Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Start programs keep getting uninstalled

Started by mister leigh , Feb 16 2008 08:42 AM

  • Please log in to reply

#1
mister leigh
Posted 16 February 2008 - 08:42 AM

mister leigh

    Member

  • Member
  • PipPip
  • 64 posts
So I have been having a problem with what I assume is a Trojan Horse for the past month or so. Basically, what happens is when I start my computer the following programs usually end up getting uninstalled:

- Google Desktop
- Google Talk
- AIM
- Symantec Antivirus (when I had it)
- Weatherbug
- DaemonTools

and so on. All of these programs are in my start up folder. Symantec identified the issue as a trojan horse, calling attention to a file byxxv.exe in my system32 folder, said it deleted it but never ended up actually fixing the problem. I don't know if the file was deleted, but I still get an error that this file cannot be found on startup.

I also did the Panda antivirus scan which also identified the .exe file as a problem, it said it was making it so that the file is inaccessible, but is not fixing the problem. Also, I uninstalled Symantec and now just use AVAST antivirus, which hasn't fixed the issue, either.

Anyways, here is my HiJack this log, followed by an uninstall list.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:30 AM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\OpenSSH\bin\cygrunsrv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\OpenSSH\usr\sbin\sshd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\program files\Google\Google Desktop Search\GoogleDesktop .exe
C:\Program Files\Last.fm\LastFM.exe
C:\program files\Google\Google Talk\googletalk.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Ahead\Nero\nero.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\cbxuvst.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fnlossmj.dll (file missing)
O2 - BHO: (no name) - {E203294F-F1F3-4621-83DD-61B4AC1D1DD3} - C:\WINDOWS\system32\byxxv.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: {02cda7e2-3054-122a-7044-8bdf5cdc8ace} - {eca8cdc5-fdb8-4407-a221-45032e7adc20} - C:\WINDOWS\system32\qfdprriw.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ScanSoft PDF Create! 4-reminder] "C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Create\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....abs/tgctlsr.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2p...bs/QOLCheck.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194196428877
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B19A44-BCCD-4ED6-B0F2-D94E9F57EA7A}: NameServer = 66.92.159.2,216.231.41.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: cbxuvst - cbxuvst.dll (file missing)
O20 - Winlogon Notify: fnlossmj - fnlossmj.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenSSH Server (OpenSSHd) - Unknown owner - C:\Program Files\OpenSSH\bin\cygrunsrv.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8518 bytes

What follows is the uninstall list:

µTorrent
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.5
Agere Systems AC'97 Modem
AIM+ (remove only)
Alt Clock Synchronizer 1.5
AltoMP3 Gold 5.12
Anapod Explorer (remove only)
AnswerWorks 4.0 Runtime - English
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Astro Gemini Screensaver Manager 1.2
Atomic Alarm Clock 4.25
Atomic Clock Sync
ATT 1.4 Engine Only (no voices)
avast! Antivirus
AVI/MPEG/RM/WMV Joiner 4.82
BitTornado 0.3.7
BitTorrent 4.2.2
CDisplay 1.8
Citrix ICA Web Client
Comcast High-Speed Internet Install Wizard
Cool Edit Pro 2.1
Desktop Doctor
DVD Decrypter (Remove Only)
DVD Shrink 3.2
eMusic - 50 Free MP3 offer
Exact Audio Copy 0.95b4
ffdshow
FLAC Installer 1.1.3b (remove only)
FlashFXP v3
FLV Player 1.3.3
Free Natural text to speech reader
GoldenCasino
Google Desktop
Google Desktop System Monitor Plugin
Google Talk (remove only)
Google Video Player
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Image Grabber II
ImageMagick 6.3.0-4 Q16 (11/15/06)
Intel® Extreme Graphics 2 Driver
Intel® PROSet/Wireless Software
iPod for Windows 2006-01-10
iPodLibrary v1.2b
iScrobbler
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Juice 2.2
K-Lite Mega Codec Pack 1.46
Last.fm 1.4.2.58376
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
MakeTorrent v2.1
mCore
mDriver
mDrWiFi
mEoU.msi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
Microsoft Text-to-Speech Engine 4.0 (English)
middle_man
mIRC
mIWA
mIWCA
mLogView
mMHouse
Mozilla Firefox (2.0.0.11)
Mozilla Sunbird (0.3)
Mozilla Thunderbird (2.0.0.9)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
mZConfig
Nero 6 Ultra Edition
Netscape Browser (remove only)
NewsLeecher
NVIDIA Media Center extensions for DVD
NVIDIA PureVideo Decoder
OpenOffice.org 2.3
OpenSSH for Windows (remove only)
Pamela Pro 1.38a
Picasa 2
PowerDVD
QuickPar 0.9
QuickTime
RealPlayer
ScanSoft PDF Create! 4
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Skype 3.0
Skype Plugin Manager
SoulSeek Client 156c
Spybot - Search & Destroy 1.4
TextAloud
Trillian
TurboTax Deluxe 2007
Ultra Hal Text-to-Speech Reader
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VeryPDF PDF2Word v3.0
VideoLAN VLC media player 0.8.5
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WeatherBug
Winamp
Winamp Remote
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinHTTrack Website Copier 3.33
WinMPG VideoConvert 6.2.1
WinRAR archiver
x264 Revision 437 x264.nl (remove only)
x264 Revision 506 x264.nl (remove only)
XviD 1.1 final uninstall

Thanks in advance for all of your help!
  • 0

Advertisements

#2
kahdah
Posted 16 February 2008 - 10:02 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello mister leigh

Welcome to G2Go. :)
================
You mentioned symantec are you still running Norton antivirus if so uninstall it because you should not have 2 antivirus programs running.
I do not see it in your add\remove programs so go Here and download the removal tool for your product and then run it.
It should remove all of norton remnants.
==========
After that Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
mister leigh
Posted 16 February 2008 - 03:22 PM

mister leigh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Mr. kahdah,

I did indeed remove all antivirus products before installing avast antivirus. Actually, at one point I had Panda and Symantec installed and my whole computer froze up and was unusable unless in safe mode. Fortunately, I was able to uninstall one program in safe mode and work from there.

Anyways, I followed your directions, and here are my results:

First the combofix log.

ComboFix 08-02-14.2 - Bradbury 2008-02-16 14:02:19.1 - NTFSx86
Running from: C:\Documents and Settings\Bradbury\Desktop\incoming\++Incoming Bittorrent\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byxxv.exe
C:\WINDOWS\system32\ctgsgcjc.ini
C:\WINDOWS\system32\diwueufg.ini
C:\WINDOWS\system32\dkmfwcnr.ini
C:\WINDOWS\system32\euefbqjm.ini
C:\WINDOWS\system32\fnlossmj.dllbox
C:\WINDOWS\system32\inopekqx.ini
C:\WINDOWS\system32\joesbjyc.ini
C:\WINDOWS\system32\kqbaxsoj.ini
C:\WINDOWS\system32\lsruuegh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mtmoypsn.ini
C:\WINDOWS\system32\nblpgtpy.ini
C:\WINDOWS\system32\nblpgtpy.ini2
C:\WINDOWS\system32\nblpgtpy.tmp
C:\WINDOWS\system32\omyolstu.ini
C:\WINDOWS\system32\pwvpwflt.ini
C:\WINDOWS\system32\qfdprriw.dll
C:\WINDOWS\system32\qhaimhsi.dll
C:\WINDOWS\system32\urqdrapj.ini
C:\WINDOWS\system32\vxxyb.ini
C:\WINDOWS\system32\vxxyb.ini2
C:\WINDOWS\system32\xgcealay.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 11:17 . 2008-02-16 11:24 <DIR> d-------- C:\Program Files\SopCast
2008-02-13 23:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-13 22:27 . 2008-02-13 22:27 <DIR> d-------- C:\Program Files\Avast4
2008-02-13 22:27 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-13 22:27 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-13 22:27 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-13 22:27 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-13 22:27 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-13 22:27 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-13 22:27 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-13 22:27 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-13 09:11 . 2008-02-13 09:11 <DIR> d-------- C:\Program Files\AWS
2008-02-13 07:20 . 2008-02-14 07:55 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-12 18:05 . 2008-02-12 18:05 103 --a------ C:\WINDOWS\pro.INI
2008-02-12 13:02 . 2008-02-12 20:13 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-02-12 08:45 . 2008-02-12 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-12 08:35 . 2008-02-12 16:31 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-11 21:55 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-11 21:42 . 2008-02-11 21:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-11 21:42 . 2008-02-11 21:42 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-11 18:43 . 2008-02-11 18:43 1,222,839 --ahs---- C:\WINDOWS\system32\urqdrapj.tmp
2008-02-10 18:47 . 2008-02-10 18:47 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-10 18:47 . 2008-02-10 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-10 18:46 . 2008-02-10 18:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-31 18:01 . 2008-02-01 01:04 318 --ahs---- C:\WINDOWS\system32\ffhjl.ini
2008-01-27 20:02 . 2008-01-27 20:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-27 16:26 . 2008-01-27 16:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Zeon
2008-01-27 16:08 . 2008-01-27 16:08 1,883,640 --ahs---- C:\WINDOWS\system32\inftqswe.ini
2008-01-27 15:40 . 2008-01-27 15:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-26 09:18 . 2008-01-26 09:18 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-26 09:14 . 2008-01-26 09:17 <DIR> d-------- C:\WINDOWS\ShellNew
2008-01-24 18:12 . 2008-01-27 15:58 1,933,371 --ahs---- C:\WINDOWS\system32\ntjygpyf.ini
2008-01-24 09:55 . 2008-01-25 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-24 06:10 . 2008-01-24 06:10 <DIR> d-------- C:\Documents and Settings\Bradbury\Application Data\DAEMON Tools
2008-01-24 04:00 . 2008-01-24 04:00 <DIR> d-------- C:\Program Files\AskSBar
2008-01-23 17:49 . 2008-01-23 17:49 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-01-23 07:56 . 2008-01-23 17:32 319 --ahs---- C:\WINDOWS\system32\wwvut.ini
2008-01-17 21:47 . 2008-01-17 21:47 <DIR> d-------- C:\Program Files\Atomic Alarm Clock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 19:18 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\OpenOffice.org2
2008-02-16 19:01 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\uTorrent
2008-02-16 19:00 --------- d-----w C:\Program Files\Soulseek
2008-02-16 16:55 --------- d-----w C:\Program Files\TextAloud
2008-02-14 22:33 --------- d-----w C:\Program Files\AIM
2008-02-14 12:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 04:50 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-14 04:43 --------- d-----w C:\Program Files\Java
2008-02-13 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-12 21:56 --------- d-----w C:\Program Files\AOD
2008-02-12 04:21 --------- d-----w C:\Program Files\Winamp
2008-02-12 04:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-12 04:13 --------- d-----w C:\Program Files\NewsLeecher
2008-02-12 04:09 --------- d-----w C:\Program Files\Last.fm
2008-02-12 04:05 --------- d-----w C:\Program Files\FlashFXP
2008-02-07 22:44 --------- d-----w C:\Program Files\iTunes
2008-01-24 09:23 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-23 01:18 --------- d-----w C:\Program Files\Atomic Clock Sync
2008-01-23 01:16 --------- d-----w C:\Program Files\ltmoh
2008-01-19 19:37 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\U3
2008-01-16 00:14 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\Intuit
2008-01-16 00:04 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-16 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-01-16 00:00 --------- d-----w C:\Program Files\Common Files\Intuit
2008-01-15 23:37 --------- d-----w C:\Program Files\TurboTax
2008-01-15 04:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-14 19:33 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\iSproggler
2008-01-10 16:56 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\WeatherBug
2008-01-05 00:22 --------- d-----w C:\Program Files\ATTNaturalVoices
2008-01-04 06:20 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-01-03 03:05 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2008-01-03 02:29 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\AdobeUM
2007-12-27 03:21 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\Apple Computer
2007-12-17 19:16 --------- d-----w C:\Program Files\7-Zip
2007-11-10 23:06 24,088 ----a-w C:\Documents and Settings\Bradbury\Application Data\GDIPFONTCACHEV1.DAT
.
<pre>
----a-w			29,744 2008-02-14 00:51:25  C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
----a-w			59,392 2008-01-24 11:03:23  C:\WINDOWS\ehome\ehtray .exe
----a-w		   158,208 2008-02-13 01:13:01  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			15,360 2008-02-13 01:13:10  C:\WINDOWS\system32\ctfmon .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E203294F-F1F3-4621-83DD-61B4AC1D1DD3}]
C:\WINDOWS\system32\byxxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-24 04:00 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F053C368-5458-45B2-9B4D-D8914BDDDBFF}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-24 04:00 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2008-02-13 19:51 67160]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanSoft PDF Create! 4-reminder"="C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2008-02-13 19:51 3739648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-02-12 16:44 158208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"360SCProgram"="" []

C:\Documents and Settings\Bradbury\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-29 20:20:44 106496]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvst]
cbxuvst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fnlossmj]
fnlossmj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-10-03 21:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 14:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ultra Hal Text-to-Speech Reader Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ultra Hal Text-to-Speech Reader Startup.lnk
backup=C:\WINDOWS\pss\Ultra Hal Text-to-Speech Reader Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bradbury^Start Menu^Programs^Startup^Anapod Manager.lnk]
path=C:\Documents and Settings\Bradbury\Start Menu\Programs\Startup\Anapod Manager.lnk
backup=C:\WINDOWS\pss\Anapod Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bradbury^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\Bradbury\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bradbury^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Bradbury\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\506227aa]
C:\WINDOWS\system32\yptgplbn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-02-14 00:59 88107 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2008-02-13 19:51 67160 C:\PROGRA~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atomic.exe]
C:\Program Files\Atomic Clock Sync\Atomic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-12 16:44 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 07:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2008-02-13 19:51 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSproggler]
C:\Program Files\iSproggler\iSproggler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\byxxv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 17:32 25365032 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniKey]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe

R1 PamelaVirtualCable;Pamela Virtual Cable;C:\WINDOWS\system32\drivers\pvckmd.sys [2006-10-08 20:00]
R2 ipasintf;ipasintf;C:\WINDOWS\System32\drivers\pas2k.sys [2000-10-03 07:29]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
R2 OpenSSHd;OpenSSH Server;C:\Program Files\OpenSSH\bin\cygrunsrv.exe [2004-04-18 06:11]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2002-11-07 10:13]
R3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-03 18:04]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 flash;flash;C:\WINDOWS\system32\drivers\flash.sys [2003-08-29 21:47]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b097025-a5ee-11dc-bef8-0012f007639c}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 14:19:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\pvcumd.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\pvcumd.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\pvcumd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\OpenSSH\usr\sbin\sshd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2008-02-16 14:22:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 19:22:29
.
2008-02-04 19:11:54 --- E O F ---


Now the hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:04 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\OpenSSH\bin\cygrunsrv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\OpenSSH\usr\sbin\sshd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {E203294F-F1F3-4621-83DD-61B4AC1D1DD3} - C:\WINDOWS\system32\byxxv.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ScanSoft PDF Create! 4-reminder] "C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Create\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....abs/tgctlsr.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2p...bs/QOLCheck.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194196428877
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B19A44-BCCD-4ED6-B0F2-D94E9F57EA7A}: NameServer = 66.92.159.2,216.231.41.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: cbxuvst - cbxuvst.dll (file missing)
O20 - Winlogon Notify: fnlossmj - fnlossmj.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenSSH Server (OpenSSHd) - Unknown owner - C:\Program Files\OpenSSH\bin\cygrunsrv.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7832 bytes

Again, thank you for your help!
  • 0

#4
kahdah
Posted 16 February 2008 - 06:07 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)
============================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\pvcumd.dll
C:\WINDOWS\system32\urqdrapj.tmp
C:\WINDOWS\system32\ffhjl.ini
C:\WINDOWS\system32\inftqswe.ini
C:\WINDOWS\system32\ntjygpyf.ini
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
C:\WINDOWS\system32\wwvut.ini
C:\WINDOWS\system32\byxxv.dll
C:\WINDOWS\system32\yptgplbn.dll
Folder::
C:\Program Files\Viewpoint
Dirlook::
C:\WINDOWS\ShellNew
RenV::
C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
C:\WINDOWS\system32\ctfmon .exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E203294F-F1F3-4621-83DD-61B4AC1D1DD3}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvst]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fnlossmj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\506227aa]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
Driver::
Viewpoint Manager Service


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#5
mister leigh
Posted 17 February 2008 - 11:06 PM

mister leigh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I believe the problem has been fixed. When I rebooted none of the programs needed to be reinstalled!

ComboFix 08-02-14.2 - Bradbury 2008-02-17 23:10:42.2 - NTFSx86
Running from: C:\Documents and Settings\Bradbury\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bradbury\Desktop\cfscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
C:\WINDOWS\system32\byxxv.dll
C:\WINDOWS\system32\ffhjl.ini
C:\WINDOWS\system32\inftqswe.ini
C:\WINDOWS\system32\ntjygpyf.ini
C:\WINDOWS\system32\pvcumd.dll
C:\WINDOWS\system32\urqdrapj.tmp
C:\WINDOWS\system32\wwvut.ini
C:\WINDOWS\system32\yptgplbn.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Manager\CPtask.xml
C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C_.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
C:\WINDOWS\system32\ffhjl.ini
C:\WINDOWS\system32\inftqswe.ini
C:\WINDOWS\system32\ntjygpyf.ini
C:\WINDOWS\system32\pvcumd.dll
C:\WINDOWS\system32\urqdrapj.tmp
C:\WINDOWS\system32\wwvut.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_VIEWPOINT_MANAGER_SERVICE
-------\Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-16 11:17 . 2008-02-16 11:24 <DIR> d-------- C:\Program Files\SopCast
2008-02-13 23:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-13 22:27 . 2008-02-13 22:27 <DIR> d-------- C:\Program Files\Avast4
2008-02-13 22:27 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-13 22:27 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-13 22:27 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-13 22:27 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-13 22:27 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-13 22:27 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-13 22:27 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-13 22:27 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-13 09:11 . 2008-02-13 09:11 <DIR> d-------- C:\Program Files\AWS
2008-02-13 07:20 . 2008-02-14 07:55 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-12 20:13 . 2008-02-12 20:13 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-02-12 18:05 . 2008-02-12 18:05 103 --a------ C:\WINDOWS\pro.INI
2008-02-12 08:45 . 2008-02-12 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-12 08:35 . 2008-02-12 16:31 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-11 21:55 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-11 21:42 . 2008-02-11 21:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-11 21:42 . 2008-02-11 21:42 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-10 18:47 . 2008-02-10 18:47 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-10 18:47 . 2008-02-10 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-10 18:46 . 2008-02-10 18:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 20:02 . 2008-01-27 20:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-27 16:26 . 2008-01-27 16:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Zeon
2008-01-27 15:40 . 2008-01-27 15:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-26 09:18 . 2008-01-26 09:18 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-26 09:14 . 2008-01-26 09:17 <DIR> d-------- C:\WINDOWS\ShellNew
2008-01-24 09:55 . 2008-01-25 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-24 06:10 . 2008-01-24 06:10 <DIR> d-------- C:\Documents and Settings\Bradbury\Application Data\DAEMON Tools
2008-01-24 06:03 . 2008-01-24 06:03 59,392 --a--c--- C:\WINDOWS\system32\dllcache\ehtray.exe
2008-01-24 04:00 . 2008-01-24 04:00 <DIR> d-------- C:\Program Files\AskSBar
2008-01-23 17:49 . 2008-01-23 17:49 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 04:17 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\uTorrent
2008-02-18 03:57 --------- d-----w C:\Program Files\Soulseek
2008-02-17 18:23 --------- d-----w C:\Program Files\TextAloud
2008-02-16 19:18 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\OpenOffice.org2
2008-02-14 22:33 --------- d-----w C:\Program Files\AIM
2008-02-14 12:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 04:50 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-14 04:43 --------- d-----w C:\Program Files\Java
2008-02-13 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-12 21:56 --------- d-----w C:\Program Files\AOD
2008-02-12 04:21 --------- d-----w C:\Program Files\Winamp
2008-02-12 04:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-12 04:13 --------- d-----w C:\Program Files\NewsLeecher
2008-02-12 04:09 --------- d-----w C:\Program Files\Last.fm
2008-02-12 04:05 --------- d-----w C:\Program Files\FlashFXP
2008-02-07 22:44 --------- d-----w C:\Program Files\iTunes
2008-01-24 09:23 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-23 01:18 --------- d-----w C:\Program Files\Atomic Clock Sync
2008-01-23 01:16 --------- d-----w C:\Program Files\ltmoh
2008-01-19 19:37 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\U3
2008-01-18 02:47 --------- d-----w C:\Program Files\Atomic Alarm Clock
2008-01-16 00:14 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\Intuit
2008-01-16 00:04 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-16 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-01-16 00:00 --------- d-----w C:\Program Files\Common Files\Intuit
2008-01-15 23:37 --------- d-----w C:\Program Files\TurboTax
2008-01-15 04:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-14 19:33 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\iSproggler
2008-01-10 16:56 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\WeatherBug
2008-01-05 00:22 --------- d-----w C:\Program Files\ATTNaturalVoices
2008-01-04 06:20 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-01-03 03:05 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2008-01-03 02:29 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\AdobeUM
2007-12-27 03:21 --------- d-----w C:\Documents and Settings\Bradbury\Application Data\Apple Computer
2007-11-10 23:06 24,088 ----a-w C:\Documents and Settings\Bradbury\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\ShellNew ----

2000-04-06 16:49 98304 --a------ C:\WINDOWS\ShellNew\ACCESS9.MDB
2000-02-06 13:26 11776 --a------ C:\WINDOWS\ShellNew\EXCEL9.XLS
1999-03-10 08:41 11264 --a------ C:\WINDOWS\ShellNew\PWRPNT10.POT
1997-08-01 00:37 10752 --a------ C:\WINDOWS\ShellNew\WINWORD8.DOC


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-24 04:00 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F053C368-5458-45B2-9B4D-D8914BDDDBFF}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-24 04:00 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2008-02-13 19:51 67160]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanSoft PDF Create! 4-reminder"="C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2008-02-13 19:51 3739648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-13 19:51 29744]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-02-12 20:13 158208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"360SCProgram"="" []

C:\Documents and Settings\Bradbury\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-29 20:20:44 106496]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-10-03 21:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 14:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ultra Hal Text-to-Speech Reader Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ultra Hal Text-to-Speech Reader Startup.lnk
backup=C:\WINDOWS\pss\Ultra Hal Text-to-Speech Reader Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bradbury^Start Menu^Programs^Startup^Anapod Manager.lnk]
path=C:\Documents and Settings\Bradbury\Start Menu\Programs\Startup\Anapod Manager.lnk
backup=C:\WINDOWS\pss\Anapod Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bradbury^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\Bradbury\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bradbury^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Bradbury\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-02-14 00:59 88107 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2008-02-13 19:51 67160 C:\PROGRA~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atomic.exe]
C:\Program Files\Atomic Clock Sync\Atomic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-12 16:44 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2008-01-24 06:03 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-02-13 19:51 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2008-02-13 19:51 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSproggler]
C:\Program Files\iSproggler\iSproggler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 17:32 25365032 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniKey]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe

R1 PamelaVirtualCable;Pamela Virtual Cable;C:\WINDOWS\system32\drivers\pvckmd.sys [2006-10-08 20:00]
R2 ipasintf;ipasintf;C:\WINDOWS\System32\drivers\pas2k.sys [2000-10-03 07:29]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
R2 OpenSSHd;OpenSSH Server;C:\Program Files\OpenSSH\bin\cygrunsrv.exe [2004-04-18 06:11]
R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2002-11-07 10:13]
R3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-03 18:04]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 flash;flash;C:\WINDOWS\system32\drivers\flash.sys [2003-08-29 21:47]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-13 19:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b097025-a5ee-11dc-bef8-0012f007639c}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 23:32:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\OpenSSH\usr\sbin\sshd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2008-02-17 23:37:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 04:37:09
ComboFix2.txt 2008-02-16 19:22:33
.
2008-02-04 19:11:54 --- E O F ---


<b>Here is the Hijack log</b>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:32 AM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\OpenSSH\bin\cygrunsrv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\OpenSSH\usr\sbin\sshd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ScanSoft PDF Create! 4-reminder] "C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Create\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....abs/tgctlsr.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2p...bs/QOLCheck.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194196428877
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B19A44-BCCD-4ED6-B0F2-D94E9F57EA7A}: NameServer = 66.92.159.2,216.231.41.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenSSH Server (OpenSSHd) - Unknown owner - C:\Program Files\OpenSSH\bin\cygrunsrv.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7429 bytes

<i>can never say thank you too many times!</i> :) :) :)
  • 0

#6
kahdah
Posted 18 February 2008 - 03:20 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome. :)

As a final check please do the following:
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
mister leigh
Posted 19 February 2008 - 05:26 PM

mister leigh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
heh, I guess it is worse than I thought!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 19, 2008 6:25:40 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/02/2008
Kaspersky Anti-Virus database records: 572860
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 73604
Number of viruses found: 4
Number of infected objects: 19
Number of suspicious objects: 0
Duration of the scan process: 01:35:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\Mozilla\Firefox\Profiles\6cb7t29e.default\cert8.db Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\Mozilla\Firefox\Profiles\6cb7t29e.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\Mozilla\Firefox\Profiles\6cb7t29e.default\history.dat Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\Mozilla\Firefox\Profiles\6cb7t29e.default\key3.db Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\Mozilla\Firefox\Profiles\6cb7t29e.default\parent.lock Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\Mozilla\Firefox\Profiles\6cb7t29e.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\Mozilla\Firefox\Profiles\6cb7t29e.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\OpenOffice.org2\user\uno_packages\cache\log.txt Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\OpenOffice.org2\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\common.rdb Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\OpenOffice.org2\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\Windows_x86.rdb Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\OpenOffice.org2\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db Object is locked skipped
C:\Documents and Settings\Bradbury\Application Data\OpenOffice.org2\user\uno_packages\cache\uno_packages.db Object is locked skipped
C:\Documents and Settings\Bradbury\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bradbury\Desktop\Public Access\lyrics\hot potatoes.odt Object is locked skipped
C:\Documents and Settings\Bradbury\Desktop\Public Access\lyrics\self-help or how i turned my life around with the help of complete strangers.odt Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\dbdam Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\dbdao Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\dbeam Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\dbeao Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\dbm Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\fii.cf1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\fim1i.cf1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\fim1ih.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\hp Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Google\Google Desktop\f043ad8f6aca\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Last.fm\Client\Last.fm.log Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Last.fm\collection.db Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Mozilla\Firefox\Profiles\6cb7t29e.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Mozilla\Firefox\Profiles\6cb7t29e.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Mozilla\Firefox\Profiles\6cb7t29e.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Application Data\Mozilla\Firefox\Profiles\6cb7t29e.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Temp\etilqs_NzT6dIikMCIvIGn-journal Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Temp\etilqs_vItPL1S1pbEXYQL Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Temp\hsperfdata_Bradbury\820 Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Temp\~DFEE17.tmp Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Bradbury\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bradbury\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Bradbury\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\mIRC\sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Program Files\OpenSSH\var\log\OpenSSHd.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qfdprriw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qhaimhsi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001236.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001237.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001238.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001239.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001240.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001241.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001242.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001243.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001244.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001245.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001246.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001247.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP10\A0001250.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP13\A0001376.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP13\A0001377.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{F1848453-0DB5-4770-BB5E-D053AB4D13FF}\RP18\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9E81C8F2-AECA-470C-8D25-B78A0D59FE62}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B7BF0B39-9A20-45C1-8967-9B62980EB61F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_2d0.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#8
kahdah
Posted 19 February 2008 - 05:52 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will delete and do the following:

    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
===================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP