmp
2008-01-28 13:32 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-01-28 13:32 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-01-27 03:01 . 2008-01-27 03:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-01-27 02:58 . 2008-01-27 02:58 <DIR> d-------- C:\Program Files\Uniblue
2008-01-26 23:46 . 2008-01-26 23:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-26 23:46 . 2008-01-26 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 23:44 . 2008-01-26 23:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 22:44 . 2008-01-26 22:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-01-26 22:44 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-26 22:44 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-26 22:44 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-26 22:44 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-25 23:21 . 2008-01-25 23:21 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-25 22:46 . 2008-02-02 13:25 163,904 --------- C:\WINDOWS\system32\tgrcfyhl.dll
2008-01-22 15:10 . 2008-01-22 15:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Youdagames
2008-01-19 21:01 . 2007-01-15 05:03 782,336 -ra------ C:\WINDOWS\system32\tmp1FD.tmp
2008-01-07 18:08 . 2007-01-15 05:03 782,336 -ra------ C:\WINDOWS\system32\tmp6C.tmp
2008-01-05 13:25 . 2007-01-15 05:03 782,336 -ra------ C:\WINDOWS\system32\tmpF4.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 18:32 76,288 ----a-w C:\WINDOWS\Media\csrss.exe
2007-12-24 18:40 --------- d-----w C:\Documents and Settings\Home\Application Data\Yahoo!
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-10 03:27 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-12-04 01:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-04 01:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-09-29 18:27 32,640 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2002-03-13 05:07 9,474 ----a-w C:\Program Files\myth.nfo
2000-02-03 17:51 22,016 ----a-w C:\Documents and Settings\Owner\TRAINER.EXE
1999-09-18 18:17 15,128 ----a-w C:\Documents and Settings\Owner\WUNPACK.EXE
.

<pre>
----a-w		 1,885,464 2008-01-27 10:11:44  C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
</pre>

Files Infected - Win32.Agent.zb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-02 13:25 163904 --------- C:\WINDOWS\system32\tgrcfyhl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="C:\Program Files\ineen\ineen.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"Spyware Doctor"="C:\Program Files\Ares\spyware doctor\swdoctor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [ ]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"Athan"="C:\Program Files\Athan\Athan.exe" [ ]
"RecSche"="C:\Program Files\TVR\RecSche.exe" [ ]
"WinDVRCtrl"="C:\WINDOWS\WDVRCtrl.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE" [ ]
"ScanRegistry"="C:\W" [ ]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"SiSPower"="SiSPower.dll" []
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [ ]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [ ]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [ ]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 05:09 106496]
"Cricinfo Desktop Alerts"="C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe" [ ]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]
"Spyware Doctor"="C:\Program Files\Ares\Spyware Doctor\swdoctor.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tgrcfyhl]
tgrcfyhl.dll 2008-02-02 13:25 163904 C:\WINDOWS\system32\tgrcfyhl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuttut]
wvuttut.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
C:\W

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System service75]
C:\WINDOWS\etb\pokapoka75.exe

R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys [2005-07-01 12:01]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [2002-08-14 06:03]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S2 BusinessContinuity;BusinessC;"C:\WINDOWS\msstl.exe" []
S2 ILT;ILT;"C:\WINDOWS\ilt.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 20:31:12 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-02-02 03:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/task:
"2008-01-24 15:41:18 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-02 20:30:48 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-02 10:00:02 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-02 20:30:48 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 13:31:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tgrcfyhl.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-02-02 13:36:10 - machine was rebooted
ComboFix-quarantined-files

Edited by Ammar, 02 February 2008 - 03:09 PM.

#6
Ammar

Posted 02 February 2008 - 03:09 PM

Member

Topic Starter
Member
119 posts

Heres my HijackTHis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:27 PM, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cricket.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.c...://ca.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Ares\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tgrcfyhl.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Ares\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Cricinfo Desktop Alerts] "C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\ineen\ineen.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Ares\spyware doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ammarhakim.sp...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.zapak.com...h2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129506290012
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave...tg.1.0.0.33.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay10...ex/HMAtchmt.ocx
O20 - Winlogon Notify: tgrcfyhl - C:\WINDOWS\SYSTEM32\tgrcfyhl.dll
O20 - Winlogon Notify: wvuttut - wvuttut.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINDOWS\msstl.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ILT - Unknown owner - C:\WINDOWS\ilt.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Ares\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12024 bytes

#7
Rorschach112

Posted 03 February 2008 - 10:48 AM

Ralphie

Retired Staff
47,710 posts

Bit more to do

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\system32\RCX468F.tmp
C:\WINDOWS\system32\RCX416F.tmp
C:\WINDOWS\system32\RCX3C9C.tmp
C:\WINDOWS\system32\RCX3288.tmp
C:\WINDOWS\system32\RCX3218.tmp
C:\WINDOWS\system32\RCX315C.tmp
C:\WINDOWS\system32\RCX285E.tmp
C:\WINDOWS\system32\tgrcfyhl.dll
C:\WINDOWS\system32\tgrcfyhl.dll
C:\WINDOWS\etb\pokapoka75.exe

Folder::
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\FOUND.000
C:\FOUND.001

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System service75]

Driver::
BusinessContinuity
ILT

RenV::
----a-w 1,885,464 2008-01-27 10:11:44 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\WINDOWS\Media\csrss.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

#8
Ammar

Posted 03 February 2008 - 12:51 PM

Member

Topic Starter
Member
119 posts

Just one question, as i am sort of scared to go into safe mode and do this kind of stuff.
Should I create a System Restore Point before i do this stuff?
Also once I have got the report after going into safe mode, then should I do the copy paste and combo fix stuff or should i do it before?
thanks

#9
Rorschach112

Posted 03 February 2008 - 01:03 PM

Ralphie

Retired Staff
47,710 posts

You don't need to worry about doing these steps, they are perfectly safe

Do them in the order they are posted, so SDFix first then ComboFix

#10
Ammar

Posted 03 February 2008 - 07:13 PM

Member

Topic Starter
Member
119 posts

Hey,
Just making sure as I am bieng very carefull
Are you sure SDfix wont cause any problems to my computer?, because I have read that it is a program only trained people should use.
Also I have installed SDfix and at the end of installation it is saying, Some Installation Files are corrupt, please try installing again. Although the file SDfix is created in my C:/ folder.

Edited by Ammar, 03 February 2008 - 07:25 PM.

#11
Rorschach112

Posted 04 February 2008 - 07:34 AM

Ralphie

Retired Staff
47,710 posts

I am 100% positive nothing bad will happen

Delete SDFix.exe and it's folder then re-download and run it again

#12
Ammar

Posted 04 February 2008 - 06:39 PM

Member

Topic Starter
Member
119 posts

Hey! Thanks alot,
I went through with the SDfix in safe mode. And this is the SDfix report. I saved this as Report.txt. I will post the other stuff you asked me to do in my next post. After I logged back on my computer, Theres a message from windows security alert saying your computer is not virus protected. Just wanted to ask you what I should do about it. Thanks alot.

SDFix: Version 1.136

Run by Owner on 04/02/2008 at 05:27 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\TFTP1028 - Deleted
C:\WINDOWS\system32\TFTP540 - Deleted
C:\WINDOWS\system32\TFTP1808 - Deleted
C:\WINDOWS\system32\TFTP1148 - Deleted
C:\WINDOWS\system32\tmp8C.tmp - Deleted
C:\WINDOWS\system32\tmpF4.tmp - Deleted
C:\WINDOWS\system32\tmp6C.tmp - Deleted
C:\WINDOWS\system32\tmp1FD.tmp - Deleted
C:\WINDOWS\system32\i - Deleted

Removing Temp Files...

ADS Check:

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 17:33:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 19 Jan 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 2 Feb 2008 6,656 A..H. --- "C:\System Volume Information\_restore{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP547\A0225158.exe"
Sat 2 Feb 2008 1,024 A..H. --- "C:\System Volume Information\_restore{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP547\A0225159.sys"
Tue 22 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT39.tmp"
Fri 12 Nov 2004 45,912 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Fri 25 Jan 2008 85,504 A.SH. --- "C:\Deckard\System Scanner\20080202033705\backup\DOCUME~1\Owner\LOCALS~1\Temp\qgdnlhqg.exe"

Finished!

#13
Rorschach112

Posted 04 February 2008 - 06:47 PM

Ralphie

Retired Staff
47,710 posts

Don't worry about that message

Continue on with the rest of the steps

#14
Ammar

Posted 04 February 2008 - 06:57 PM

Member

Topic Starter
Member
119 posts

Here my log from ComboFix after combining the two.
I was getting a message from Norton saying Suspiocios Malware durign the scan and it led to C:\combofix\svcdrv.vbs. I clicked ok and the log came up. Thanks alot

ComboFix 08-02.03.1 - Owner 2008-02-04 17:42:15.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.203 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\etb\pokapoka75.exe
C:\WINDOWS\system32\RCX285E.tmp
C:\WINDOWS\system32\RCX315C.tmp
C:\WINDOWS\system32\RCX3218.tmp
C:\WINDOWS\system32\RCX3288.tmp
C:\WINDOWS\system32\RCX3C9C.tmp
C:\WINDOWS\system32\RCX416F.tmp
C:\WINDOWS\system32\RCX468F.tmp
C:\WINDOWS\system32\tgrcfyhl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\FOUND.000
C:\FOUND.000\FILE0000.CHK
C:\FOUND.001
C:\FOUND.001\FILE0000.CHK
C:\FOUND.001\FILE0001.CHK
C:\FOUND.001\FILE0002.CHK
C:\FOUND.001\FILE0003.CHK
C:\FOUND.001\FILE0004.CHK
C:\FOUND.001\FILE0005.CHK
C:\FOUND.001\FILE0006.CHK
C:\FOUND.001\FILE0007.CHK
C:\WINDOWS\system32\RCX285E.tmp
C:\WINDOWS\system32\RCX315C.tmp
C:\WINDOWS\system32\RCX3218.tmp
C:\WINDOWS\system32\RCX3288.tmp
C:\WINDOWS\system32\RCX3C9C.tmp
C:\WINDOWS\system32\RCX416F.tmp
C:\WINDOWS\system32\RCX468F.tmp

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_BUSINESSCONTINUITY
-------\LEGACY_ILT
-------\BusinessContinuity
-------\ILT

((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-04 17:25 . 2008-02-04 17:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-04 17:13 . 2008-02-02 19:01 <DIR> d-------- C:\SDFix
2008-02-03 02:00 . 2008-02-03 02:00 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-02 03:42 . 2008-02-02 03:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 19:45 . 2008-02-01 19:45 <DIR> d-------- C:\Deckard
2008-01-28 22:08 . 2008-01-28 22:08 <DIR> d-------- C:\Program Files\Youdagames
2008-01-28 15:37 . 2008-01-28 15:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jasc Software Inc
2008-01-28 15:27 . 2008-01-28 15:27 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-01-28 15:14 . 2008-01-28 15:14 <DIR> d-------- C:\WINDOWS\etb
2008-01-28 13:36 . 2008-01-13 20:07 955 --a------ C:\WINDOWS\win.tmp
2008-01-28 13:36 . 2007-12-03 22:41 258 --a------ C:\WINDOWS\system.tmp
2008-01-28 13:32 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-01-28 13:32 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-01-27 03:01 . 2008-01-27 03:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-01-27 02:58 . 2008-01-27 02:58 <DIR> d-------- C:\Program Files\Uniblue
2008-01-26 23:46 . 2008-01-26 23:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-26 23:46 . 2008-01-26 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 23:44 . 2008-01-26 23:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 22:44 . 2008-01-26 22:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-01-26 22:44 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-26 22:44 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-26 22:44 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-26 22:44 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-22 15:10 . 2008-01-22 15:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Youdagames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 18:32 76,288 ----a-w C:\WINDOWS\Media\csrss.exe
2007-12-24 18:40 --------- d-----w C:\Documents and Settings\Home\Application Data\Yahoo!
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-10 03:27 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-09-29 18:27 32,640 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2002-03-13 05:07 9,474 ----a-w C:\Program Files\myth.nfo
2000-02-03 17:51 22,016 ----a-w C:\Documents and Settings\Owner\TRAINER.EXE
1999-09-18 18:17 15,128 ----a-w C:\Documents and Settings\Owner\WUNPACK.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="C:\Program Files\ineen\ineen.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-01-27 03:11 1885464]
"Spyware Doctor"="C:\Program Files\Ares\spyware doctor\swdoctor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"Athan"="C:\Program Files\Athan\Athan.exe" [ ]
"RecSche"="C:\Program Files\TVR\RecSche.exe" [ ]
"WinDVRCtrl"="C:\WINDOWS\WDVRCtrl.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE" [ ]
"ScanRegistry"="C:\W" [ ]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"SiSPower"="SiSPower.dll" []
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [ ]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [ ]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [ ]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 05:09 106496]
"Cricinfo Desktop Alerts"="C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe" [ ]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]
"Spyware Doctor"="C:\Program Files\Ares\Spyware Doctor\swdoctor.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tgrcfyhl]
tgrcfyhl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuttut]
wvuttut.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 00:51:06 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-02-02 03:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/task:
"2008-01-24 15:41:18 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-05 00:49:48 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-02 10:00:02 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-05 00:49:48 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-05 00:52:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 17:50:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
.
**************************************************************************
.
Completion time: 2008-02-04 17:55:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-05 00:55:18
ComboFix2.txt 2008-02-02 20:36:12
.
2008-01-22 21:10:37 --- E O F ---

#15
Ammar

Posted 04 February 2008 - 07:08 PM

Member

Topic Starter
Member
119 posts

File csrss.exe received on 02.05.2008 01:58:50 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 26/31 (83.88%)

Antivirus Version Last Update Result
AhnLab-V3 2008.2.5.10 2008.02.04 Win32/Virut.B
AntiVir 7.6.0.62 2008.02.04 W32/Virut.AX
Authentium 4.93.8 2008.02.04 W32/Virut.7116
Avast 4.7.1098.0 2008.02.04 Win32:Virtob
AVG 7.5.0.516 2008.02.04 Win32/Virut
BitDefender 7.2 2008.02.05 Win32.Virtob.BQ
CAT-QuickHeal 9.00 2008.02.04 W32.Virut.Z
ClamAV 0.92 2008.02.05 W32.Virut-17
DrWeb 4.44.0.09170 2008.02.04 Win32.Virut.30
eTrust-Vet 31.3.5511 2008.02.04 Win32/Virut.7115
Ewido 4.0 2008.02.04 -
FileAdvisor 1 2008.02.05 -
Fortinet 3.14.0.0 2008.02.04 -
F-Prot 4.4.2.54 2008.02.04 W32/VB-Backdoor-ESVR-based!Maximus
F-Secure 6.70.13260.0 2008.02.04 W32/Virut.AG
Ikarus T3.1.1.20 2008.02.05 Virus.Win32.Virut.av
Kaspersky 7.0.0.125 2008.02.05 Virus.Win32.Virut.av
McAfee 5222 2008.02.04 W32/Virut.gen.a
Microsoft 1.3204 2008.02.04 Virus:Win32/Virut.AC
NOD32v2 2848 2008.02.04 Win32/Virut.AV
Norman 5.80.02 2008.02.04 W32/Virut.AG
Panda 9.0.0.4 2008.02.04 W32/Virutas.Z
Prevx1 V2 2008.02.05 -
Rising 20.29.22.00 2008.01.30 Win32.Virut.an
Sophos 4.26.0 2008.02.04 W32/Virut-W
Sunbelt 2.2.907.0 2008.02.02 VIPRE.Suspicious
Symantec 10 2008.02.05 W32.Virut.W
TheHacker 6.2.9.208 2008.02.04 -
VBA32 3.12.6.0 2008.02.03 Virus.Win32.Virut.2
VirusBuster 4.3.26:9 2008.02.04 Win32.Virut.Gen.4
Webwasher-Gateway 6.6.2 2008.02.04 Win32.Virut.AX
Additional information
File size: 76288 bytes
MD5: 2f0abb63486a65d5475b68827f5087e1
SHA1: 5382aec3c93850064ca2d01e94309f89a8b5ea83
PEiD: -
packers: UPX
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.