Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Frustrating Pop-ups and Redirects (Trustedantivirus, Bestsellerantivir


  • This topic is locked This topic is locked

#1
Yuri90

Yuri90

    New Member

  • Member
  • Pip
  • 6 posts
I tried everything I could, downloaded several removers, but the problems keeps coming back. I've been trying to fix my computer for more than 2 weeks now, and I don't know what to do anymore. I didn't really want to create more work for you guys, but I already ran out of options. Please, I'll be counting on you guys from now on. I'm not in a hurry, I can wait for as long as I need to so please take your time.

My hijackthis™ log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:03 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (file missing)
O3 - Toolbar: Multiply Toolbar - {A057A204-BACC-4D26-C4DC-6BA49CE16884} - C:\PROGRA~1\multiply\multiply.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [BMfb20b004] Rundll32.exe "C:\WINDOWS\system32\kwvqbgmj.dll",s
O4 - HKLM\..\Run: [f8138398] rundll32.exe "C:\WINDOWS\system32\jhiyagse.dll",b
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser .exe -hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight Monitor.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.chikka.com
O15 - Trusted Zone: http://toolbar.imageshack.us
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.chart...oad/tgctlsi.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://support.chart...ad/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...6/uploader2.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com...ideoControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130465459201
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direc.../dpcsysinfo.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinn...d/uninstall.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.g...zylomloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Norton LiveConnect Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Norton LiveConnect Service Ex (pifCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12241 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Yuri90

Welcome to G2Go. :)
================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
Yuri90

Yuri90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you kahdah for the quick response! I'll do that immediately once I get home later. Oh by the way, should I run them on Safe Mode this time? Would that make it better?
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No it needs to be in normal mode.
  • 0

#5
Yuri90

Yuri90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry for the late reply.

At any rate, here's the ComboFix log:

ComboFix 08-02-14.2 - User 2008-02-16 10:37:00.1 - NTFSx86
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\efedd.dll
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\ADSTechnology.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\Uninstall.lnk
C:\Documents and Settings\User\Application Data\FNTS~1
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\ADSTechnology
C:\Program Files\ADSTechnology\ADSTechnology.dll
C:\Program Files\ADSTechnology\ADSTechnology.exe
C:\Program Files\ADSTechnology\Uninstall.exe
C:\WINDOWS\system32\ajsjwfai.dll
C:\WINDOWS\system32\aumjxnfa.dll
C:\WINDOWS\system32\bgpnbhtg.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\cvkseydm.dll
C:\WINDOWS\system32\cxhlyxxv.dll
C:\WINDOWS\SYSTEM32\ddefe.ini
C:\WINDOWS\SYSTEM32\ddefe.ini2
C:\WINDOWS\system32\dobwkldv.dll
C:\WINDOWS\system32\efedd.dll
C:\WINDOWS\system32\efedd.exe
C:\WINDOWS\SYSTEM32\esgayihj.ini
C:\WINDOWS\system32\eujtwqxq.dll
C:\WINDOWS\system32\fgsfcpmo.dll
C:\WINDOWS\system32\fqqtfvhr.dll
C:\WINDOWS\system32\ggjfjpad.dll
C:\WINDOWS\system32\hbuxpemh.dll
C:\WINDOWS\SYSTEM32\hqvrcqqs.ini
C:\WINDOWS\system32\jhiyagse.dll
C:\WINDOWS\system32\kjbelkgt.dll
C:\WINDOWS\system32\kwvqbgmj.dll
C:\WINDOWS\system32\lcdanpnb.dll
C:\WINDOWS\system32\lpghfmrk.dll
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\qjlfqjqh.dll
C:\WINDOWS\system32\qvxetpjt.dll
C:\WINDOWS\system32\sqqcrvqh.dll
C:\WINDOWS\system32\twvsvwcq.dll
C:\WINDOWS\SYSTEM32\ufrnygmu.ini
C:\WINDOWS\system32\umgynrfu.dll
C:\WINDOWS\system32\vwnttnux.dll
C:\WINDOWS\SYSTEM32\vxxylhxc.ini
C:\WINDOWS\system32\xiqjyxcp.dll
C:\WINDOWS\system32\xqpmibuj.dll
C:\WINDOWS\system32\xyrtyqlv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-15 23:40 . 2008-02-15 23:40 <DIR> d-------- C:\Norton
2008-02-15 23:09 . 2008-02-15 23:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 19:43 . 2008-02-16 10:26 12,830 --a------ C:\WINDOWS\BMfb20b004.xml
2008-02-15 19:43 . 2008-02-16 10:38 21 --a------ C:\WINDOWS\pskt.ini
2008-02-15 17:10 . 2008-02-15 17:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-15 00:38 . 2008-02-15 19:23 <DIR> d-------- C:\SDFix
2008-02-14 18:32 . 2008-02-15 19:42 774 --ahs---- C:\WINDOWS\SYSTEM32\mnbvbrmv.ini
2008-02-14 18:29 . 2008-02-14 18:29 534 ---hs---- C:\WINDOWS\SYSTEM32\vthaeduw.ini
2008-02-13 18:30 . 2008-02-14 16:33 474 --ahs---- C:\WINDOWS\SYSTEM32\opesoyry.ini
2008-02-13 18:22 . 2008-02-13 18:22 294 --ahs---- C:\WINDOWS\SYSTEM32\hpfbymhy.ini
2008-02-12 16:16 . 2008-02-12 16:16 1,554 --ahs---- C:\WINDOWS\SYSTEM32\kjveqpph.ini
2008-02-10 11:24 . 2008-02-12 16:06 1,494 --ahs---- C:\WINDOWS\SYSTEM32\snlnqush.ini
2008-02-09 23:33 . 2008-02-09 23:33 <DIR> d-------- C:\Intel
2008-02-09 23:17 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-02-09 23:13 . 2008-02-09 23:13 <DIR> d-------- C:\NVIDIA
2008-02-09 23:10 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\SYSTEM32\d3dx9_36.dll
2008-02-09 23:10 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_36.dll
2008-02-09 23:10 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\SYSTEM32\d3dx10_36.dll
2008-02-09 23:10 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\SYSTEM32\xactengine2_10.dll
2008-02-09 23:10 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\SYSTEM32\xactengine2_9.dll
2008-02-09 23:09 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\SYSTEM32\d3dx9_35.dll
2008-02-09 23:09 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\SYSTEM32\d3dx9_34.dll
2008-02-09 23:09 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_35.dll
2008-02-09 23:09 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_34.dll
2008-02-09 23:09 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\SYSTEM32\d3dx10_35.dll
2008-02-09 23:09 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\SYSTEM32\d3dx10_34.dll
2008-02-09 23:09 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\SYSTEM32\xactengine2_8.dll
2008-02-09 23:09 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\SYSTEM32\X3DAudio1_2.dll
2008-02-09 23:08 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_33.dll
2008-02-09 23:08 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\SYSTEM32\d3dx10_33.dll
2008-02-09 23:08 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\SYSTEM32\xactengine2_7.dll
2008-02-09 23:08 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\SYSTEM32\xinput1_3.dll
2008-02-09 23:07 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\SYSTEM32\d3dx9_33.dll
2008-02-09 23:07 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll
2008-02-09 23:07 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\SYSTEM32\d3dx9_31.dll
2008-02-09 23:07 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_6.dll
2008-02-09 23:07 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\SYSTEM32\xactengine2_5.dll
2008-02-09 23:07 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_4.dll
2008-02-09 23:07 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\SYSTEM32\xactengine2_3.dll
2008-02-09 23:07 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\SYSTEM32\x3daudio1_1.dll
2008-02-09 21:53 . 2008-02-09 21:53 <DIR> d-------- C:\Documents and Settings\User\Builds
2008-02-09 21:34 . 2008-02-10 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Outspark
2008-02-09 04:25 . 2008-02-10 11:09 1,254 --ahs---- C:\WINDOWS\SYSTEM32\fgcmkjfi.ini
2008-02-09 04:22 . 2008-02-09 04:23 1,014 --ahs---- C:\WINDOWS\SYSTEM32\mmtcyqva.ini
2008-02-08 04:04 . 2008-02-09 03:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-08 04:04 . 2008-02-08 04:04 <DIR> d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-02-08 04:04 . 2008-02-08 04:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-07 19:57 . 2008-02-09 04:11 954 ---hs---- C:\WINDOWS\SYSTEM32\ykvrxegc.ini
2008-02-07 19:54 . 2008-02-07 19:54 714 --ahs---- C:\WINDOWS\SYSTEM32\bqybxfts.ini
2008-02-06 19:16 . 2008-02-06 19:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 19:05 . 2008-02-07 19:41 654 ---hs---- C:\WINDOWS\SYSTEM32\utpkonpo.ini
2008-02-06 19:01 . 2008-02-06 19:01 294 --ahs---- C:\WINDOWS\SYSTEM32\bacsqbvl.ini
2008-02-05 19:04 . 2008-02-05 19:04 90,688 --a------ C:\WINDOWS\SYSTEM32\rrjfturp.dll
2008-02-05 19:04 . 2008-02-06 16:09 414 --ahs---- C:\WINDOWS\SYSTEM32\prutfjrr.ini
2008-02-05 18:58 . 2008-02-05 18:58 294 ---hs---- C:\WINDOWS\SYSTEM32\xwwxlqkm.ini
2008-02-04 19:05 . 2008-02-05 16:11 1,192,358 --ahs---- C:\WINDOWS\SYSTEM32\cqmlmuyw.ini
2008-02-04 19:02 . 2008-02-04 19:02 1,192,238 ---hs---- C:\WINDOWS\SYSTEM32\uibhgkpp.ini
2008-02-03 19:01 . 2008-02-03 19:02 1,188,492 --ahs---- C:\WINDOWS\SYSTEM32\ahgadehe.ini
2008-02-03 18:55 . 2008-02-03 19:02 1,188,432 --ahs---- C:\WINDOWS\SYSTEM32\oxkhclmj.ini
2008-01-31 16:57 . 2008-01-31 17:03 1,184,434 --ahs---- C:\WINDOWS\SYSTEM32\cekynglm.ini
2008-01-30 18:08 . 2008-01-30 19:44 <DIR> d-------- C:\VundoFix Backups
2008-01-30 04:52 . 2008-01-31 16:55 1,184,674 --ahs---- C:\WINDOWS\SYSTEM32\nhcwcakb.ini
2008-01-30 04:50 . 2008-01-30 04:50 1,166,979 --ahs---- C:\WINDOWS\SYSTEM32\pfuodtah.ini
2008-01-29 21:45 . 2008-01-29 22:52 50 --a------ C:\WINDOWS\MegaManager.INI
2008-01-29 21:33 . 2008-01-29 21:33 <DIR> d-------- C:\Documents and Settings\User\Application Data\Megaupload
2008-01-29 21:28 . 2008-02-15 00:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\MegauploadToolbar
2008-01-29 04:49 . 2008-01-29 20:34 1,162,490 ---hs---- C:\WINDOWS\SYSTEM32\vsjxhotj.ini
2008-01-29 04:46 . 2008-01-29 04:46 1,162,310 --ahs---- C:\WINDOWS\SYSTEM32\nkuihvgs.ini
2008-01-27 20:49 . 2008-01-27 20:49 1,142,572 ---hs---- C:\WINDOWS\SYSTEM32\umpdsqws.tmp
2008-01-27 14:23 . 2008-01-27 14:23 1,142,572 ---hs---- C:\WINDOWS\SYSTEM32\umpdsqws.ini
2008-01-27 02:14 . 2008-01-27 02:14 23,392 --a------ C:\WINDOWS\SYSTEM32\nscompat.tlb
2008-01-27 02:14 . 2008-01-27 02:14 16,832 --a------ C:\WINDOWS\SYSTEM32\amcompat.tlb
2008-01-27 01:57 . 1998-09-02 00:28 38,160 --a------ C:\WINDOWS\SYSTEM32\LMRTREND.dll
2008-01-27 01:56 . 1998-08-20 03:02 140,800 --a------ C:\WINDOWS\SYSTEM32\tm20dec.ax
2008-01-27 01:55 . 1998-08-26 20:51 182,032 --a------ C:\WINDOWS\SYSTEM32\dxtmsft3.dll
2008-01-27 01:52 . 1998-09-02 00:28 63,488 --a------ C:\WINDOWS\SYSTEM32\unam4ie.exe
2008-01-27 01:51 . 1998-09-02 00:02 194,320 --a------ C:\WINDOWS\SYSTEM32\qcut.dll
2008-01-27 01:51 . 1998-08-17 01:21 11,776 --a------ C:\WINDOWS\SYSTEM32\mciqtz.drv
2008-01-27 01:51 . 1998-08-17 01:21 10,240 --a------ C:\WINDOWS\SYSTEM32\vidx16.dll
2008-01-27 01:51 . 1998-08-17 01:21 5,672 --a------ C:\WINDOWS\SYSTEM32\quartz.vxd
2008-01-27 01:50 . 2008-01-27 01:50 4,608 --a------ C:\WINDOWS\SYSTEM32\w95inf32.dll
2008-01-27 01:50 . 2008-01-27 01:50 2,272 --a------ C:\WINDOWS\SYSTEM32\w95inf16.dll
2008-01-27 01:30 . 2008-01-27 01:30 <DIR> d-------- C:\Documents and Settings\User\Application Data\DAEMON Tools
2008-01-27 01:29 . 2008-01-28 06:51 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-26 23:52 . 2008-01-26 23:52 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2008-01-26 09:05 . 2008-01-26 09:08 8,628 --ah----- C:\TLOVE.GID
2008-01-26 04:08 . 2008-01-26 04:08 94,208 --a------ C:\WINDOWS\SM1BG .EXE
2008-01-26 03:41 . 2008-01-26 03:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\Fujitsu
2008-01-26 03:39 . 2008-01-26 03:39 256 --ah----- C:\WINDOWS\SYSTEM32\LTAW14FN.BIN
2008-01-26 03:39 . 2008-01-26 03:39 256 --ah----- C:\WINDOWS\SYSTEM32\FJLTAFOU.BIN
2008-01-26 02:02 . 2008-02-14 23:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-26 02:02 . 2008-01-26 02:02 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 09:13 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-16 09:13 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-16 09:13 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-16 09:13 --------- d-----w C:\Program Files\Symantec
2008-02-16 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-16 05:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-16 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-02-15 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-13 07:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-10 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 06:04 --------- d-----w C:\Program Files\DivX
2008-01-30 04:31 --------- d-----w C:\Program Files\Eraser
2008-01-28 14:51 --------- d-----w C:\Program Files\QuickTime
2008-01-28 14:50 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 09:25 --------- d-----w C:\Program Files\Chikka
2008-01-27 07:45 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-26 17:49 --------- d-----w C:\Program Files\VoloMedia
2008-01-26 17:49 --------- d-----w C:\Program Files\Lexmark 2200 Series
2008-01-26 17:49 --------- d-----w C:\Program Files\iTunes
2008-01-26 14:41 --------- d-----w C:\Program Files\Anvil Studio
2008-01-12 00:52 --------- d-----w C:\Program Files\PodBridge
2008-01-12 00:52 --------- d-----w C:\Documents and Settings\User\Application Data\Podbridge Service
2008-01-04 21:58 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-10-27 23:53 81,920 ----a-w C:\Documents and Settings\User\Application Data\ezpinst.exe
2007-10-27 23:53 47,360 -c--a-w C:\Documents and Settings\User\Application Data\pcouffin.sys
2007-07-28 23:11 83,008 -c--a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2006-12-30 20:19 491,008 -c--a-w C:\Program Files\New_Year_Prayer.pps
2006-12-04 17:07 218,306,392 -c--a-w C:\Program Files\Accounting Express.exe
2003-08-27 22:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
.
<pre>
----a-w		   307,200 2008-01-26 12:09:41  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w			63,712 2008-01-26 12:09:02  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w		 1,753,088 2008-01-27 07:52:39  C:\Program Files\Chikka\Chikka .exe
----a-w		   180,269 2008-01-26 12:08:11  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		   486,856 2008-01-28 05:02:56  C:\Program Files\DAEMON Tools Lite\daemon .exe
----a-w		   278,528 2008-01-26 12:08:56  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			36,975 2008-01-26 12:08:17  C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
----a-w			57,344 2008-01-26 12:08:11  C:\Program Files\Lexmark 2200 Series\lxbvbmgr .exe
----a-w		 6,049,792 2008-01-28 05:03:08  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w			53,248 2008-01-26 12:08:18  C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask .exe
----a-w		   524,288 2008-01-27 07:52:03  C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
------w		   282,624 2008-01-28 06:27:28  C:\Program Files\QuickTime\qttask  .exe
----a-w			65,536 2008-01-26 12:09:09  C:\Program Files\VoloMedia\Podbridge launcher .exe
----a-w			94,208 2008-01-26 12:08:05  C:\WINDOWS\SM1BG .EXE
----a-w		   208,952 2008-01-28 05:01:53  C:\WINDOWS\IME\IMJP8_1\IMJPMIG .EXE
----a-w			44,032 2008-01-28 05:01:50  C:\WINDOWS\IME\IMKR6_1\IMEKRMIG .EXE
----a-w			15,360 2008-01-27 07:52:08  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w			59,392 2008-01-28 05:01:52  C:\WINDOWS\SYSTEM32\IME\PINTLGNT\ImScInst .exe
----a-w		   455,168 2008-01-28 05:01:55  C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F4CAE19-6BA1-1054-F8BF-13A3928BF9C9}]
C:\WINDOWS\system32\gfvj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C4DC-6BA49CE16884}]
2007-10-18 12:25 1938232 --a------ C:\PROGRA~1\multiply\multiply.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{A057A204-BACC-4D26-C4DC-6BA49CE16884}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c4dc-6ba49ce16884}]
[HKEY_CLASSES_ROOT\multiply.MULTIPLY]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-C4DC-6BA49CE16884}"= C:\PROGRA~1\multiply\multiply.dll [2007-10-18 12:25 1938232]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c4dc-6ba49ce16884}]
[HKEY_CLASSES_ROOT\multiply.MULTIPLY]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Eraser"="C:\Program Files\Eraser\Eraser .exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2001-09-04 13:31 655360 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadWare]
C:\Program Files\DownloadWare\dw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
--a--c--- 2001-10-09 14:06 818688 C:\WINDOWS\System32\LXSUPMON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2003-08-05 20:29 1578160 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromulGate]
C:\Program Files\DelFin\PromulGate\PgMonitr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-09-13 11:27 204845 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaveNow]
C:\Program Files\SaveNow\SaveNow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 16:53]
S2 Norton LiveConnect Service;Norton LiveConnect Service;"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
S2 pifCore;Norton LiveConnect Service Ex;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-06-04 18:05]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 10:48]
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 21:29]
S3 DCamUSBGrandTek;Clever Cam 360 PC Camera;C:\WINDOWS\system32\Drivers\ClC360x1.SYS [2001-04-27 04:03]
S3 SUNPLUS;SightCAM PC-100p;C:\WINDOWS\system32\Drivers\SPIXNEW.SYS [2002-03-07 17:21]
S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;C:\WINDOWS\system32\DRIVERS\WebSTAR.sys []
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 11:52]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 14:57:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 10:57:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\conime.exe
.
**************************************************************************
.
Completion time: 2008-02-16 11:11:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 19:11:28
.
2008-02-13 08:02:36 --- E O F ---


Here's the HiJackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:25 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F4CAE19-6BA1-1054-F8BF-13A3928BF9C9} - C:\WINDOWS\system32\gfvj.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O2 - BHO: Multiply Toolbar - {A057A204-BACC-4D26-C4DC-6BA49CE16884} - C:\PROGRA~1\multiply\multiply.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (file missing)
O3 - Toolbar: Multiply Toolbar - {A057A204-BACC-4D26-C4DC-6BA49CE16884} - C:\PROGRA~1\multiply\multiply.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser .exe -hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight Monitor.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.chikka.com
O15 - Trusted Zone: http://toolbar.imageshack.us
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.chart...oad/tgctlsi.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://support.chart...ad/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...6/uploader2.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com...ideoControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130465459201
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direc.../dpcsysinfo.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinn...d/uninstall.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.g...zylomloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Norton LiveConnect Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Norton LiveConnect Service Ex (pifCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 13125 bytes

Edited by Yuri90, 16 February 2008 - 07:30 PM.

  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\mnbvbrmv.ini
C:\WINDOWS\SYSTEM32\vthaeduw.ini
C:\WINDOWS\SYSTEM32\opesoyry.ini
C:\WINDOWS\SYSTEM32\hpfbymhy.ini
C:\WINDOWS\SYSTEM32\kjveqpph.ini
C:\WINDOWS\SYSTEM32\snlnqush.ini
C:\WINDOWS\SYSTEM32\fgcmkjfi.ini
C:\WINDOWS\SYSTEM32\mmtcyqva.ini
C:\WINDOWS\SYSTEM32\ykvrxegc.ini
C:\WINDOWS\SYSTEM32\bqybxfts.ini
C:\WINDOWS\SYSTEM32\utpkonpo.ini
C:\WINDOWS\SYSTEM32\bacsqbvl.ini
C:\WINDOWS\SYSTEM32\rrjfturp.dll
C:\WINDOWS\SYSTEM32\prutfjrr.ini
C:\WINDOWS\SYSTEM32\xwwxlqkm.ini
C:\WINDOWS\SYSTEM32\cqmlmuyw.ini
C:\WINDOWS\SYSTEM32\uibhgkpp.ini
C:\WINDOWS\SYSTEM32\ahgadehe.ini
C:\WINDOWS\SYSTEM32\oxkhclmj.ini
C:\WINDOWS\SYSTEM32\cekynglm.ini
C:\WINDOWS\SYSTEM32\nhcwcakb.ini
C:\WINDOWS\SYSTEM32\pfuodtah.ini
C:\WINDOWS\SYSTEM32\vsjxhotj.ini
C:\WINDOWS\SYSTEM32\nkuihvgs.ini
C:\WINDOWS\SYSTEM32\umpdsqws.tmp
C:\WINDOWS\SYSTEM32\umpdsqws.ini
C:\WINDOWS\system32\gfvj.dll
Folder::
C:\Program Files\DownloadWare
C:\PROGRA~1\NEWDOT~1
C:\Program Files\DelFin
C:\Program Files\SaveNow
RenV::
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
C:\Program Files\Chikka\Chikka .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\DAEMON Tools Lite\daemon .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask .exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\VoloMedia\Podbridge launcher .exe
C:\WINDOWS\SM1BG .EXE
C:\WINDOWS\IME\IMJP8_1\IMJPMIG .EXE
C:\WINDOWS\IME\IMKR6_1\IMEKRMIG .EXE
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\IME\PINTLGNT\ImScInst .exe
C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP .EXE
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F4CAE19-6BA1-1054-F8BF-13A3928BF9C9}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadWare]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromulGate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaveNow]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
Yuri90

Yuri90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here's the ComboFix log:

ComboFix 08-02-14.2 - User 2008-02-17 8:08:26.2 - NTFSx86
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\ahgadehe.ini
C:\WINDOWS\SYSTEM32\bacsqbvl.ini
C:\WINDOWS\SYSTEM32\bqybxfts.ini
C:\WINDOWS\SYSTEM32\cekynglm.ini
C:\WINDOWS\SYSTEM32\cqmlmuyw.ini
C:\WINDOWS\SYSTEM32\fgcmkjfi.ini
C:\WINDOWS\system32\gfvj.dll
C:\WINDOWS\SYSTEM32\hpfbymhy.ini
C:\WINDOWS\SYSTEM32\kjveqpph.ini
C:\WINDOWS\SYSTEM32\mmtcyqva.ini
C:\WINDOWS\SYSTEM32\mnbvbrmv.ini
C:\WINDOWS\SYSTEM32\nhcwcakb.ini
C:\WINDOWS\SYSTEM32\nkuihvgs.ini
C:\WINDOWS\SYSTEM32\opesoyry.ini
C:\WINDOWS\SYSTEM32\oxkhclmj.ini
C:\WINDOWS\SYSTEM32\pfuodtah.ini
C:\WINDOWS\SYSTEM32\prutfjrr.ini
C:\WINDOWS\SYSTEM32\rrjfturp.dll
C:\WINDOWS\SYSTEM32\snlnqush.ini
C:\WINDOWS\SYSTEM32\uibhgkpp.ini
C:\WINDOWS\SYSTEM32\umpdsqws.ini
C:\WINDOWS\SYSTEM32\umpdsqws.tmp
C:\WINDOWS\SYSTEM32\utpkonpo.ini
C:\WINDOWS\SYSTEM32\vsjxhotj.ini
C:\WINDOWS\SYSTEM32\vthaeduw.ini
C:\WINDOWS\SYSTEM32\xwwxlqkm.ini
C:\WINDOWS\SYSTEM32\ykvrxegc.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\ahgadehe.ini
C:\WINDOWS\SYSTEM32\bacsqbvl.ini
C:\WINDOWS\SYSTEM32\bqybxfts.ini
C:\WINDOWS\SYSTEM32\cekynglm.ini
C:\WINDOWS\SYSTEM32\cqmlmuyw.ini
C:\WINDOWS\SYSTEM32\fgcmkjfi.ini
C:\WINDOWS\SYSTEM32\hpfbymhy.ini
C:\WINDOWS\SYSTEM32\kjveqpph.ini
C:\WINDOWS\SYSTEM32\mmtcyqva.ini
C:\WINDOWS\SYSTEM32\mnbvbrmv.ini
C:\WINDOWS\SYSTEM32\nhcwcakb.ini
C:\WINDOWS\SYSTEM32\nkuihvgs.ini
C:\WINDOWS\SYSTEM32\opesoyry.ini
C:\WINDOWS\SYSTEM32\oxkhclmj.ini
C:\WINDOWS\SYSTEM32\pfuodtah.ini
C:\WINDOWS\SYSTEM32\prutfjrr.ini
C:\WINDOWS\SYSTEM32\rrjfturp.dll
C:\WINDOWS\SYSTEM32\snlnqush.ini
C:\WINDOWS\SYSTEM32\uibhgkpp.ini
C:\WINDOWS\SYSTEM32\umpdsqws.ini
C:\WINDOWS\SYSTEM32\umpdsqws.tmp
C:\WINDOWS\SYSTEM32\utpkonpo.ini
C:\WINDOWS\SYSTEM32\vsjxhotj.ini
C:\WINDOWS\SYSTEM32\vthaeduw.ini
C:\WINDOWS\SYSTEM32\xwwxlqkm.ini
C:\WINDOWS\SYSTEM32\ykvrxegc.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 05:09 . 2008-02-17 05:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-15 23:40 . 2008-02-15 23:40 <DIR> d-------- C:\Norton
2008-02-15 23:09 . 2008-02-15 23:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 19:43 . 2008-02-16 10:26 12,830 --a------ C:\WINDOWS\BMfb20b004.xml
2008-02-15 17:10 . 2008-02-15 17:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-15 00:38 . 2008-02-15 19:23 <DIR> d-------- C:\SDFix
2008-02-09 23:33 . 2008-02-09 23:33 <DIR> d-------- C:\Intel
2008-02-09 23:17 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-02-09 23:13 . 2008-02-09 23:13 <DIR> d-------- C:\NVIDIA
2008-02-09 23:10 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\SYSTEM32\d3dx9_36.dll
2008-02-09 23:10 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_36.dll
2008-02-09 23:10 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\SYSTEM32\d3dx10_36.dll
2008-02-09 23:10 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\SYSTEM32\xactengine2_10.dll
2008-02-09 23:10 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\SYSTEM32\xactengine2_9.dll
2008-02-09 23:09 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\SYSTEM32\d3dx9_35.dll
2008-02-09 23:09 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\SYSTEM32\d3dx9_34.dll
2008-02-09 23:09 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_35.dll
2008-02-09 23:09 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_34.dll
2008-02-09 23:09 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\SYSTEM32\d3dx10_35.dll
2008-02-09 23:09 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\SYSTEM32\d3dx10_34.dll
2008-02-09 23:09 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\SYSTEM32\xactengine2_8.dll
2008-02-09 23:09 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\SYSTEM32\X3DAudio1_2.dll
2008-02-09 23:08 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_33.dll
2008-02-09 23:08 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\SYSTEM32\d3dx10_33.dll
2008-02-09 23:08 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\SYSTEM32\xactengine2_7.dll
2008-02-09 23:08 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\SYSTEM32\xinput1_3.dll
2008-02-09 23:07 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\SYSTEM32\d3dx9_33.dll
2008-02-09 23:07 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll
2008-02-09 23:07 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\SYSTEM32\d3dx9_31.dll
2008-02-09 23:07 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_6.dll
2008-02-09 23:07 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\SYSTEM32\xactengine2_5.dll
2008-02-09 23:07 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_4.dll
2008-02-09 23:07 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\SYSTEM32\xactengine2_3.dll
2008-02-09 23:07 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\SYSTEM32\x3daudio1_1.dll
2008-02-09 21:53 . 2008-02-09 21:53 <DIR> d-------- C:\Documents and Settings\User\Builds
2008-02-09 21:34 . 2008-02-10 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Outspark
2008-02-08 04:04 . 2008-02-09 03:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-08 04:04 . 2008-02-08 04:04 <DIR> d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-02-08 04:04 . 2008-02-08 04:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-06 19:16 . 2008-02-06 19:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 18:08 . 2008-01-30 19:44 <DIR> d-------- C:\VundoFix Backups
2008-01-29 21:45 . 2008-01-29 22:52 50 --a------ C:\WINDOWS\MegaManager.INI
2008-01-29 21:33 . 2008-01-29 21:33 <DIR> d-------- C:\Documents and Settings\User\Application Data\Megaupload
2008-01-29 21:28 . 2008-02-15 00:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\MegauploadToolbar
2008-01-27 02:14 . 2008-01-27 02:14 23,392 --a------ C:\WINDOWS\SYSTEM32\nscompat.tlb
2008-01-27 02:14 . 2008-01-27 02:14 16,832 --a------ C:\WINDOWS\SYSTEM32\amcompat.tlb
2008-01-27 01:57 . 1998-09-02 00:28 38,160 --a------ C:\WINDOWS\SYSTEM32\LMRTREND.dll
2008-01-27 01:56 . 1998-08-20 03:02 140,800 --a------ C:\WINDOWS\SYSTEM32\tm20dec.ax
2008-01-27 01:55 . 1998-08-26 20:51 182,032 --a------ C:\WINDOWS\SYSTEM32\dxtmsft3.dll
2008-01-27 01:52 . 1998-09-02 00:28 63,488 --a------ C:\WINDOWS\SYSTEM32\unam4ie.exe
2008-01-27 01:51 . 1998-09-02 00:02 194,320 --a------ C:\WINDOWS\SYSTEM32\qcut.dll
2008-01-27 01:51 . 1998-08-17 01:21 11,776 --a------ C:\WINDOWS\SYSTEM32\mciqtz.drv
2008-01-27 01:51 . 1998-08-17 01:21 10,240 --a------ C:\WINDOWS\SYSTEM32\vidx16.dll
2008-01-27 01:51 . 1998-08-17 01:21 5,672 --a------ C:\WINDOWS\SYSTEM32\quartz.vxd
2008-01-27 01:50 . 2008-01-27 01:50 4,608 --a------ C:\WINDOWS\SYSTEM32\w95inf32.dll
2008-01-27 01:50 . 2008-01-27 01:50 2,272 --a------ C:\WINDOWS\SYSTEM32\w95inf16.dll
2008-01-27 01:30 . 2008-01-27 01:30 <DIR> d-------- C:\Documents and Settings\User\Application Data\DAEMON Tools
2008-01-27 01:29 . 2008-02-17 08:08 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-26 23:52 . 2008-01-26 23:52 15,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2008-01-26 23:52 . 2008-01-26 23:52 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-01-26 23:51 . 2008-01-27 21:01 455,168 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tintsetp.exe
2008-01-26 23:51 . 2008-01-27 21:01 208,952 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imjpmig.exe
2008-01-26 23:51 . 2008-01-27 21:01 59,392 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imscinst.exe
2008-01-26 23:51 . 2008-01-27 21:01 44,032 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imekrmig.exe
2008-01-26 09:05 . 2008-01-26 09:08 8,628 --ah----- C:\TLOVE.GID
2008-01-26 04:08 . 2008-01-26 04:08 94,208 --a------ C:\WINDOWS\SM1BG.EXE
2008-01-26 03:41 . 2008-01-26 03:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\Fujitsu
2008-01-26 03:39 . 2008-01-26 03:39 256 --ah----- C:\WINDOWS\SYSTEM32\LTAW14FN.BIN
2008-01-26 03:39 . 2008-01-26 03:39 256 --ah----- C:\WINDOWS\SYSTEM32\FJLTAFOU.BIN
2008-01-26 02:02 . 2008-02-14 23:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-26 02:02 . 2008-01-26 02:02 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 16:08 --------- d-----w C:\Program Files\VoloMedia
2008-02-17 16:08 --------- d-----w C:\Program Files\QuickTime
2008-02-17 16:08 --------- d-----w C:\Program Files\MSN Messenger
2008-02-17 16:08 --------- d-----w C:\Program Files\Lexmark 2200 Series
2008-02-17 16:08 --------- d-----w C:\Program Files\iTunes
2008-02-17 16:08 --------- d-----w C:\Program Files\Chikka
2008-02-17 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-16 09:13 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-16 09:13 60,800 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-02-16 09:13 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-16 09:13 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-16 09:13 --------- d-----w C:\Program Files\Symantec
2008-02-16 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-16 05:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-16 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-02-15 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-13 07:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-10 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 06:04 --------- d-----w C:\Program Files\DivX
2008-01-30 04:31 --------- d-----w C:\Program Files\Eraser
2008-01-27 07:45 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-26 14:41 --------- d-----w C:\Program Files\Anvil Studio
2008-01-12 00:52 --------- d-----w C:\Program Files\PodBridge
2008-01-12 00:52 --------- d-----w C:\Documents and Settings\User\Application Data\Podbridge Service
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2008-01-04 21:58 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-04 21:58 3,596,288 -c--a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2008-01-04 21:58 129,784 -c--a-w C:\WINDOWS\SYSTEM32\pxafs.dll
2008-01-04 21:58 120,056 -c--a-w C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2008-01-04 21:58 118,520 -c--a-w C:\WINDOWS\SYSTEM32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2008-01-04 21:57 81,920 -c--a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2008-01-04 21:57 593,920 -c--a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2008-01-04 21:57 57,344 -c--a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2008-01-04 21:57 53,248 -c--a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2008-01-04 21:57 344,064 -c--a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2008-01-04 21:57 294,912 -c--a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2008-01-04 21:57 294,912 -c--a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2008-01-04 21:57 196,608 -c--a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-07 14:37 3,059,200 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-07 01:07 96,256 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-12-07 01:07 659,456 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-12-07 01:07 615,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-12-07 01:07 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-12-07 01:07 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-12-07 01:07 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-12-07 01:07 449,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-12-07 01:07 39,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-12-07 01:07 357,888 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-07 01:07 251,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2007-12-07 01:07 205,312 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-12-07 01:07 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-12-07 01:07 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-12-07 01:07 146,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-12-07 01:07 1,494,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-12-07 01:07 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-12-07 01:07 1,023,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-12-06 13:07 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-10-27 23:53 81,920 ----a-w C:\Documents and Settings\User\Application Data\ezpinst.exe
2007-10-27 23:53 47,360 -c--a-w C:\Documents and Settings\User\Application Data\pcouffin.sys
2007-07-28 23:11 83,008 -c--a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2006-12-30 20:19 491,008 -c--a-w C:\Program Files\New_Year_Prayer.pps
2006-12-04 17:07 218,306,392 -c--a-w C:\Program Files\Accounting Express.exe
2003-08-27 22:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
2001-07-17 11:08 65,536 -c----w C:\WINDOWS\INF\copyinf.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C4DC-6BA49CE16884}]
2007-10-18 12:25 1938232 --a------ C:\PROGRA~1\multiply\multiply.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{A057A204-BACC-4D26-C4DC-6BA49CE16884}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c4dc-6ba49ce16884}]
[HKEY_CLASSES_ROOT\multiply.MULTIPLY]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-C4DC-6BA49CE16884}"= C:\PROGRA~1\multiply\multiply.dll [2007-10-18 12:25 1938232]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c4dc-6ba49ce16884}]
[HKEY_CLASSES_ROOT\multiply.MULTIPLY]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-27 21:03 6049792]
"Eraser"="C:\Program Files\Eraser\Eraser .exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-27 21:02 486856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ypagerps3"="cmd.exe" [2004-08-03 23:56 388608 C:\WINDOWS\SYSTEM32\cmd.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2001-09-04 13:31 655360 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
--a--c--- 2001-10-09 14:06 818688 C:\WINDOWS\System32\LXSUPMON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2003-08-05 20:29 1578160 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-09-13 11:27 204845 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 16:53]
S2 Norton LiveConnect Service;Norton LiveConnect Service;"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
S2 pifCore;Norton LiveConnect Service Ex;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-06-04 18:05]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 10:48]
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 21:29]
S3 DCamUSBGrandTek;Clever Cam 360 PC Camera;C:\WINDOWS\system32\Drivers\ClC360x1.SYS [2001-04-27 04:03]
S3 SUNPLUS;SightCAM PC-100p;C:\WINDOWS\system32\Drivers\SPIXNEW.SYS [2002-03-07 17:21]
S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;C:\WINDOWS\system32\DRIVERS\WebSTAR.sys []
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 11:52]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 14:57:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 08:16:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll
.
Completion time: 2008-02-17 8:21:09
ComboFix-quarantined-files.txt 2008-02-17 16:20:38
ComboFix2.txt 2008-02-16 19:11:37
.
2008-02-13 08:02:36 --- E O F ---


Here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:30 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O2 - BHO: Multiply Toolbar - {A057A204-BACC-4D26-C4DC-6BA49CE16884} - C:\PROGRA~1\multiply\multiply.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (file missing)
O3 - Toolbar: Multiply Toolbar - {A057A204-BACC-4D26-C4DC-6BA49CE16884} - C:\PROGRA~1\multiply\multiply.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser .exe -hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight Monitor.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.chikka.com
O15 - Trusted Zone: http://toolbar.imageshack.us
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.chart...oad/tgctlsi.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://support.chart...ad/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...6/uploader2.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com...ideoControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130465459201
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direc.../dpcsysinfo.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinn...d/uninstall.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.g...zylomloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Norton LiveConnect Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Norton LiveConnect Service Ex (pifCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12870 bytes



Once again, I really appreciate you helping me, kahdah.
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
Yuri90

Yuri90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I'm terribly sorry for the late reply. I have a few things going on, and I only had a chance to do this now. I'm really sorry.

Anyway, here's the Kaspersky WebScanner report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 20, 2008 3:46:46 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/02/2008
Kaspersky Anti-Virus database records: 573463
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 88138
Number of viruses found: 10
Number of infected objects: 93
Number of suspicious objects: 0
Duration of the scan process: 07:26:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-19_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP9BFA59B0.htm Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-13546ad9-703b9e7d.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-13546ad9-703b9e7d.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-13861c29-28ef3b09.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-13861c29-28ef3b09.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-1d22a678-3eda7382.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-1d22a678-3eda7382.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-1d8c8594-336482d0.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-1d8c8594-336482d0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-1f9b708b-26b02152.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-1f9b708b-26b02152.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-2224b314-1dd55be2.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-2224b314-1dd55be2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-25705fb4-2b7176b1.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-25705fb4-2b7176b1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-2ecf098a-713d2f6f.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-2ecf098a-713d2f6f.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-334f68bb-154cff96.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-334f68bb-154cff96.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-58581c27-66afb4c3.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-58581c27-66afb4c3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-5ea3e6c5-73efa1fe.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-5ea3e6c5-73efa1fe.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-6649d43f-47a200c9.zip/Beyond.class Infected: Trojan-Dropper.Java.Beyond.b skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-6649d43f-47a200c9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-6973dc67-765f7e41.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-6973dc67-765f7e41.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-6afd3e27-478a7b2f.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-6afd3e27-478a7b2f.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-6e515e1-258510b6.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-6e515e1-258510b6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-76821bb8-306636db.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-76821bb8-306636db.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-77402a30-39eb66a7.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-77402a30-39eb66a7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-78ee691-551d4be9.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-78ee691-551d4be9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-78eef63f-46220947.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-78eef63f-46220947.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-7a8f2bcb-69f1785a.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\ar3.jar-7a8f2bcb-69f1785a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv2.jar-19b35d14-36e5029f.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv2.jar-19b35d14-36e5029f.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv453.jar-1f16a0fa-2b799671.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv453.jar-1f16a0fa-2b799671.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv493.jar-157d2efd-12e9eb9f.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv493.jar-157d2efd-12e9eb9f.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv493.jar-25ea0376-24581dc4.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv493.jar-25ea0376-24581dc4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv500.jar-4b4a5a9d-2a18d7b2.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv500.jar-4b4a5a9d-2a18d7b2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv74.jar-170b188f-22aeb6a7.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv74.jar-170b188f-22aeb6a7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv78.jar-17437693-437914b1.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\loaderadv78.jar-17437693-437914b1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\newstyle.jar-28888d65-2cd6b5fb.zip/Beyond.class Infected: Trojan.Java.StartPage.o skipped
C:\Documents and Settings\User\.jpi_cache\jar\1.0\newstyle.jar-28888d65-2cd6b5fb.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-61e2faff.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-61e2faff.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\User\Desktop\[Miko]\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\User\Desktop\[Miko]\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\User\Desktop\[Miko]\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\User\Desktop\[Miko]\mirc621.exe NSIS: infected - 2 skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\ntuser.dat Object is locked skipped
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ajsjwfai.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aumjxnfa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bgpnbhtg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir EmbeddedEXE: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cvkseydm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cxhlyxxv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.edw skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dobwkldv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\efedd.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\eujtwqxq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fgsfcpmo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fqqtfvhr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ggjfjpad.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hbuxpemh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jhiyagse.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kjbelkgt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kwvqbgmj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lcdanpnb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lpghfmrk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qjlfqjqh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qvxetpjt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rrjfturp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sqqcrvqh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\twvsvwcq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\umgynrfu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vwnttnux.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xiqjyxcp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xqpmibuj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xyrtyqlv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-16_105657.10.zip/efedd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-16_105657.10.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000007.exe Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000014.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000015.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000016.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000017.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000018.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000019.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000020.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000021.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000022.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000023.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000024.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000025.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000026.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000027.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000028.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000029.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000030.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000031.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000032.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000033.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000034.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000035.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000036.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000037.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000038.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000048.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3\A0000287.dll Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\netsetup.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\upnp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ319580$\reg00003 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\RTacDbg.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No problem. :)

If Norton is not being used anymore or is out of date.
Uninstall it.
Then please Download this anti-virus program and install it.
This is free.
AVG free
==========================================================
  • Please go to Start > Control Panel
  • on the top left hand corner will be a setting to Switch to Classic view.
  • Click that unless it is like that already.
  • Then double click on the Java icon.
  • Under the General tab at the top look at the bottom and you will see a setting called Temporary Internet Files.
  • Click on Settings and then click on Delete Files click ok at the prompt and then close out of that
===========================================================================
After that I see that you have BitTorrent installed.
Having P2p programs such as these raise the possibility of getting infected again.
See here for information on P2P's.
I will leave it up to you if you want to remove it.
To remove it just simply uninstall it then delete this folder>C:\Program Files\BitTorrent
=============================================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will delete and do the following:

    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete\uninstall anything that we used that is left over.

Doing the above removes what is left in the kaspersky log

===========================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#11
Yuri90

Yuri90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you very much!

I'll do everything as instructed. Again, thank you very much!
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP