[A_Orange]

Hi this is my first time to post and i would like to say thanks for doing this!

I really don't know the name of the virus, but what it does is that it prevents the user to open any application. During startup my antivirus programs are closed automatically. And it makes 240kb copies of files with the same name as to the folder where it copies itself with Description: Generic Host Process for Win32 Services on it. I can't even surf the net since it switches to the desktop every time I have an active one. Closes everything and reloads when I use my start menu. Well, i think it does that...

Please help me with this! I really need to work on my computer. I have a poect to finish. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:37 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\diagnose.exe
C:\WINDOWS\TEMP\RarSFX36\folder.exe
C:\WINDOWS\systen32\svchost.exe
C:\WINDOWS\diagnose.exe
C:\WINDOWS\TEMP\RarSFX37\folder.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\transmit.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\transmit.exe
C:\WINDOWS\diagnose.exe
C:\WINDOWS\TEMP\RarSFX38\folder.exe
C:\Documents and Settings\joey\Desktop\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 156.5.106.252:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=explorer.exe transmit.exe
F2 - REG:system.ini: UserInit=userinit.exe,mma.bat
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ultimate Defender.install] "C:\Documents and Settings\joey\Local Settings\Temporary Internet Files\Content.IE5\CA36V60I\UDefender_Installer[1].exe" continue
O4 - HKUS\S-1-5-18\..\Run: [XdriveTray] "C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe" /trayicon (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [XdriveTray] "C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe" /trayicon (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q306&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.f...bal/msc3121.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10298 bytes

Edited by A_Orange, 01 February 2008 - 03:40 AM.

[Advertisements]

Hello A_Orange

Welcome to G2Go.
===================
It appears that 2 antivirus programs are running.
Please uninstall one.
Having 2 will cause conflicts within the Operating system alone.
=============================================
After that Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=================================================================
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)
==================================
After that please post a new Hiackthis in addition to the dr Web log.

[kahdah]

Hello A_Orange

Welcome to G2Go.
===================
It appears that 2 antivirus programs are running.
Please uninstall one.
Having 2 will cause conflicts within the Operating system alone.
=============================================
After that Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=================================================================
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)
==================================
After that please post a new Hiackthis in addition to the dr Web log.

[A_Orange]

i can't seem to run dr.web cure it... it closes at the splash screen

[A_Orange]

my bad. i forgot to uninstall one antivirus... sorry.. i'l post the result shorlty...

[A_Orange]

Dr Web Save File

msdtc.exe;c:\windows\system32;Modification of BackDoor.Generic.981;Moved.;
.exe;C:\;Modification of BackDoor.Generic.981;Moved.;
mma.vbs;C:\;VBS.Generic.570;Deleted.;
FileEditor.exe;C:\Dev-Cpp\Examples;Modification of BackDoor.Generic.981;Moved.;
Hello.exe;C:\Dev-Cpp\Examples;Modification of BackDoor.Generic.981;Moved.;
Jackpot.exe;C:\Dev-Cpp\Examples;Modification of BackDoor.Generic.981;Moved.;
MDIApp.exe;C:\Dev-Cpp\Examples;Modification of BackDoor.Generic.981;Moved.;
OpenGL.exe;C:\Dev-Cpp\Examples;Modification of BackDoor.Generic.981;Moved.;
Simpwin.exe;C:\Dev-Cpp\Examples;Modification of BackDoor.Generic.981;Moved.;
WinAnim.exe;C:\Dev-Cpp\Examples;Modification of BackDoor.Generic.981;Moved.;
WinMenu.exe;C:\Dev-Cpp\Examples;Modification of BackDoor.Generic.981;Moved.;
WinTest.exe;C:\Dev-Cpp\Examples;Modification of BackDoor.Generic.981;Moved.;
FileEditor.exe;C:\Dev-Cpp\Examples\FileEditor;Modification of BackDoor.Generic.981;Moved.;
Hello.exe;C:\Dev-Cpp\Examples\Hello;Modification of BackDoor.Generic.981;Moved.;
Jackpot.exe;C:\Dev-Cpp\Examples\Jackpot;Modification of BackDoor.Generic.981;Moved.;
MdiApp.exe;C:\Dev-Cpp\Examples\MDIApp;Modification of BackDoor.Generic.981;Moved.;
OpenGL.exe;C:\Dev-Cpp\Examples\OpenGL;Modification of BackDoor.Generic.981;Moved.;
Simpwin.exe;C:\Dev-Cpp\Examples\Simpwin;Modification of BackDoor.Generic.981;Moved.;
WinAnim.exe;C:\Dev-Cpp\Examples\WinAnim;Modification of BackDoor.Generic.981;Moved.;
WinMenu.exe;C:\Dev-Cpp\Examples\WinMenu;Modification of BackDoor.Generic.981;Moved.;
WinTest.exe;C:\Dev-Cpp\Examples\WinTest;Modification of BackDoor.Generic.981;Moved.;
c++.exe;C:\Dev-Cpp\include;Modification of BackDoor.Generic.981;Moved.;
ddk.exe;C:\Dev-Cpp\include;Modification of BackDoor.Generic.981;Moved.;
GL.exe;C:\Dev-Cpp\include;Modification of BackDoor.Generic.981;Moved.;
sys.exe;C:\Dev-Cpp\include;Modification of BackDoor.Generic.981;Moved.;
c++.exe;C:\Dev-Cpp\include\c++;Modification of BackDoor.Generic.981;Moved.;
ddk.exe;C:\Dev-Cpp\include\ddk;Modification of BackDoor.Generic.981;Moved.;
GL.exe;C:\Dev-Cpp\include\GL;Modification of BackDoor.Generic.981;Moved.;
sys.exe;C:\Dev-Cpp\include\sys;Modification of BackDoor.Generic.981;Moved.;
debug.exe;C:\Dev-Cpp\lib;Modification of BackDoor.Generic.981;Moved.;
gcc.exe;C:\Dev-Cpp\lib;Modification of BackDoor.Generic.981;Moved.;
debug.exe;C:\Dev-Cpp\lib\debug;Modification of BackDoor.Generic.981;Moved.;
gcc.exe;C:\Dev-Cpp\lib\gcc;Modification of BackDoor.Generic.981;Moved.;
gcc.exe;C:\Dev-Cpp\libexec;Modification of BackDoor.Generic.981;Moved.;
gcc.exe;C:\Dev-Cpp\libexec\gcc;Modification of BackDoor.Generic.981;Moved.;
bin.exe;C:\Dev-Cpp\mingw32;Modification of BackDoor.Generic.981;Moved.;
lib.exe;C:\Dev-Cpp\mingw32;Modification of BackDoor.Generic.981;Moved.;
bin.exe;C:\Dev-Cpp\mingw32\bin;Modification of BackDoor.Generic.981;Moved.;
lib.exe;C:\Dev-Cpp\mingw32\lib;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\Administrator;Modification of BackDoor.Generic.981;Moved.;
Cookies.exe;C:\Documents and Settings\Administrator;Modification of BackDoor.Generic.981;Moved.;
Favorites.exe;C:\Documents and Settings\Administrator;Modification of BackDoor.Generic.981;Moved.;
Local Settings.exe;C:\Documents and Settings\Administrator;Modification of BackDoor.Generic.981;Moved.;
My Documents.exe;C:\Documents and Settings\Administrator;Modification of BackDoor.Generic.981;Moved.;
NetHood.exe;C:\Documents and Settings\Administrator;Modification of BackDoor.Generic.981;Moved.;
PrintHood.exe;C:\Documents and Settings\Administrator;Modification of BackDoor.Generic.981;Moved.;
Recent.exe;C:\Documents and Settings\Administrator;Modification of BackDoor.Generic.981;Moved.;
SendTo.exe;C:\Documents and Settings\Administrator;Modification of BackDoor.Generic.981;Moved.;
Start Menu.exe;C:\Documents and Settings\Administrator;Modification of BackDoor.Generic.981;Moved.;
Templates.exe;C:\Documents and Settings\Administrator;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\Administrator\Application Data;Modification of BackDoor.Generic.981;Moved.;
Favorites.exe;C:\Documents and Settings\Administrator\Favorites;Modification of BackDoor.Generic.981;Moved.;
Local Settings.exe;C:\Documents and Settings\Administrator\Local Settings;Modification of BackDoor.Generic.981;Moved.;
My Documents.exe;C:\Documents and Settings\Administrator\My Documents;Modification of BackDoor.Generic.981;Moved.;
NetHood.exe;C:\Documents and Settings\Administrator\NetHood;Modification of BackDoor.Generic.981;Moved.;
PrintHood.exe;C:\Documents and Settings\Administrator\PrintHood;Modification of BackDoor.Generic.981;Moved.;
Recent.exe;C:\Documents and Settings\Administrator\Recent;Modification of BackDoor.Generic.981;Moved.;
SendTo.exe;C:\Documents and Settings\Administrator\SendTo;Modification of BackDoor.Generic.981;Moved.;
Start Menu.exe;C:\Documents and Settings\Administrator\Start Menu;Modification of BackDoor.Generic.981;Moved.;
Templates.exe;C:\Documents and Settings\Administrator\Templates;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\All Users;Modification of BackDoor.Generic.981;Moved.;
Documents.exe;C:\Documents and Settings\All Users;Modification of BackDoor.Generic.981;Moved.;
DRM.exe;C:\Documents and Settings\All Users;Modification of BackDoor.Generic.981;Moved.;
Favorites.exe;C:\Documents and Settings\All Users;Modification of BackDoor.Generic.981;Moved.;
Start Menu.exe;C:\Documents and Settings\All Users;Modification of BackDoor.Generic.981;Moved.;
Templates.exe;C:\Documents and Settings\All Users;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\All Users\Application Data;Modification of BackDoor.Generic.981;Moved.;
169F3D06.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Worm.Peerav;Incurable.Moved.;
240503D6.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Pakucks;Deleted.;
51D8273B.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Worm.Peerav;Incurable.Moved.;
Documents.exe;C:\Documents and Settings\All Users\Documents;Modification of BackDoor.Generic.981;Moved.;
DRM.exe;C:\Documents and Settings\All Users\DRM;Modification of BackDoor.Generic.981;Moved.;
Favorites.exe;C:\Documents and Settings\All Users\Favorites;Modification of BackDoor.Generic.981;Moved.;
Start Menu.exe;C:\Documents and Settings\All Users\Start Menu;Modification of BackDoor.Generic.981;Moved.;
Templates.exe;C:\Documents and Settings\All Users\Templates;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\Default User;Modification of BackDoor.Generic.981;Moved.;
Cookies.exe;C:\Documents and Settings\Default User;Modification of BackDoor.Generic.981;Moved.;
Favorites.exe;C:\Documents and Settings\Default User;Modification of BackDoor.Generic.981;Moved.;
Local Settings.exe;C:\Documents and Settings\Default User;Modification of BackDoor.Generic.981;Moved.;
My Documents.exe;C:\Documents and Settings\Default User;Modification of BackDoor.Generic.981;Moved.;
NetHood.exe;C:\Documents and Settings\Default User;Modification of BackDoor.Generic.981;Moved.;
PrintHood.exe;C:\Documents and Settings\Default User;Modification of BackDoor.Generic.981;Moved.;
Recent.exe;C:\Documents and Settings\Default User;Modification of BackDoor.Generic.981;Moved.;
SendTo.exe;C:\Documents and Settings\Default User;Modification of BackDoor.Generic.981;Moved.;
Start Menu.exe;C:\Documents and Settings\Default User;Modification of BackDoor.Generic.981;Moved.;
Templates.exe;C:\Documents and Settings\Default User;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\Default User\Application Data;Modification of BackDoor.Generic.981;Moved.;
Favorites.exe;C:\Documents and Settings\Default User\Favorites;Modification of BackDoor.Generic.981;Moved.;
Local Settings.exe;C:\Documents and Settings\Default User\Local Settings;Modification of BackDoor.Generic.981;Moved.;
My Documents.exe;C:\Documents and Settings\Default User\My Documents;Modification of BackDoor.Generic.981;Moved.;
NetHood.exe;C:\Documents and Settings\Default User\NetHood;Modification of BackDoor.Generic.981;Moved.;
PrintHood.exe;C:\Documents and Settings\Default User\PrintHood;Modification of BackDoor.Generic.981;Moved.;
Recent.exe;C:\Documents and Settings\Default User\Recent;Modification of BackDoor.Generic.981;Moved.;
SendTo.exe;C:\Documents and Settings\Default User\SendTo;Modification of BackDoor.Generic.981;Moved.;
Start Menu.exe;C:\Documents and Settings\Default User\Start Menu;Modification of BackDoor.Generic.981;Moved.;
Templates.exe;C:\Documents and Settings\Default User\Templates;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Bluetooth Software.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
ChikkaDefault.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Cookies.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
DoctorWeb.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Favorites.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
History.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Incomplete.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Local Settings.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
logs.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
My Documents.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
NetHood.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Phone Browser.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
PrintHood.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Recent.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
SendTo.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Shared.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Start Menu.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Templates.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Temporary Internet Files.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
UserData.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
WINDOWS.exe;C:\Documents and Settings\joey;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\joey\Application Data;Modification of BackDoor.Generic.981;Moved.;
Bluetooth Software.exe;C:\Documents and Settings\joey\Bluetooth Software;Modification of BackDoor.Generic.981;Moved.;
ChikkaDefault.exe;C:\Documents and Settings\joey\ChikkaDefault;Modification of BackDoor.Generic.981;Moved.;
DoctorWeb.exe;C:\Documents and Settings\joey\DoctorWeb;Modification of BackDoor.Generic.981;Moved.;
Favorites.exe;C:\Documents and Settings\joey\Favorites;Modification of BackDoor.Generic.981;Moved.;
History.exe;C:\Documents and Settings\joey\History;Modification of BackDoor.Generic.981;Moved.;
Incomplete.exe;C:\Documents and Settings\joey\Incomplete;Modification of BackDoor.Generic.981;Moved.;
Local Settings.exe;C:\Documents and Settings\joey\Local Settings;Modification of BackDoor.Generic.981;Moved.;
logs.exe;C:\Documents and Settings\joey\logs;Modification of BackDoor.Generic.981;Moved.;
My Documents.exe;C:\Documents and Settings\joey\My Documents;Modification of BackDoor.Generic.981;Moved.;
NetHood.exe;C:\Documents and Settings\joey\NetHood;Modification of BackDoor.Generic.981;Moved.;
Phone Browser.exe;C:\Documents and Settings\joey\Phone Browser;Modification of BackDoor.Generic.981;Moved.;
PrintHood.exe;C:\Documents and Settings\joey\PrintHood;Modification of BackDoor.Generic.981;Moved.;
Recent.exe;C:\Documents and Settings\joey\Recent;Modification of BackDoor.Generic.981;Moved.;
SendTo.exe;C:\Documents and Settings\joey\SendTo;Modification of BackDoor.Generic.981;Moved.;
Shared.exe;C:\Documents and Settings\joey\Shared;Modification of BackDoor.Generic.981;Moved.;
Start Menu.exe;C:\Documents and Settings\joey\Start Menu;Modification of BackDoor.Generic.981;Moved.;
Templates.exe;C:\Documents and Settings\joey\Templates;Modification of BackDoor.Generic.981;Moved.;
Temporary Internet Files.exe;C:\Documents and Settings\joey\Temporary Internet Files;Modification of BackDoor.Generic.981;Moved.;
ShowFolder[3].htm;C:\Documents and Settings\joey\Temporary Internet Files\Content.IE5\BHYA06ON;Win32.HLLM.Graz;Deleted.;
ShowFolder[2].htm;C:\Documents and Settings\joey\Temporary Internet Files\Content.IE5\SVR5AIWO;Win32.HLLM.Graz;Deleted.;
UserData.exe;C:\Documents and Settings\joey\UserData;Modification of BackDoor.Generic.981;Moved.;
WINDOWS.exe;C:\Documents and Settings\joey\WINDOWS;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\LocalService;Modification of BackDoor.Generic.981;Moved.;
Cookies.exe;C:\Documents and Settings\LocalService;Modification of BackDoor.Generic.981;Moved.;
Favorites.exe;C:\Documents and Settings\LocalService;Modification of BackDoor.Generic.981;Moved.;
History.exe;C:\Documents and Settings\LocalService;Modification of BackDoor.Generic.981;Moved.;
Local Settings.exe;C:\Documents and Settings\LocalService;Modification of BackDoor.Generic.981;Moved.;
Start Menu.exe;C:\Documents and Settings\LocalService;Modification of BackDoor.Generic.981;Moved.;
Temporary Internet Files.exe;C:\Documents and Settings\LocalService;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\LocalService\Application Data;Modification of BackDoor.Generic.981;Moved.;
Favorites.exe;C:\Documents and Settings\LocalService\Favorites;Modification of BackDoor.Generic.981;Moved.;
History.exe;C:\Documents and Settings\LocalService\History;Modification of BackDoor.Generic.981;Moved.;
Local Settings.exe;C:\Documents and Settings\LocalService\Local Settings;Modification of BackDoor.Generic.981;Moved.;
Start Menu.exe;C:\Documents and Settings\LocalService\Start Menu;Modification of BackDoor.Generic.981;Moved.;
Temporary Internet Files.exe;C:\Documents and Settings\LocalService\Temporary Internet Files;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\NetworkService;Modification of BackDoor.Generic.981;Moved.;
Cookies.exe;C:\Documents and Settings\NetworkService;Modification of BackDoor.Generic.981;Moved.;
Local Settings.exe;C:\Documents and Settings\NetworkService;Modification of BackDoor.Generic.981;Moved.;
Application Data.exe;C:\Documents and Settings\NetworkService\Application Data;Modification of BackDoor.Generic.981;Moved.;
Local Settings.exe;C:\Documents and Settings\NetworkService\Local Settings;Modification of BackDoor.Generic.981;Moved.;
Worms 4 Mayhem.exe;C:\Games\Codemasters;Modification of BackDoor.Generic.981;Moved.;
artwork.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
bkground.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
cabinets.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
cfg.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
cpanel.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
ctrlr.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
diff.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
docs.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
flyers.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
folders.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
hi.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
icons.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
ini.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
inp.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
marquees.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
memcard.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
nvram.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
roms.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
samples.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
snap.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
sta.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
titles.exe;C:\Games\Mame32v103;Modification of BackDoor.Generic.981;Moved.;
artwork.exe;C:\Games\Mame32v103\artwork;Modification of BackDoor.Generic.981;Moved.;
bkground.exe;C:\Games\Mame32v103\bkground;Modification of BackDoor.Generic.981;Moved.;
cabinets.exe;C:\Games\Mame32v103\cabinets;Modification of BackDoor.Generic.981;Moved.;
cfg.exe;C:\Games\Mame32v103\cfg;Modification of BackDoor.Generic.981;Moved.;
cpanel.exe;C:\Games\Mame32v103\cpanel;Modification of BackDoor.Generic.981;Moved.;
ctrlr.exe;C:\Games\Mame32v103\ctrlr;Modification of BackDoor.Generic.981;Moved.;
diff.exe;C:\Games\Mame32v103\diff;Modification of BackDoor.Generic.981;Moved.;
docs.exe;C:\Games\Mame32v103\docs;Modification of BackDoor.Generic.981;Moved.;
flyers.exe;C:\Games\Mame32v103\flyers;Modification of BackDoor.Generic.981;Moved.;
folders.exe;C:\Games\Mame32v103\folders;Modification of BackDoor.Generic.981;Moved.;
hi.exe;C:\Games\Mame32v103\hi;Modification of BackDoor.Generic.981;Moved.;
icons.exe;C:\Games\Mame32v103\icons;Modification of BackDoor.Generic.981;Moved.;
ini.exe;C:\Games\Mame32v103\ini;Modification of BackDoor.Generic.981;Moved.;
inp.exe;C:\Games\Mame32v103\inp;Modification of BackDoor.Generic.981;Moved.;
marquees.exe;C:\Games\Mame32v103\marquees;Modification of BackDoor.Generic.981;Moved.;
memcard.exe;C:\Games\Mame32v103\memcard;Modification of BackDoor.Generic.981;Moved.;
nvram.exe;C:\Games\Mame32v103\nvram;Modification of BackDoor.Generic.981;Moved.;
roms.exe;C:\Games\Mame32v103\roms;Modification of BackDoor.Generic.981;Moved.;
samples.exe;C:\Games\Mame32v103\samples;Modification of BackDoor.Generic.981;Moved.;
snap.exe;C:\Games\Mame32v103\snap;Modification of BackDoor.Generic.981;Moved.;
sta.exe;C:\Games\Mame32v103\sta;Modification of BackDoor.Generic.981;Moved.;
titles.exe;C:\Games\Mame32v103\titles;Modification of BackDoor.Generic.981;Moved.;
Fable - The Lost Chapters.exe;C:\Games\Microsoft Games;Modification of BackDoor.Generic.981;Moved.;
Fable - The Lost Chapters.exe;C:\Games\Microsoft Games\Fable - The Lost Chapters;Modification of BackDoor.Generic.981;Moved.;
1.exe;C:\i386\ASMS;Modification of BackDoor.Generic.981;Moved.;
10.exe;C:\i386\ASMS;Modification of BackDoor.Generic.981;Moved.;
1000.exe;C:\i386\ASMS;Modification of BackDoor.Generic.981;Moved.;
2.exe;C:\i386\ASMS;Modification of BackDoor.Generic.981;Moved.;
5100.exe;C:\i386\ASMS;Modification of BackDoor.Generic.981;Moved.;
52.exe;C:\i386\ASMS;Modification of BackDoor.Generic.981;Moved.;
60.exe;C:\i386\ASMS;Modification of BackDoor.Generic.981;Moved.;
6000.exe;C:\i386\ASMS;Modification of BackDoor.Generic.981;Moved.;
70.exe;C:\i386\ASMS;Modification of BackDoor.Generic.981;Moved.;
7000.exe;C:\i386\ASMS;Modification of BackDoor.Generic.981;Moved.;
1.exe;C:\i386\ASMS\1;Modification of BackDoor.Generic.981;Moved.;
10.exe;C:\i386\ASMS\10;Modification of BackDoor.Generic.981;Moved.;
1000.exe;C:\i386\ASMS\1000;Modification of BackDoor.Generic.981;Moved.;
2.exe;C:\i386\ASMS\2;Modification of BackDoor.Generic.981;Moved.;
5100.exe;C:\i386\ASMS\5100;Modification of BackDoor.Generic.981;Moved.;
52.exe;C:\i386\ASMS\52;Modification of BackDoor.Generic.981;Moved.;
60.exe;C:\i386\ASMS\60;Modification of BackDoor.Generic.981;Moved.;
6000.exe;C:\i386\ASMS\6000;Modification of BackDoor.Generic.981;Moved.;
70.exe;C:\i386\ASMS\70;Modification of BackDoor.Generic.981;Moved.;
7000.exe;C:\i386\ASMS\7000;Modification of BackDoor.Generic.981;Moved.;
1033.exe;C:\i386\DRW;Modification of BackDoor.Generic.981;Moved.;
1033.exe;C:\i386\DRW\1033;Modification of BackDoor.Generic.981;Moved.;
Acrobat 6.0.exe;C:\Program Files\Adobe;Modification of BackDoor.Generic.981;Moved.;
Acrobat 7.0.exe;C:\Program Files\Adobe;Modification of BackDoor.Generic.981;Moved.;
Adobe Bridge CS3.exe;C:\Program Files\Adobe;Modification of BackDoor.Generic.981;Moved.;
Adobe Device Central CS3.exe;C:\Program Files\Adobe;Modification of BackDoor.Generic.981;Moved.;
Adobe Help Viewer.exe;C:\Program Files\Adobe;Modification of BackDoor.Generic.981;Moved.;
Adobe Photoshop CS3.exe;C:\Program Files\Adobe;Modification of BackDoor.Generic.981;Moved.;
Adobe Stock Photos CS3.exe;C:\Program Files\Adobe;Modification of BackDoor.Generic.981;Moved.;
Adobe Utilities.exe;C:\Program Files\Adobe;Modification of BackDoor.Generic.981;Moved.;
Reader 8.0.exe;C:\Program Files\Adobe;Modification of BackDoor.Generic.981;Moved.;
Acrobat 6.0.exe;C:\Program Files\Adobe\Acrobat 6.0;Modification of BackDoor.Generic.981;Moved.;
Acrobat 7.0.exe;C:\Program Files\Adobe\Acrobat 7.0;Modification of BackDoor.Generic.981;Moved.;
Adobe Bridge CS3.exe;C:\Program Files\Adobe\Adobe Bridge CS3;Modification of BackDoor.Generic.981;Moved.;
Adobe Device Central CS3.exe;C:\Program Files\Adobe\Adobe Device Central CS3;Modification of BackDoor.Generic.981;Moved.;
Adobe Help Viewer.exe;C:\Program Files\Adobe\Adobe Help Viewer;Modification of BackDoor.Generic.981;Moved.;
Adobe Photoshop CS3.exe;C:\Program Files\Adobe\Adobe Photoshop CS3;Modification of BackDoor.Generic.981;Moved.;
Adobe Stock Photos CS3.exe;C:\Program Files\Adobe\Adobe Stock Photos CS3;Modification of BackDoor.Generic.981;Moved.;
Adobe Utilities.exe;C:\Program Files\Adobe\Adobe Utilities;Modification of BackDoor.Generic.981;Moved.;
Reader 8.0.exe;C:\Program Files\Adobe\Reader 8.0;Modification of BackDoor.Generic.981;Moved.;
Avast4.exe;C:\Program Files\Alwil Software;Modification of BackDoor.Generic.981;Moved.;
Avast4.exe;C:\Program Files\Alwil Software\Avast4;Modification of BackDoor.Generic.981;Moved.;
backup.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
Data Links.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
Drv.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
en-US.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
Fonts.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
Help.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
Plot Styles.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
Plotters.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
Sample.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
Support.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
Template.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
Textures.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
UserDataCache.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
WebDepot.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
WebServices.exe;C:\Program Files\AutoCAD 2006;Modification of BackDoor.Generic.981;Moved.;
backup.exe;C:\Program Files\AutoCAD 2006\backup;Modification of BackDoor.Generic.981;Moved.;
Data Links.exe;C:\Program Files\AutoCAD 2006\Data Links;Modification of BackDoor.Generic.981;Moved.;
Drv.exe;C:\Program Files\AutoCAD 2006\Drv;Modification of BackDoor.Generic.981;Moved.;
en-US.exe;C:\Program Files\AutoCAD 2006\en-US;Modification of BackDoor.Generic.981;Moved.;
Fonts.exe;C:\Program Files\AutoCAD 2006\Fonts;Modification of BackDoor.Generic.981;Moved.;
Help.exe;C:\Program Files\AutoCAD 2006\Help;Modification of BackDoor.Generic.981;Moved.;
Plot Styles.exe;C:\Program Files\AutoCAD 2006\Plot Styles;Modification of BackDoor.Generic.981;Moved.;
Plotters.exe;C:\Program Files\AutoCAD 2006\Plotters;Modification of BackDoor.Generic.981;Moved.;
Sample.exe;C:\Program Files\AutoCAD 2006\Sample;Modification of BackDoor.Generic.981;Moved.;
Support.exe;C:\Program Files\AutoCAD 2006\Support;Modification of BackDoor.Generic.981;Moved.;
Template.exe;C:\Program Files\AutoCAD 2006\Template;Modification of BackDoor.Generic.981;Moved.;
Textures.exe;C:\Program Files\AutoCAD 2006\Textures;Modification of BackDoor.Generic.981;Moved.;
UserDataCache.exe;C:\Program Files\AutoCAD 2006\UserDataCache;Modification of BackDoor.Generic.981;Moved.;
WebDepot.exe;C:\Program Files\AutoCAD 2006\WebDepot;Modification of BackDoor.Generic.981;Moved.;
WebServices.exe;C:\Program Files\AutoCAD 2006\WebServices;Modification of BackDoor.Generic.981;Moved.;
Autodesk DWF Viewer.exe;C:\Program Files\Autodesk;Modification of BackDoor.Generic.981;Moved.;
Autodesk DWF Viewer.exe;C:\Program Files\Autodesk\Autodesk DWF Viewer;Modification of BackDoor.Generic.981;Moved.;
CAL.exe;C:\Program Files\Canon;Modification of BackDoor.Generic.981;Moved.;
CameraWindow.exe;C:\Program Files\Canon;Modification of BackDoor.Generic.981;Moved.;
CSCLIB.exe;C:\Program Files\Canon;Modification of BackDoor.Generic.981;Moved.;
EOS Utility.exe;C:\Program Files\Canon;Modification of BackDoor.Generic.981;Moved.;
G726Decoder.exe;C:\Program Files\Canon;Modification of BackDoor.Generic.981;Moved.;
PhotoStitch.exe;C:\Program Files\Canon;Modification of BackDoor.Generic.981;Moved.;
RAW Image Task.exe;C:\Program Files\Canon;Modification of BackDoor.Generic.981;Moved.;
ZoomBrowser EX.exe;C:\Program Files\Canon;Modification of BackDoor.Generic.981;Moved.;
CAL.exe;C:\Program Files\Canon\CAL;Modification of BackDoor.Generic.981;Moved.;
CameraWindow.exe;C:\Program Files\Canon\CameraWindow;Modification of BackDoor.Generic.981;Moved.;
CSCLIB.exe;C:\Program Files\Canon\CSCLIB;Modification of BackDoor.Generic.981;Moved.;
EOS Utility.exe;C:\Program Files\Canon\EOS Utility;Modification of BackDoor.Generic.981;Moved.;
G726Decoder.exe;C:\Program Files\Canon\G726Decoder;Modification of BackDoor.Generic.981;Moved.;
PhotoStitch.exe;C:\Program Files\Canon\PhotoStitch;Modification of BackDoor.Generic.981;Moved.;
RAW Image Task.exe;C:\Program Files\Canon\RAW Image Task;Modification of BackDoor.Generic.981;Moved.;
ZoomBrowser EX.exe;C:\Program Files\Canon\ZoomBrowser EX;Modification of BackDoor.Generic.981;Moved.;
Chikka v.4.exe;C:\Program Files\Chikka Messenger;Modification of BackDoor.Generic.981;Moved.;
Chikka v.4.exe;C:\Program Files\Chikka Messenger\Chikka v.4;Modification of BackDoor.Generic.981;Moved.;
Adobe.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Autodesk Shared.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Borland Shared.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Canon.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
DESIGNER.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
DirectX.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
EasyInfo.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
HP.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
InstallShield.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Java.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
LightScribe.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Macrovision Shared.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Microsoft Shared.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
MSSoap.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
muvee Technologies.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Nero.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Nokia.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Oberon Media.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
ODBC.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
PCSuite.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Real.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Services.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Sonic Shared.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
SpeechEngines.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Stardock.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
SureThing Shared.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Symantec Shared.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
System.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
TiVo Shared.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Wextech Shared.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Wise Installation Wizard.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
xing shared.exe;C:\Program Files\Common Files;Modification of BackDoor.Generic.981;Moved.;
Adobe.exe;C:\Program Files\Common Files\Adobe;Modification of BackDoor.Generic.981;Moved.;
Autodesk Shared.exe;C:\Program Files\Common Files\Autodesk Shared;Modification of BackDoor.Generic.981;Moved.;
Borland Shared.exe;C:\Program Files\Common Files\Borland Shared;Modification of BackDoor.Generic.981;Moved.;
Canon.exe;C:\Program Files\Common Files\Canon;Modification of BackDoor.Generic.981;Moved.;
DESIGNER.exe;C:\Program Files\Common Files\DESIGNER;Modification of BackDoor.Generic.981;Moved.;
DirectX.exe;C:\Program Files\Common Files\DirectX;Modification of BackDoor.Generic.981;Moved.;
EasyInfo.exe;C:\Program Files\Common Files\EasyInfo;Modification of BackDoor.Generic.981;Moved.;
HP.exe;C:\Program Files\Common Files\HP;Modification of BackDoor.Generic.981;Moved.;
InstallShield.exe;C:\Program Files\Common Files\InstallShield;Modification of BackDoor.Generic.981;Moved.;
Java.exe;C:\Program Files\Common Files\Java;Modification of BackDoor.Generic.981;Moved.;
LightScribe.exe;C:\Program Files\Common Files\LightScribe;Modification of BackDoor.Generic.981;Moved.;
Macrovision Shared.exe;C:\Program Files\Common Files\Macrovision Shared;Modification of BackDoor.Generic.981;Moved.;
Microsoft Shared.exe;C:\Program Files\Common Files\Microsoft Shared;Modification of BackDoor.Generic.981;Moved.;
MSSoap.exe;C:\Program Files\Common Files\MSSoap;Modification of BackDoor.Generic.981;Moved.;
muvee Technologies.exe;C:\Program Files\Common Files\muvee Technologies;Modification of BackDoor.Generic.981;Moved.;
Nero.exe;C:\Program Files\Common Files\Nero;Modification of BackDoor.Generic.981;Moved.;
Nokia.exe;C:\Program Files\Common Files\Nokia;Modification of BackDoor.Generic.981;Moved.;
Oberon Media.exe;C:\Program Files\Common Files\Oberon Media;Modification of BackDoor.Generic.981;Moved.;
ODBC.exe;C:\Program Files\Common Files\ODBC;Modification of BackDoor.Generic.981;Moved.;
PCSuite.exe;C:\Program Files\Common Files\PCSuite;Modification of BackDoor.Generic.981;Moved.;
Real.exe;C:\Program Files\Common Files\Real;Modification of BackDoor.Generic.981;Moved.;
Services.exe;C:\Program Files\Common Files\Services;Modification of BackDoor.Generic.981;Moved.;
Sonic Shared.exe;C:\Program Files\Common Files\Sonic Shared;Modification of BackDoor.Generic.981;Moved.;
SpeechEngines.exe;C:\Program Files\Common Files\SpeechEngines;Modification of BackDoor.Generic.981;Moved.;
Stardock.exe;C:\Program Files\Common Files\Stardock;Modification of BackDoor.Generic.981;Moved.;
SureThing Shared.exe;C:\Program Files\Common Files\SureThing Shared;Modification of BackDoor.Generic.981;Moved.;
Symantec Shared.exe;C:\Program Files\Common Files\Symantec Shared;Modification of BackDoor.Generic.981;Moved.;
System.exe;C:\Program Files\Common Files\System;Modification of BackDoor.Generic.981;Moved.;
TiVo Shared.exe;C:\Program Files\Common Files\TiVo Shared;Modification of BackDoor.Generic.981;Moved.;
Wextech Shared.exe;C:\Program Files\Common Files\Wextech Shared;Modification of BackDoor.Generic.981;Moved.;
Wise Installation Wizard.exe;C:\Program Files\Common Files\Wise Installation Wizard;Modification of BackDoor.Generic.981;Moved.;
xing shared.exe;C:\Program Files\Common Files\xing shared;Modification of BackDoor.Generic.981;Moved.;
{21D61CE6-A517-11D1-9D8B-0020781039AF}.exe;C:\Program Files\ComPlus Applications;Modification of BackDoor.Generic.981;Moved.;
{21D61CE6-A517-11D1-9D8B-0020781039AF}.exe;C:\Program Files\ComPlus Applications\{21D61CE6-A517-11D1-9D8B-0020781039AF};Modification of BackDoor.Generic.981;Moved.;
CNXT_HDAUDIO.exe;C:\Program Files\CONEXANT;Modification of BackDoor.Generic.981;Moved.;
CNXT_MODEM_HDAUDIO_wis30B2m.exe;C:\Program Files\CONEXANT;Modification of BackDoor.Generic.981;Moved.;
SmartAudio.exe;C:\Program Files\CONEXANT;Modification of BackDoor.Generic.981;Moved.;
CNXT_HDAUDIO.exe;C:\Program Files\CONEXANT\CNXT_HDAUDIO;Modification of BackDoor.Generic.981;Moved.;
CNXT_MODEM_HDAUDIO_wis30B2m.exe;C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_wis30B2m;Modification of BackDoor.Generic.981;Moved.;
SmartAudio.exe;C:\Program Files\CONEXANT\SmartAudio;Modification of BackDoor.Generic.981;Moved.;
Greeting Card Magic.exe;C:\Program Files\Cosmi;Modification of BackDoor.Generic.981;Moved.;
Greeting Card Magic.exe;C:\Program Files\Cosmi\Greeting Card Magic;Modification of BackDoor.Generic.981;Moved.;
CD Ripping Wizard.exe;C:\Program Files\Creative;Modification of BackDoor.Generic.981;Moved.;
Creative Mass Storage Drivers.exe;C:\Program Files\Creative;Modification of BackDoor.Generic.981;Moved.;
Creative Zen Neeon.exe;C:\Program Files\Creative;Modification of BackDoor.Generic.981;Moved.;
Product Registration.exe;C:\Program Files\Creative;Modification of BackDoor.Generic.981;Moved.;
Shared Files.exe;C:\Program Files\Creative;Modification of BackDoor.Generic.981;Moved.;
Support.exe;C:\Program Files\Creative;Modification of BackDoor.Generic.981;Moved.;
Sync Manager.exe;C:\Program Files\Creative;Modification of BackDoor.Generic.981;Moved.;
CD Ripping Wizard.exe;C:\Program Files\Creative\CD Ripping Wizard;Modification of BackDoor.Generic.981;Moved.;
Creative Mass Storage Drivers.exe;C:\Program Files\Creative\Creative Mass Storage Drivers;Modification of BackDoor.Generic.981;Moved.;
Creative Zen Neeon.exe;C:\Program Files\Creative\Creative Zen Neeon;Modification of BackDoor.Generic.981;Moved.;
Product Registration.exe;C:\Program Files\Creative\Product Registration;Modification of BackDoor.Generic.981;Moved.;
Shared Files.exe;C:\Program Files\Creative\Shared Files;Modification of BackDoor.Generic.981;Moved.;
Support.exe;C:\Program Files\Creative\Support;Modification of BackDoor.Generic.981;Moved.;
Sync Manager.exe;C:\Program Files\Creative\Sync Manager;Modification of BackDoor.Generic.981;Moved.;
Lang.exe;C:\Program Files\DAEMON Tools Pro;Modification of BackDoor.Generic.981;Moved.;
Plugins.exe;C:\Program Files\DAEMON Tools Pro;Modification of BackDoor.Generic.981;Moved.;
Sound.exe;C:\Program Files\DAEMON Tools Pro;Modification of BackDoor.Generic.981;Moved.;
Lang.exe;C:\Program Files\DAEMON Tools Pro\Lang;Modification of BackDoor.Generic.981;Moved.;
Plugins.exe;C:\Program Files\DAEMON Tools Pro\Plugins;Modification of BackDoor.Generic.981;Moved.;
Sound.exe;C:\Program Files\DAEMON Tools Pro\Sound;Modification of BackDoor.Generic.981;Moved.;
cache.exe;C:\Program Files\ESET;Modification of BackDoor.Generic.981;Moved.;
infected.exe;C:\Program Files\ESET;Modification of BackDoor.Generic.981;Moved.;
Install.exe;C:\Program Files\ESET;Modification of BackDoor.Generic.981;Moved.;
logs.exe;C:\Program Files\ESET;Modification of BackDoor.Generic.981;Moved.;
Setup.exe;C:\Program Files\ESET;Modification of BackDoor.Generic.981;Moved.;
updfiles.exe;C:\Program Files\ESET;Modification of BackDoor.Generic.981;Moved.;
cache.exe;C:\Program Files\ESET\cache;Modification of BackDoor.Generic.981;Moved.;
infected.exe;C:\Program Files\ESET\infected;Modification of BackDoor.Generic.981;Moved.;
Install.exe;C:\Program Files\ESET\Install;Modification of BackDoor.Generic.981;Moved.;
logs.exe;C:\Program Files\ESET\logs;Modification of BackDoor.Generic.981;Moved.;
setup.exe;C:\Program Files\ESET\Setup;Modification of BackDoor.Generic.981;Moved.;
updfiles.exe;C:\Program Files\ESET\updfiles;Modification of BackDoor.Generic.981;Moved.;
Archive.exe;C:\Program Files\Free Download Manager;Modification of BackDoor.Generic.981;Moved.;
Firefox.exe;C:\Program Files\Free Download Manager;Modification of BackDoor.Generic.981;Moved.;
FUM.exe;C:\Program Files\Free Download Manager;Modification of BackDoor.Generic.981;Moved.;
Help.exe;C:\Program Files\Free Download Manager;Modification of BackDoor.Generic.981;Moved.;
Language.exe;C:\Program Files\Free Download Manager;Modification of BackDoor.Generic.981;Moved.;
Server.exe;C:\Program Files\Free Download Manager;Modification of BackDoor.Generic.981;Moved.;
Skins.exe;C:\Program Files\Free Download Manager;Modification of BackDoor.Generic.981;Moved.;
Archive.exe;C:\Program Files\Free Download Manager\Archive;Modification of BackDoor.Generic.981;Moved.;
Firefox.exe;C:\Program Files\Free Download Manager\Firefox;Modification of BackDoor.Generic.981;Moved.;
fum.exe;C:\Program Files\Free Download Manager\FUM;Modification of BackDoor.Generic.981;Moved.;
Help.exe;C:\Program Files\Free Download Manager\Help;Modification of BackDoor.Generic.981;Moved.;
Language.exe;C:\Program Files\Free Download Manager\Language;Modification of BackDoor.Generic.981;Moved.;
Server.exe;C:\Program Files\Free Download Manager\Server;Modification of BackDoor.Generic.981;Moved.;
Skins.exe;C:\Program Files\Free Download Manager\Skins;Modification of BackDoor.Generic.981;Moved.;
Common.exe;C:\Program Files\Google;Modification of BackDoor.Generic.981;Moved.;
Gmail Notifier.exe;C:\Program Files\Google;Modification of BackDoor.Generic.981;Moved.;
Google Earth.exe;C:\Program Files\Google;Modification of BackDoor.Generic.981;Moved.;
Common.exe;C:\Program Files\Google\Common;Modification of BackDoor.Generic.981;Moved.;
Gmail Notifier.exe;C:\Program Files\Google\Gmail Notifier;Modification of BackDoor.Generic.981;Moved.;
Google Earth.exe;C:\Program Files\Google\Google Earth;Modification of BackDoor.Generic.981;Moved.;
BrandIt.exe;C:\Program Files\Hewlett-Packard;Modification of BackDoor.Generic.981;Moved.;
Easy Internet signup.exe;C:\Program Files\Hewlett-Packard;Modification of BackDoor.Generic.981;Moved.;
eSupportDiags.exe;C:\Program Files\Hewlett-Packard;Modification of BackDoor.Generic.981;Moved.;
HP Info Center.exe;C:\Program Files\Hewlett-Packard;Modification of BackDoor.Generic.981;Moved.;
HP Quick Launch Buttons.exe;C:\Program Files\Hewlett-Packard;Modification of BackDoor.Generic.981;Moved.;
HP User Guides 0027.exe;C:\Program Files\Hewlett-Packard;Modification of BackDoor.Generic.981;Moved.;
SDP.exe;C:\Program Files\Hewlett-Packard;Modification of BackDoor.Generic.981;Moved.;
Shared.exe;C:\Program Files\Hewlett-Packard;Modification of BackDoor.Generic.981;Moved.;
BrandIt.exe;C:\Program Files\Hewlett-Packard\BrandIt;Modification of BackDoor.Generic.981;Moved.;
Easy Internet signup.exe;C:\Program Files\Hewlett-Packard\Easy Internet signup;Modification of BackDoor.Generic.981;Moved.;
eSupportDiags.exe;C:\Program Files\Hewlett-Packard\eSupportDiags;Modification of BackDoor.Generic.981;Moved.;
HP Info Center.exe;C:\Program Files\Hewlett-Packard\HP Info Center;Modification of BackDoor.Generic.981;Moved.;
HP Quick Launch Buttons.exe;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons;Modification of BackDoor.Generic.981;Moved.;
HP User Guides 0027.exe;C:\Program Files\Hewlett-Packard\HP User Guides 0027;Modification of BackDoor.Generic.981;Moved.;
SDP.exe;C:\Program Files\Hewlett-Packard\SDP;Modification of BackDoor.Generic.981;Moved.;
Shared.exe;C:\Program Files\Hewlett-Packard\Shared;Modification of BackDoor.Generic.981;Moved.;
Digital Imaging.exe;C:\Program Files\Hp;Modification of BackDoor.Generic.981;Moved.;
HP Software Update.exe;C:\Program Files\Hp;Modification of BackDoor.Generic.981;Moved.;
QuickPlay.exe;C:\Program Files\Hp;Modification of BackDoor.Generic.981;Moved.;
Temp.exe;C:\Program Files\Hp;Modification of BackDoor.Generic.981;Moved.;
Digital Imaging.exe;C:\Program Files\Hp\Digital Imaging;Modification of BackDoor.Generic.981;Moved.;
HP Software Update.exe;C:\Program Files\Hp\HP Software Update;Modification of BackDoor.Generic.981;Moved.;
QuickPlay.exe;C:\Program Files\Hp\QuickPlay;Modification of BackDoor.Generic.981;Moved.;
Temp.exe;C:\Program Files\Hp\Temp;Modification of BackDoor.Generic.981;Moved.;
Default Settings.exe;C:\Program Files\HPQ;Modification of BackDoor.Generic.981;Moved.;
ESU.exe;C:\Program Files\HPQ;Modification of BackDoor.Generic.981;Moved.;
HP Help and Support.exe;C:\Program Files\HPQ;Modification of BackDoor.Generic.981;Moved.;
HP Wireless Assistant.exe;C:\Program Files\HPQ;Modification of BackDoor.Generic.981;Moved.;
MSCU.exe;C:\Program Files\HPQ;Modification of BackDoor.Generic.981;Moved.;
My Product Name.exe;C:\Program Files\HPQ;Modification of BackDoor.Generic.981;Moved.;
SEDInst.exe;C:\Program Files\HPQ;Modification of BackDoor.Generic.981;Moved.;
Shared.exe;C:\Program Files\HPQ;Modification of BackDoor.Generic.981;Moved.;
Default Settings.exe;C:\Program Files\HPQ\Default Settings;Modification of BackDoor.Generic.981;Moved.;
ESU.exe;C:\Program Files\HPQ\ESU;Modification of BackDoor.Generic.981;Moved.;
HP Help and Support.exe;C:\Program Files\HPQ\HP Help and Support;Modification of BackDoor.Generic.981;Moved.;
HP Wireless Assistant.exe;C:\Program Files\HPQ\HP Wireless Assistant;Modification of BackDoor.Generic.981;Moved.;
MSCU.exe;C:\Program Files\HPQ\MSCU;Modification of BackDoor.Generic.981;Moved.;
My Product Name.exe;C:\Program Files\HPQ\My Product Name;Modification of BackDoor.Generic.981;Moved.;
SEDInst.exe;C:\Program Files\HPQ\SEDInst;Modification of BackDoor.Generic.981;Moved.;
Shared.exe;C:\Program Files\HPQ\Shared;Modification of BackDoor.Generic.981;Moved.;
{09961A16-DA99-4F15-BBE1-E7755A3BA8E3}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{23012310-3E05-46A5-88A9-C6CBCABCAC79}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{286F29AF-0BE2-4D5F-AB17-B7631A810553}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{34D2AB40-150D-475D-AE32-BD23FB5EE355}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{3C1599DA-9ED9-4090-930F-B8BC4D99D6B0}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{3FE31026-246F-4BAF-A313-8838962BCB95}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{45D707E9-F3C4-11D9-A373-0050BAE317E1}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{63A317D0-60A6-43FC-848A-9FE4A53B29CE}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{7C503E58-B2BC-11D5-978A-0050BA84F5F7}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{8105684D-8CA6-440D-8F58-7E5FD67A499D}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{81BB112E-C4DF-4CDF-ADB4-21D26219F112}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{91CB0076-2D69-4402-A90C-15D76B11EAC9}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{9799404D-E361-43FB-AFE4-527C9A36D316}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{9E11661F-C75F-4566-A91F-85BD90D09C70}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{9E54F486-CD4A-44A5-B041-16D4E1E56A53}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{9FB4207A-0EB1-4B15-921F-FBCCEBAE9249}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{AC85CD9E-BC46-4874-90E6-ADB558DE7D9E}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{DAAC5938-8026-4D0C-A476-D1954917B7F5}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{F20C1251-1D0A-4944-B2AE-678581B33B19}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{FBD6A335-7E02-43B0-AF58-1B472F9BD3E1}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{FC6E442D-ACBF-4EE3-BB0F-E9EFD6A43D07}.exe;C:\Program Files\InstallShield Installation Information;Modification of BackDoor.Generic.981;Moved.;
{09961A16-DA99-4F15-BBE1-E7755A3BA8E3}.exe;C:\Program Files\InstallShield Installation Information\{09961A16-DA99-4F15-BBE1-E7755A3BA8E3};Modification of BackDoor.Generic.981;Moved.;
{23012310-3E05-46A5-88A9-C6CBCABCAC79}.exe;C:\Program Files\InstallShield Installation Information\{23012310-3E05-46A5-88A9-C6CBCABCAC79};Modification of BackDoor.Generic.981;Moved.;
{286F29AF-0BE2-4D5F-AB17-B7631A810553}.exe;C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553};Modification of BackDoor.Generic.981;Moved.;
{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}.exe;C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC};Modification of BackDoor.Generic.981;Moved.;
{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}.exe;C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC};Modification of BackDoor.Generic.981;Moved.;
{34D2AB40-150D-475D-AE32-BD23FB5EE355}.exe;C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355};Modification of BackDoor.Generic.981;Moved.;
{3C1599DA-9ED9-4090-930F-B8BC4D99D6B0}.exe;C:\Program Files\InstallShield Installation Information\{3C1599DA-9ED9-4090-930F-B8BC4D99D6B0};Modification of BackDoor.Generic.981;Moved.;
{3FE31026-246F-4BAF-A313-8838962BCB95}.exe;C:\Program Files\InstallShield Installation Information\{3FE31026-246F-4BAF-A313-8838962BCB95};Modification of BackDoor.Generic.981;Moved.;
{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}.exe;C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE};Modification of BackDoor.Generic.981;Moved.;
{45D707E9-F3C4-11D9-A373-0050BAE317E1}.exe;C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1};Modification of BackDoor.Generic.981;Moved.;
{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}.exe;C:\Program Files\InstallShield Installation Information\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C};Modification of BackDoor.Generic.981;Moved.;
{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}.exe;C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5};Modification of BackDoor.Generic.981;Moved.;
{63A317D0-60A6-43FC-848A-9FE4A53B29CE}.exe;C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE};Modification of BackDoor.Generic.981;Moved.;
{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}.exe;C:\Program Files\InstallShield Installation Information\{63A3856B-5C0E-4BC1-B508-629AE74B6BBA};Modification of BackDoor.Generic.981;Moved.;
{7C503E58-B2BC-11D5-978A-0050BA84F5F7}.exe;C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7};Modification of BackDoor.Generic.981;Moved.;
{8105684D-8CA6-440D-8F58-7E5FD67A499D}.exe;C:\Program Files\InstallShield Installation Information\{8105684D-8CA6-440D-8F58-7E5FD67A499D};Modification of BackDoor.Generic.981;Moved.;
{81BB112E-C4DF-4CDF-ADB4-21D26219F112}.exe;C:\Program Files\InstallShield Installation Information\{81BB112E-C4DF-4CDF-ADB4-21D26219F112};Modification of BackDoor.Generic.981;Moved.;
{91CB0076-2D69-4402-A90C-15D76B11EAC9}.exe;C:\Program Files\InstallShield Installation Information\{91CB0076-2D69-4402-A90C-15D76B11EAC9};Modification of BackDoor.Generic.981;Moved.;
{9799404D-E361-43FB-AFE4-527C9A36D316}.exe;C:\Program Files\InstallShield Installation Information\{9799404D-E361-43FB-AFE4-527C9A36D316};Modification of BackDoor.Generic.981;Moved.;
{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}.exe;C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008};Modification of BackDoor.Generic.981;Moved.;
{9E11661F-C75F-4566-A91F-85BD90D09C70}.exe;C:\Program Files\InstallShield Installation Information\{9E11661F-C75F-4566-A91F-85BD90D09C70};Modification of BackDoor.Generic.981;Moved.;
{9E54F486-CD4A-44A5-B041-16D4E1E56A53}.exe;C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53};Modification of BackDoor.Generic.981;Moved.;
{9FB4207A-0EB1-4B15-921F-FBCCEBAE9249}.exe;C:\Program Files\InstallShield Installation Information\{9FB4207A-0EB1-4B15-921F-FBCCEBAE9249};Modification of BackDoor.Generic.981;Moved.;
{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}.exe;C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626};Modification of BackDoor.Generic.981;Moved.;
{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}.exe;C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC};Modification of BackDoor.Generic.981;Moved.;
{AC85CD9E-BC46-4874-90E6-ADB558DE7D9E}.exe;C:\Program Files\InstallShield Installation Information\{AC85CD9E-BC46-4874-90E6-ADB558DE7D9E};Modification of BackDoor.Generic.981;Moved.;
{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}.exe;C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA};Modification of BackDoor.Generic.981;Moved.;
{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}.exe;C:\Program Files\InstallShield Installation Information\{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD};Modification of BackDoor.Generic.981;Moved.;
{DAAC5938-8026-4D0C-A476-D1954917B7F5}.exe;C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5};Modification of BackDoor.Generic.981;Moved.;
{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}.exe;C:\Program Files\InstallShield Installation Information\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38};Modification of BackDoor.Generic.981;Moved.;
{F20C1251-1D0A-4944-B2AE-678581B33B19}.exe;C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19};Modification of BackDoor.Generic.981;Moved.;
{FBD6A335-7E02-43B0-AF58-1B472F9BD3E1}.exe;C:\Program Files\InstallShield Installation Information\{FBD6A335-7E02-43B0-AF58-1B472F9BD3E1};Modification of BackDoor.Generic.981;Moved.;
{FC6E442D-ACBF-4EE3-BB0F-E9EFD6A43D07}.exe;C:\Program Files\InstallShield Installation Information\{FC6E442D-ACBF-4EE3-BB0F-E9EFD6A43D07};Modification of BackDoor.Generic.981;Moved.;
INFInst.exe;C:\Program Files\Intel;Modification of BackDoor.Generic.981;Moved.;
INFInst.exe;C:\Program Files\Intel\INFInst;Modification of BackDoor.Generic.981;Moved.;
Connection Wizard.exe;C:\Program Files\Internet Explorer;Modification of BackDoor.Generic.981;Moved.;
en-US.exe;C:\Program Files\Internet Explorer;Modification of BackDoor.Generic.981;Moved.;
MUI.exe;C:\Program Files\Internet Explorer;Modification of BackDoor.Generic.981;Moved.;
PLUGINS.exe;C:\Program Files\Internet Explorer;Modification of BackDoor.Generic.981;Moved.;
SIGNUP.exe;C:\Program Files\Internet Explorer;Modification of BackDoor.Generic.981;Moved.;
Connection Wizard.exe;C:\Program Files\Internet Explorer\Connection Wizard;Modification of BackDoor.Generic.981;Moved.;
en-US.exe;C:\Program Files\Internet Explorer\en-US;Modification of BackDoor.Generic.981;Moved.;
MUI.exe;C:\Program Files\Internet Explorer\MUI;Modification of BackDoor.Generic.981;Moved.;
PLUGINS.exe;C:\Program Files\Internet Explorer\PLUGINS;Modification of BackDoor.Generic.981;Moved.;
SIGNUP.exe;C:\Program Files\Internet Explorer\SIGNUP;Modification of BackDoor.Generic.981;Moved.;
jre1.5.0_06.exe;C:\Program Files\Java;Modification of BackDoor.Generic.981;Moved.;
jre1.6.0_02.exe;C:\Program Files\Java;Modification of BackDoor.Generic.981;Moved.;
jre1.6.0_03.exe;C:\Program Files\Java;Modification of BackDoor.Generic.981;Moved.;
jre1.5.0_06.exe;C:\Program Files\Java\jre1.5.0_06;Modification of BackDoor.Generic.981;Moved.;
jre1.6.0_02.exe;C:\Program Files\Java\jre1.6.0_02;Modification of BackDoor.Generic.981;Moved.;
jre1.6.0_03.exe;C:\Program Files\Java\jre1.6.0_03;Modification of BackDoor.Generic.981;Moved.;
Ad-Aware 2007.exe;C:\Program Files\Lavasoft;Modification of BackDoor.Generic.981;Moved.;
Ad-Aware 2007.exe;C:\Program Files\Lavasoft\Ad-Aware 2007;Modification of BackDoor.Generic.981;Moved.;
Lib.exe;C:\Program Files\Microsoft CAPICOM 2.1.0.2;Modification of BackDoor.Generic.981;Moved.;
License.exe;C:\Program Files\Microsoft CAPICOM 2.1.0.2;Modification of BackDoor.Generic.981;Moved.;
Lib.exe;C:\Program Files\

[A_Orange]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:27 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\transmit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\diagnose.exe
C:\WINDOWS\TEMP\RarSFX13\folder.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\joey\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 156.5.106.252:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=explorer.exe transmit.exe
F2 - REG:system.ini: UserInit=userinit.exe,mma.bat
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ultimate Defender.install] "C:\Documents and Settings\joey\Local Settings\Temporary Internet Files\Content.IE5\CA36V60I\UDefender_Installer[1].exe" continue
O4 - HKUS\S-1-5-18\..\Run: [XdriveTray] "C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe" /trayicon (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [XdriveTray] "C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe" /trayicon (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q306&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.f...bal/msc3121.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9439 bytes

[kahdah]

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[A_Orange]

ComboFix 08-02.02.5 - joey 2008-02-02 18:19:00.1 - NTFSx86 DSREPAIR
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.187 [GMT 8:00]
Running from: C:\Documents and Settings\joey\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.exe
C:\Autorun.inf
C:\Documents and Settings\joey\Favorites\Error Cleaner.url
C:\Documents and Settings\joey\Favorites\Privacy Protector.url
C:\Documents and Settings\joey\Favorites\Spyware&Malware Protection.url
C:\Program Files\Common Files\services.exe
C:\WINDOWS\2.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\inetsrv.exe
C:\WINDOWS\system32\microsoft.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\restore\restore.exe
C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\systen32
C:\WINDOWS\systen32\svchost.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\LEGACY_SFSYNC02
-------\NPF
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-02 18:17 . 2005-08-04 15:36 155,115 --a------ C:\WINDOWS\diagnose.exe
2008-02-01 23:09 . 2008-02-01 23:09 245,760 --a------ C:\WINDOWS\system32\msdtc.exe
2008-02-01 23:09 . 2004-08-04 15:26 6,144 --a------ C:\WINDOWS\system32\dllcache\msdtc.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\WINDOWS\system32\xircom.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\xing shared.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Wise Installation Wizard.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Wextech Shared.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\TiVo Shared.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\System.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Symantec Shared.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\SureThing Shared.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Stardock.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\SpeechEngines.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Sonic Shared.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Real.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\PCSuite.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\ODBC.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Oberon Media.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Nokia.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Nero.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\muvee Technologies.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\MSSoap.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Microsoft Shared.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Macrovision Shared.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\LightScribe.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Java.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\InstallShield.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\HP.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\EasyInfo.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\DirectX.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\DESIGNER.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Canon.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Borland Shared.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Autodesk Shared.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Program Files\Common Files\Adobe.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\NetworkService\Local Settings.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\NetworkService\Cookies.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\NetworkService\Application Data\Application Data.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\NetworkService\Application Data.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\LocalService\Temporary Internet Files.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\LocalService\Start Menu.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\LocalService\Local Settings.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\LocalService\History.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\LocalService\Favorites.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\LocalService\Cookies.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\LocalService\Application Data\Application Data.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\LocalService\Application Data.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\WINDOWS.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\UserData.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Temporary Internet Files.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Templates.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Start Menu.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Shared.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\SendTo.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Recent.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\PrintHood.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Phone Browser.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\NetHood.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\My Documents.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\logs.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Local Settings.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Incomplete.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\History.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Favorites.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\DoctorWeb.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Cookies.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\ChikkaDefault.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Bluetooth Software.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Application Data\Application Data.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\joey\Application Data.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Default User\Templates.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Default User\Start Menu.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Default User\SendTo.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Default User\Recent.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Default User\PrintHood.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Default User\NetHood.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Default User\My Documents.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Default User\Local Settings.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Default User\Favorites.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Default User\Cookies.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Default User\Application Data.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\All Users\Templates.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\All Users\Start Menu.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\All Users\Favorites.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\All Users\DRM.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\All Users\Documents.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\All Users\Application Data\Application Data.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\All Users\Application Data.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\Templates.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\Start Menu.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\SendTo.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\Recent.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\PrintHood.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\NetHood.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\My Documents.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\Local Settings.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\Favorites.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\Cookies.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\Application Data\Application Data.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\Documents and Settings\Administrator\Application Data.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 09:33 --------- d-----w C:\Program Files\Alwil Software
2008-02-01 15:06 --------- d-----w C:\Program Files\Yahoo!
2008-02-01 15:06 --------- d-----w C:\Program Files\Winamp
2008-02-01 15:06 --------- d-----w C:\Program Files\WIDCOMM
2008-02-01 15:06 --------- d-----w C:\Program Files\Web Publish
2008-02-01 15:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-01 15:06 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-01 15:06 --------- d-----w C:\Program Files\Synaptics
2008-02-01 15:06 --------- d-----w C:\Program Files\Stardock
2008-02-01 15:06 --------- d-----w C:\Program Files\Sonic
2008-02-01 15:06 --------- d-----w C:\Program Files\Real
2008-02-01 15:06 --------- d-----w C:\Program Files\QuickTime
2008-02-01 15:06 --------- d-----w C:\Program Files\PowerISO
2008-02-01 15:06 --------- d-----w C:\Program Files\PhoTags Express
2008-02-01 15:06 --------- d-----w C:\Program Files\Oberon Media
2008-02-01 15:06 --------- d-----w C:\Program Files\Nokia
2008-02-01 15:06 --------- d-----w C:\Program Files\Nero
2008-02-01 15:06 --------- d-----w C:\Program Files\muvee Technologies
2008-02-01 15:06 --------- d-----w C:\Program Files\MSECache
2008-02-01 15:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 15:05 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-01 15:05 --------- d-----w C:\Program Files\Microsoft Works
2008-02-01 15:05 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-02-01 15:05 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-02-01 15:05 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-01 15:05 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-01 15:05 --------- d-----w C:\Program Files\Lavasoft
2008-02-01 15:05 --------- d-----w C:\Program Files\Java
2008-02-01 15:05 --------- d-----w C:\Program Files\Intel
2008-02-01 15:05 --------- d-----w C:\Program Files\HPQ
2008-02-01 15:05 --------- d-----w C:\Program Files\Hp
2008-02-01 15:05 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-01 15:05 --------- d-----w C:\Program Files\Google
2008-02-01 15:05 --------- d-----w C:\Program Files\Free Download Manager
2008-02-01 15:05 --------- d-----w C:\Program Files\ESET
2008-02-01 15:05 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-02-01 15:05 --------- d-----w C:\Program Files\Creative
2008-02-01 15:05 --------- d-----w C:\Program Files\Cosmi
2008-02-01 15:05 --------- d-----w C:\Program Files\CONEXANT
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Real
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Java
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\HP
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\DirectX
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Canon
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-01 15:05 --------- d-----w C:\Program Files\Chikka Messenger
2008-02-01 15:05 --------- d-----w C:\Program Files\Canon
2008-02-01 15:05 --------- d-----w C:\Program Files\Autodesk
2008-02-01 15:05 --------- d-----w C:\Program Files\AutoCAD 2006
2008-01-26 22:14 --------- d-----w C:\Program Files\FrostWire
2008-01-26 22:14 --------- d-----w C:\Program Files\BFG
2008-01-19 09:13 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-19 09:13 249,856 ------w C:\WINDOWS\Setup1.exe
2008-01-18 16:19 --------- d-----w C:\Program Files\uTorrent
2007-12-28 05:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-12-28 05:39 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-22 06:06 --------- d-----w C:\Documents and Settings\joey\Application Data\Winamp
2007-12-07 04:16 --------- d-----w C:\Documents and Settings\joey\Application Data\TuneUp Software
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-02 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-24 09:10 155,995 ----a-w C:\WINDOWS\java\Packages\AFN7F9BH.ZIP
2005-09-24 16:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-04 07:26 245,760 ----a-w C:\WINDOWS\inf\IEM\IEM.exe
2004-08-04 07:26 245,760 ----a-w C:\WINDOWS\inf\IEM.exe
2007-01-03 12:54 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-09-02 22:48 393 --sha-r C:\WINDOWS\system32\mma.bat
2007-09-02 22:47 534 --sha-r C:\WINDOWS\system32\mma.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-11-06 19:51 3810544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 15:49 860160]
"ChikkaDefault"="C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe" [2007-04-11 19:40 36864]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-24 11:01 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-24 11:01 159744]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-13 17:56 921600]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"XdriveTray"="C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-05 05:00]
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys [2007-09-02 19:20]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 13:53]
S3 Revolution1;Revolution1;C:\Documents and Settings\John\My Documents\Downloads\UCE for Flyff\SHAK3.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dd661e0-0ab7-11dc-8b3a-0016418037f3}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - WScript.exe .\mma.vbs
\Shell\open\Command - WScript.exe .\mma.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7021f912-9f13-11db-8981-0016d307c3d1}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{844205de-2534-11dc-8b91-0016418037f3}]
\Shell\0pen\command - krag.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85867ad8-0266-11dc-8b12-0016418037f3}]
\Shell\AutoRun\command - Copy of Desktop.ini
\Shell\explore\Command - Copy of Desktop.ini
\Shell\open\Command - Copy of Desktop.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a814ae9c-df8b-11db-8a9b-0016418037f3}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a814ae9d-df8b-11db-8a9b-0016418037f3}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1804d60-8f3a-11db-894a-0016d307c3d1}]
\Shell\Auto\command - F:\transmit.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL transmit.exe
\Shell\explore\command - F:\transmit.exe
\Shell\open\command - F:\transmit.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 10:18:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\diagnose.exe
"2008-02-02 10:19:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\transmit.exe
"2008-02-02 10:30:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 18:28:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-02-02 18:37:02 - machine was rebooted [joey]
ComboFix-quarantined-files.txt 2008-02-02 10:36:52
.
2008-02-01 07:46:27 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:06 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\joey\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 156.5.106.252:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [XdriveTray] "C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe" /trayicon (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [XdriveTray] "C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe" /trayicon (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q306&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.f...bal/msc3121.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8902 bytes

[kahdah]

Right Click the Desktop and Select New--> Folder--> Name it SysClean

• Download the Sysclean Package to the folder you made.
• Next,download the Virus Pattern Files (Official Pattern Release) to your desktop from Here
• Right Click and Select Extract All to unzip the folder.
• Now,from the unzipped folder,move lpt$vpn.XXX file to the SysClean folder.
• Restart in SAFE MODE(Tap F8 when restarting)
• Open the SysClean Folder and doubleclick sysclean.com
• Be sure Automatically clean or delete detected files is checked.
• Click the Scan button to begin,please be patient,it will take a little bit to finish.
• Once complete,verify the log from the scan (SYSCLEAN.LOG) is in the SysClean folder and restart back to Normal Mode.
• Copy&Paste those results in the next reply.

Tutorial from Trend
http://esupport.tren...entID=en-125991

[A_Orange]

so what infected me? after i scanned with combo fix the system was fine except i still get a lot of those backdoor.generic.981 viruses...

[kahdah]

I am not sure yet please follow the instructions in my previous post as you have a file infector virus.
This program should take care of the rest.

[A_Orange]

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2008-02-03, 10:07:33, Auto-clean mode specified.
2008-02-03, 10:07:33, Running scanner "C:\Documents and Settings\joey\Desktop\SysClean\TSC.BIN"...
2008-02-03, 10:08:02, Scanner "C:\Documents and Settings\joey\Desktop\SysClean\TSC.BIN" has finished running.
2008-02-03, 10:08:02, TSC Log:

2008-02-03, 10:11:03, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2008-02-03, 11:11:22, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/3/2008 10:11:35
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 973 (255367 Patterns) (2008/01/31) (497300)
Command Line: C:\Documents and Settings\joey\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\joey\Desktop\SysClean

C:\autorun(3).inf [Mal_Otorun1]
C:\QooBox\Quarantine\C\autorun.inf.vir [Mal_Otorun1]
C:\QooBox\Quarantine\D\autorun.inf.vir [Mal_Otorun1]
114838 files have been read.
114838 files have been checked.
114818 files have been scanned.
249202 files have been scanned. (including files in archived)
5 files containing viruses.
Found 7 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/3/2008 11:11:20
---------*---------*---------*---------*---------*---------*---------*---------*
2008-02-03, 11:11:22, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/3/2008 10:11:35
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 973 (255367 Patterns) (2008/01/31) (497300)
Command Line: C:\Documents and Settings\joey\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\joey\Desktop\SysClean

Success Clean [ VBS_MMADROP.A]( 1) from C:\mma.rar,(mma\mma.vbs)
Success Clean [ VBS_MMADROP.A]( 1) from C:\WINDOWS\system32\mma.rar,(mma\mma.vbs)
114838 files have been read.
114838 files have been checked.
114818 files have been scanned.
249202 files have been scanned. (including files in archived)
5 files containing viruses.
Found 7 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/3/2008 11:11:20 59 minutes 43 seconds (3582.61 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-02-03, 11:11:22, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/3/2008 10:11:35
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 973 (255367 Patterns) (2008/01/31) (497300)
Command Line: C:\Documents and Settings\joey\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\joey\Desktop\SysClean

114838 files have been read.
114838 files have been checked.
114818 files have been scanned.
249202 files have been scanned. (including files in archived)
5 files containing viruses.
Found 7 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/3/2008 11:11:20 59 minutes 43 seconds (3582.61 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-02-03, 11:11:22, Scanner "C:\Documents and Settings\joey\Desktop\SysClean\VSCANTM.BIN" has finished running.
2008-02-03, 11:11:53, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/3/2008 11:11:22
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 973 (255367 Patterns) (2008/01/31) (497300)
Command Line: C:\Documents and Settings\joey\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\joey\Desktop\SysClean

D:\autorun.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP379\A0098577.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP381\A0099808.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP381\A0100828.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP381\A0101823.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP381\A0103832.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP381\A0104833.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP381\A0105833.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP388\A0126766.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP388\A0127592.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP388\A0127911.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP388\A0129048.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP388\A0130082.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP388\A0131081.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP382\A0105839.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP383\A0106778.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP384\A0106954.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP384\A0108613.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP384\A0109610.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP384\A0111611.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP384\A0112609.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP384\A0113614.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP384\A0114612.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP385\A0114616.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP386\A0115286.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0115304.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0116286.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0116300.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0117306.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0117324.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0118444.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0119327.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0120327.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0121325.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0122327.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0123326.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0125240.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0125548.inf [Mal_Otorun1]
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP387\A0126556.inf [Mal_Otorun1]
2107 files have been read.
2107 files have been checked.
2107 files have been scanned.
2224 files have been scanned. (including files in archived)
40 files containing viruses.
Found 41 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/3/2008 11:11:53
---------*---------*---------*---------*---------*---------*---------*---------*
2008-02-03, 11:11:53, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/3/2008 11:11:22
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 973 (255367 Patterns) (2008/01/31) (497300)
Command Line: C:\Documents and Settings\joey\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\joey\Desktop\SysClean

Success Clean [ VBS_MMADROP.A]( 1) from D:\mma.rar,(mma\mma.vbs)
2107 files have been read.
2107 files have been checked.
2107 files have been scanned.
2224 files have been scanned. (including files in archived)
40 files containing viruses.
Found 41 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/3/2008 11:11:53 29 seconds (28.73 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-02-03, 11:11:53, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/3/2008 11:11:22
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 973 (255367 Patterns) (2008/01/31) (497300)
Command Line: C:\Documents and Settings\joey\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\joey\Desktop\SysClean

2107 files have been read.
2107 files have been checked.
2107 files have been scanned.
2224 files have been scanned. (including files in archived)
40 files containing viruses.
Found 41 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/3/2008 11:11:53 29 seconds (28.73 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-02-03, 11:11:53, Scanner "C:\Documents and Settings\joey\Desktop\SysClean\VSCANTM.BIN" has finished running.

[kahdah]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
(Note: Scroll all of the way down inside of the code box to get all of the contents)

File::C:\Documents and Settings\NetworkService\Local Settings.exeC:\Documents and Settings\NetworkService\Cookies.exeC:\Documents and Settings\NetworkService\Application Data\Application Data.exeC:\Documents and Settings\NetworkService\Application Data.exeC:\Documents and Settings\LocalService\Temporary Internet Files.exeC:\Documents and Settings\LocalService\Start Menu.exeC:\Documents and Settings\LocalService\Local Settings.exeC:\Documents and Settings\LocalService\History.exeC:\Documents and Settings\LocalService\Favorites.exeC:\Documents and Settings\LocalService\Cookies.exeC:\Documents and Settings\LocalService\Application Data\Application Data.exeC:\Documents and Settings\LocalService\Application Data.exeC:\Documents and Settings\joey\WINDOWS.exeC:\Documents and Settings\joey\UserData.exeC:\Documents and Settings\joey\Temporary Internet Files.exeC:\Documents and Settings\joey\Templates.exeC:\Documents and Settings\joey\Start Menu.exeC:\Documents and Settings\joey\Shared.exeC:\Documents and Settings\joey\SendTo.exeC:\Documents and Settings\joey\Recent.exeC:\Documents and Settings\joey\PrintHood.exeC:\Documents and Settings\joey\Phone Browser.exeC:\Documents and Settings\joey\NetHood.exeC:\Documents and Settings\joey\My Documents.exeC:\Documents and Settings\joey\logs.exeC:\Documents and Settings\joey\Local Settings.exeC:\Documents and Settings\joey\Incomplete.exeC:\Documents and Settings\joey\History.exeC:\Documents and Settings\joey\Favorites.exeC:\Documents and Settings\joey\DoctorWeb.exeC:\Documents and Settings\joey\Cookies.exeC:\Documents and Settings\joey\ChikkaDefault.exeC:\Documents and Settings\joey\Bluetooth Software.exeC:\Documents and Settings\joey\Application Data\Application Data.exeC:\Documents and Settings\joey\Application Data.exeC:\Documents and Settings\Default User\Templates.exeC:\Documents and Settings\Default User\SendTo.exeC:\Documents and Settings\Default User\Start Menu.exeC:\Documents and Settings\Default User\Recent.exeC:\Documents and Settings\Default User\PrintHood.exeC:\Documents and Settings\Default User\NetHood.exeC:\Documents and Settings\Default User\My Documents.exeC:\Documents and Settings\Default User\Local Settings.exeC:\Documents and Settings\Default User\Favorites.exeC:\Documents and Settings\Default User\Cookies.exeC:\Documents and Settings\Default User\Application Data.exeC:\Documents and Settings\All Users\Templates.exeC:\Documents and Settings\All Users\Start Menu.exeC:\Documents and Settings\All Users\Favorites.exeC:\Documents and Settings\All Users\DRM.exeC:\Documents and Settings\All Users\Documents.exeC:\Documents and Settings\All Users\Application Data\Application Data.exeC:\Documents and Settings\All Users\Application Data.exeC:\Documents and Settings\Administrator\Templates.exeC:\Documents and Settings\Administrator\Start Menu.exeC:\Documents and Settings\Administrator\SendTo.exeC:\Documents and Settings\Administrator\Recent.exeC:\Documents and Settings\Administrator\PrintHood.exeC:\Documents and Settings\Administrator\NetHood.exeC:\Documents and Settings\Administrator\My Documents.exeC:\Documents and Settings\Administrator\Local Settings.exeC:\Documents and Settings\Administrator\Favorites.exeC:\Documents and Settings\Administrator\Cookies.exeC:\Documents and Settings\Administrator\Application Data\Application Data.exeC:\Documents and Settings\Administrator\Application Data.exeC:\WINDOWS\system32\mma.batC:\WINDOWS\system32\mma.regC:\WINDOWS\inf\IEM\IEM.exeC:\WINDOWS\inf\IEM.exeF:\mma.vbsF:\sxs.exeF:\transmit.exeF:\fooool.exeC:\WINDOWS\Tasks\At1.jobC:\WINDOWS\diagnose.exeC:\WINDOWS\Tasks\At2.jobC:\WINDOWS\system32\transmit.exeC:\WINDOWS\system32\drivers\dump_wmimmc.sys Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dd661e0-0ab7-11dc-8b3a-0016418037f3}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7021f912-9f13-11db-8981-0016d307c3d1}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{844205de-2534-11dc-8b91-0016418037f3}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a814ae9d-df8b-11db-8a9b-0016418037f3}]Driver::dump_wmimmc

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

Edited by kahdah, 02 February 2008 - 11:22 PM.
coding

[A_Orange]

here is the log...

ComboFix 08-02.02.5 - joey 2008-02-03 13:07:18.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.134 [GMT 8:00]
Running from: C:\Documents and Settings\joey\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\joey\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf
F:\RECYCLER\desktop.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-03 11:41 . 2008-02-03 11:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-03 11:41 . 2008-02-03 11:41 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-03 11:41 . 2008-02-03 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-03 11:13 . 2008-02-03 11:15 <DIR> d-------- C:\Clean Up
2008-02-02 19:47 . 2004-08-04 15:26 245,760 --a------ C:\WINDOWS\system32\msdtc.exe
2008-02-02 19:46 . 2005-08-04 15:36 155,115 --ah----- C:\WINDOWS\diagnose.exe
2008-02-01 23:09 . 2004-08-04 15:26 6,144 --a------ C:\WINDOWS\system32\dllcache\msdtc.exe
2008-02-01 23:04 . 2004-08-04 15:26 245,760 --a------ C:\WINDOWS\system32\xircom.exe
2008-02-01 13:25 . 2008-02-01 23:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 12:58 . 2008-02-02 18:59 208,800 --a------ C:\WINDOWS\system32\p364sus.dat
2008-02-01 12:58 . 2008-02-02 18:59 208,800 ---hs---- C:\WINDOWS\system32\isetup.exe
2008-02-01 09:13 . 2008-02-01 09:13 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-02-01 07:42 . 2004-08-04 21:00 281,088 --a------ C:\WINDOWS\system32\dllcache\pinball.exe
2008-02-01 07:42 . 2004-08-04 21:00 23,040 --a------ C:\WINDOWS\system32\Setup.exe
2008-02-01 07:42 . 2004-08-04 21:00 23,040 --a------ C:\WINDOWS\system32\dllcache\setup.exe
2008-02-01 07:42 . 2008-02-01 09:59 169 -rahs---- C:\autorun(3).inf
2008-01-30 15:55 . 2008-01-30 15:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 15:55 . 2008-01-30 15:55 1,409 --ah----- C:\WINDOWS\QTFont.for
2008-01-27 06:21 . 2007-09-03 06:47 534 -rahs---- C:\WINDOWS\system32\mma.reg
2008-01-27 06:21 . 2007-09-03 06:48 393 -rahs---- C:\WINDOWS\system32\mma.bat
2008-01-27 06:20 . 2007-09-03 06:47 534 -rahs---- C:\mma.reg
2008-01-27 06:20 . 2007-09-03 06:48 393 -rahs---- C:\mma.bat
2008-01-26 21:44 . 2004-04-23 13:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6e.DLL
2008-01-26 21:44 . 2004-04-23 13:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6e.DLL
2008-01-26 21:43 . 2004-03-12 00:06 86,016 -ra------ C:\WINDOWS\system32\CNMCP6e.exe
2008-01-25 20:06 . 2008-01-25 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-25 19:56 . 2008-01-25 19:56 <DIR> d-------- C:\Program Files\Bonjour
2008-01-25 19:39 . 2008-02-01 23:05 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-23 05:46 . 2008-02-01 23:05 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2008-01-21 08:33 . 2008-01-21 08:33 208,800 -rahs---- C:\isetup.exe
2008-01-08 02:40 . 2008-01-12 21:34 <DIR> d-------- C:\Program Files\IrfanView
2008-01-05 22:45 . 2008-02-01 23:05 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-01-05 18:51 . 2008-02-01 10:21 49,152 --a------ C:\WINDOWS\system32\transmit.exe
2008-01-05 18:51 . 2008-02-01 10:21 49,152 --a------ C:\WINDOWS\system32\diffuse.dat
2008-01-05 18:51 . 2008-01-19 19:24 49,152 -rahs---- C:\transmit.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 14:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 14:15 --------- d-----w C:\Program Files\Chikka Messenger
2008-02-02 14:14 --------- d-----w C:\Program Files\Canon
2008-02-02 14:14 --------- d-----w C:\Program Files\Autodesk
2008-02-02 14:08 --------- d-----w C:\Program Files\AutoCAD 2006
2008-02-02 14:07 --------- d-----w C:\Program Files\Alwil Software
2008-02-01 15:06 --------- d-----w C:\Program Files\Yahoo!
2008-02-01 15:06 --------- d-----w C:\Program Files\Winamp
2008-02-01 15:06 --------- d-----w C:\Program Files\WIDCOMM
2008-02-01 15:06 --------- d-----w C:\Program Files\Web Publish
2008-02-01 15:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-01 15:06 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-01 15:06 --------- d-----w C:\Program Files\Synaptics
2008-02-01 15:06 --------- d-----w C:\Program Files\Stardock
2008-02-01 15:06 --------- d-----w C:\Program Files\Sonic
2008-02-01 15:06 --------- d-----w C:\Program Files\Real
2008-02-01 15:06 --------- d-----w C:\Program Files\QuickTime
2008-02-01 15:06 --------- d-----w C:\Program Files\PowerISO
2008-02-01 15:06 --------- d-----w C:\Program Files\PhoTags Express
2008-02-01 15:06 --------- d-----w C:\Program Files\Oberon Media
2008-02-01 15:06 --------- d-----w C:\Program Files\Nokia
2008-02-01 15:06 --------- d-----w C:\Program Files\Nero
2008-02-01 15:06 --------- d-----w C:\Program Files\muvee Technologies
2008-02-01 15:06 --------- d-----w C:\Program Files\MSECache
2008-02-01 15:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 15:05 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-01 15:05 --------- d-----w C:\Program Files\Microsoft Works
2008-02-01 15:05 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-02-01 15:05 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-02-01 15:05 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-01 15:05 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-01 15:05 --------- d-----w C:\Program Files\Lavasoft
2008-02-01 15:05 --------- d-----w C:\Program Files\Java
2008-02-01 15:05 --------- d-----w C:\Program Files\Intel
2008-02-01 15:05 --------- d-----w C:\Program Files\HPQ
2008-02-01 15:05 --------- d-----w C:\Program Files\Hp
2008-02-01 15:05 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-01 15:05 --------- d-----w C:\Program Files\Google
2008-02-01 15:05 --------- d-----w C:\Program Files\Free Download Manager
2008-02-01 15:05 --------- d-----w C:\Program Files\ESET
2008-02-01 15:05 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-02-01 15:05 --------- d-----w C:\Program Files\Creative
2008-02-01 15:05 --------- d-----w C:\Program Files\Cosmi
2008-02-01 15:05 --------- d-----w C:\Program Files\CONEXANT
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Real
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Java
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\HP
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\DirectX
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Canon
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-02-01 15:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-01-26 22:14 --------- d-----w C:\Program Files\FrostWire
2008-01-26 22:14 --------- d-----w C:\Program Files\BFG
2008-01-19 09:13 73,216 ---ha-w C:\WINDOWS\ST6UNST.EXE
2008-01-19 09:13 249,856 ---h--w C:\WINDOWS\Setup1.exe
2008-01-18 16:19 --------- d-----w C:\Program Files\uTorrent
2007-12-28 05:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-12-28 05:39 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-22 06:06 --------- d-----w C:\Documents and Settings\joey\Application Data\Winamp
2007-12-07 04:16 --------- d-----w C:\Documents and Settings\joey\Application Data\TuneUp Software
2007-11-24 09:10 155,995 ----a-w C:\WINDOWS\java\Packages\AFN7F9BH.ZIP
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-03 12:25 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2005-09-24 16:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-04 07:26 245,760 ----a-w C:\WINDOWS\inf\IEM\IEM.exe
2004-08-04 07:26 245,760 ----a-w C:\WINDOWS\inf\IEM.exe
2007-01-03 12:54 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-09-02 22:48 393 --sha-r C:\WINDOWS\system32\mma.bat
2007-09-02 22:47 534 --sha-r C:\WINDOWS\system32\mma.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 19:51 3810544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 15:49 860160]
"ChikkaDefault"="C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe" [2007-04-11 19:40 36864]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-24 11:01 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-24 11:01 159744]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-13 17:56 921600]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"XdriveTray"="C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe" [ ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFind"= 1 (0x1)
"NoRun"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-05 05:00]
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys [2007-09-02 19:20]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 13:53]
S3 Revolution1;Revolution1;C:\Documents and Settings\John\My Documents\Downloads\UCE for Flyff\SHAK3.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dd661e0-0ab7-11dc-8b3a-0016418037f3}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - WScript.exe .\mma.vbs
\Shell\open\Command - WScript.exe .\mma.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7021f912-9f13-11db-8981-0016d307c3d1}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{844205de-2534-11dc-8b91-0016418037f3}]
\Shell\0pen\command - krag.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85867ad8-0266-11dc-8b12-0016418037f3}]
\Shell\AutoRun\command - Copy of Desktop.ini
\Shell\explore\Command - Copy of Desktop.ini
\Shell\open\Command - Copy of Desktop.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a814ae9c-df8b-11db-8a9b-0016418037f3}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a814ae9d-df8b-11db-8a9b-0016418037f3}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1804d60-8f3a-11db-894a-0016d307c3d1}]
\Shell\Auto\command - F:\transmit.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL transmit.exe
\Shell\explore\command - F:\transmit.exe
\Shell\open\command - F:\transmit.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 11:59:45 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\diagnose.exe
"2008-02-02 11:48:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\transmit.exe
"2008-02-03 04:02:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 13:11:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-03 13:13:41
ComboFix-quarantined-files.txt 2008-02-03 05:13:39
.
2008-02-01 07:46:27 --- E O F ---

[kahdah]

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.