Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

After I removed SpyAxe...

Started by crystyxn , Feb 24 2008 03:32 AM

Please log in to reply

#1
crystyxn

Posted 24 February 2008 - 03:32 AM

Member

Member
22 posts

ok, i got rid of SpyAxe that annoying spyware and stuff.

then my computer still was incredibly slow.

i fixed that too.

when i try to play a game like WoW my pc freezes for 2-3 seconds (FPS LAG to the game) every 1 minute.

i want to remove that "spike" for 2 seconds every 1 minute.

my HiJack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:52 AM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\COMMON~1\ErrClean\cookw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Optimizer Pro\pcoptimizerpro.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\cristi_b\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Amen Win] C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\locks load.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Cercetare - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1181893040171
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{79535192-E34E-48A5-8436-A0483240A644}: NameServer = 81.196.170.20 194.102.233.1
O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 7515 bytes

#2
crystyxn

Posted 24 February 2008 - 07:38 AM

Member

Topic Starter
Member
22 posts

sorry for double post but when will this be checked? i'm gonna check again in 4-5 hours.

#3
kahdah

Posted 24 February 2008 - 08:37 AM

GeekU Teacher

Retired Staff
15,822 posts

Hello crystyxn

Welcome to G2Go.

===============
Some people wait days for replies so bumping gets you overlooked.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.[list]
[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt -

#4
crystyxn

Posted 24 February 2008 - 09:50 AM

Member

Topic Starter
Member
22 posts

Ok I did that.

Here are the results.

Thank you.

Attached Files

main.txt 24.4KB 147 downloads
extra.txt 18.36KB 402 downloads

Edited by crystyxn, 24 February 2008 - 09:53 AM.

#5
kahdah

Posted 24 February 2008 - 09:52 AM

GeekU Teacher

Retired Staff
15,822 posts

Please post the results not attach them thanks.

#6
crystyxn

Posted 24 February 2008 - 09:54 AM

Member

Topic Starter
Member
22 posts

MAIN.txt

Deckard's System Scanner v20071014.68
Run by cristi_b on 2008-02-24 17:44:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
14: 2008-02-24 15:44:16 UTC - RP445 - Deckard's System Scanner Restore Point
13: 2008-02-23 21:08:11 UTC - RP444 - Software Distribution Service 3.0
12: 2008-02-23 08:46:43 UTC - RP443 - Software Distribution Service 3.0
11: 2008-02-22 20:27:52 UTC - RP442 - Software Distribution Service 3.0
10: 2008-02-22 18:30:12 UTC - RP441 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-02-21 16:35:33 UTC - RP432 - RegCure Backup

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.13 GiB (less than 15%) free.

-- HijackThis (run as cristi_b.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:53 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\cristi_b\Desktop\dss.exe
C:\DOCUME~1\cristi_b\Desktop\cristi_b.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Amen Win] C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\locks load.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Cercetare - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1181893040171
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{79535192-E34E-48A5-8436-A0483240A644}: NameServer = 81.196.170.20 194.102.233.1
O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 7352 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 SAVRTPEL - c:\program files\norton internet security\norton antivirus\savrtpel.sys (file missing)
S1 SPBBCDrv - c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys (file missing)
S2 BDRSDRV - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 lmimirr - c:\windows\system32\drivers\lmimirr.sys (file missing)
S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20070627.016\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20070627.016\navex15.sys (file missing)
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 Revolution1 - c:\documents and settings\cristi_b\desktop\workin uce\shak3.sys (file missing)
S3 SAVRT - c:\program files\norton internet security\norton antivirus\savrt.sys (file missing)
S3 scrcap - c:\windows\system32\drivers\scrcap.sys (file missing)
S3 SymEvent - c:\program files\symantec\symevent.sys (file missing)
S3 XDva019 - c:\windows\system32\xdva019.sys (file missing)
S3 xp1 - h:\documente\other\gunz hax\gunz hax\xpengine\xp.sys
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S3 zenos1 - h:\documente\zeons\zenosengine2.5\zenos.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 ISSVC -

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_41611106&REV_50\3&61AAA01&0&8D
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_41611106&REV_50\3&61AAA01&0&8D
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-02-24 17:37:41 428 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-02-24 16:00:00 276 --ah----- C:\WINDOWS\Tasks\AA6C76A1918BF0F1.job
2008-02-24 15:50:01 260 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-02-22 19:04:30 362 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-02-22 17:15:01 358 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job

-- Files created between 2008-01-24 and 2008-02-24 -----------------------------

2008-02-24 10:50:06 0 dr-h----- C:\Documents and Settings\cristi_b\Recent
2008-02-23 21:24:26 0 d-------- C:\Program Files\Common Files\Stardock
2008-02-23 11:06:20 0 d-------- C:\Program Files\Restorer2000 Pro
2008-02-23 11:03:59 263231 --a------ C:\Documents and Settings\cristi_b\scan.dat
2008-02-22 19:09:40 0 d-------- C:\WINDOWS\system32\QVJGTGljZW5zZUluZm8=
2008-02-22 19:01:41 0 d-------- C:\Documents and Settings\cristi_b\Application Data\errclean
2008-02-22 18:59:11 0 d-------- C:\Program Files\uTorrent
2008-02-22 18:59:08 0 d-------- C:\Documents and Settings\cristi_b\Application Data\uTorrent
2008-02-22 18:56:47 0 dr------- C:\Documents and Settings\All Users\Application Data\errclean
2008-02-22 18:56:19 0 d-------- C:\Program Files\Common Files\ErrClean
2008-02-22 18:56:17 0 d-------- C:\Program Files\ErrClean
2008-02-22 15:32:07 0 d-------- C:\Program Files\CCleaner
2008-02-21 21:30:04 0 d-------- C:\Program Files\Enigma Software Group
2008-02-21 19:34:01 0 d-------- C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP
2008-02-21 19:33:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 19:27:24 0 d-------- C:\Program Files\PC Optimizer Pro
2008-02-21 19:08:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-21 19:08:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-21 19:08:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-02-21 19:08:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-02-21 17:24:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-21 16:07:17 3066 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-21 16:06:10 85504 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-21 16:06:09 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-21 16:06:08 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-21 16:06:07 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-21 16:06:07 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-21 16:06:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-21 16:06:06 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-20 21:56:04 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-02-20 21:53:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 21:11:43 0 d-------- C:\Program Files\Spyware Doctor
2008-02-17 16:53:25 0 d-------- C:\Documents and Settings\cristi_b\Application Data\AltrixSoft
2008-02-16 10:52:05 0 d-------- C:\Documents and Settings\cristi_b\Application Data\gtk-2.0
2008-02-16 10:50:20 0 d-------- C:\Documents and Settings\cristi_b\deluge
2008-02-16 09:00:00 0 d-------- C:\Documents and Settings\cristi_b\Application Data\.BitTornado
2008-02-10 15:28:35 0 d-------- C:\Program Files\VisualTooltip
2008-02-10 15:28:35 0 d-------- C:\Program Files\Vista Sidebar
2008-02-10 15:28:18 0 d-------- C:\WINDOWS\system32\VIRepair
2008-02-10 15:01:33 0 d-------- C:\Program Files\Stardock
2008-02-10 14:48:04 0 d-------- C:\WINDOWS\system32\VITrans
2008-02-10 10:47:04 8912896 --a------ C:\Documents and Settings\cristi_b\ntuser.dat
2008-02-09 11:22:31 0 d-------- C:\Program Files\Webteh
2008-02-08 10:50:32 0 d-------- C:\Documents and Settings\cristi_b\Application Data\BSplayer PRO
2008-02-06 13:06:01 89184 -----n--- C:\WINDOWS\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
2008-02-06 13:05:44 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-02-06 13:05:42 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-02-06 13:05:42 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-02-06 13:05:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-02-06 13:05:40 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-06 13:01:20 0 d-------- C:\WINDOWS\RegisteredPackages
2008-02-05 10:08:52 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Media Player Classic
2008-02-05 10:07:12 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-02-05 10:07:01 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-05 10:07:00 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-05 10:06:57 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-05 10:06:57 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-05 10:06:46 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-05 10:06:43 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-05 10:06:38 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Real
2008-02-05 10:06:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-01-31 15:11:31 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-01-26 20:21:04 0 d-------- C:\WINDOWS\Replay Media Catcher
2008-01-26 20:20:53 0 d-------- C:\Program Files\Replay Media Catcher
2008-01-26 20:19:44 0 d-------- C:\WINDOWS\Applian FLV Player
2008-01-26 13:45:21 0 d-------- C:\ijji
2008-01-25 18:01:48 0 d-------- C:\Documents and Settings\cristi_b\Application Data\IDM
2008-01-24 19:36:30 679936 --a------ C:\WINDOWS\system32\ijjiSetup.exe <Not Verified; NHN USA; ijjiSetup Application>
2008-01-24 19:36:30 0 d-------- C:\Program Files\NHN USA
2008-01-24 12:53:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

-- Find3M Report ---------------------------------------------------------------

2087-04-23 08:15:02 4358144 --a------ C:\WINDOWS\uncsetup.exe <Not Verified; GSC Game World; Cossacks Setup Utility for Win32>
2008-02-23 21:24:26 0 d-------- C:\Program Files\Common Files
2008-02-22 20:29:45 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-20 20:24:54 0 d-------- C:\Documents and Settings\cristi_b\Application Data\FourStartDefault
2008-02-15 14:20:08 6512171 --a------ C:\WINDOWS\system32\##rofl##
2008-02-14 22:21:49 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Adobe
2008-02-07 10:01:16 709116 --a------ C:\WINDOWS\system32\iexplorer
2008-02-05 12:08:59 0 d-------- C:\Documents and Settings\cristi_b\Application Data\LimeWire
2008-02-02 13:36:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-31 14:17:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-29 19:05:17 0 d-------- C:\Program Files\DivX
2008-01-29 15:33:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-26 14:46:14 0 d--h----- C:\Documents and Settings\cristi_b\Application Data\ijjigame
2008-01-25 18:04:15 0 d-------- C:\Documents and Settings\cristi_b\Application Data\DMCache
2008-01-23 18:22:56 0 d-------- C:\Program Files\Circle Developement
2008-01-23 18:22:50 0 d-------- C:\Program Files\Messenger Plus! Live
2008-01-23 18:22:49 0 d-------- C:\Program Files\MSN Messenger
2008-01-12 09:46:48 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Hamachi
2008-01-05 15:08:05 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Yahoo!
2008-01-02 23:13:06 0 d-------- C:\Program Files\Windows Live Safety Center
2008-01-02 19:51:03 0 d-------- C:\Documents and Settings\cristi_b\Application Data\NeroVision
2007-12-30 18:46:06 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Help
2007-12-29 17:11:17 0 d-------- C:\Documents and Settings\cristi_b\Application Data\Opera
2007-12-29 16:24:12 0 dr-h----- C:\Documents and Settings\cristi_b\Application Data\SecuROM
2007-12-28 22:46:10 0 d-------- C:\Program Files\IVT Corporation
2007-12-28 22:38:42 32 --a------ C:\WINDOWS\0
2007-12-28 20:55:51 0 --a------ C:\WINDOWS\system32\0
2007-12-28 12:30:09 0 d-------- C:\Program Files\Common Files\logishrd
2007-12-24 17:34:53 0 d-------- C:\Program Files\Electronic Arts

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/22/2006 11:22 AM]
"nwiz"="nwiz.exe" [10/22/2006 11:22 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [10/22/2006 11:22 AM]
"C-Media Mixer"="Mixer.exe" [10/15/2002 05:00 PM C:\WINDOWS\mixer.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [08/23/2007 08:30 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 04:59 PM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/13/2003 02:49 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:56 AM]
"Amen Win"="C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\locks load.exe" [02/14/2008 10:01 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
H:\Documente\ThemeManager\fastload.dll 12/20/2001 11:34 PM 24576 H:\Documente\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpsa32]
winpsa32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cristi_b^Start Menu^Programs^Startup^hamachi.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ose"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISSVC"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"cookw"="C:\PROGRA~1\COMMON~1\ErrClean\cookw.exe" -start

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{234ff90c-c84f-11dc-8864-00116799779a}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc6490f5-7270-11dc-8793-00e04cb8139e}]
- autorun.pif

-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

7905 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-02-24 17:46:28 ------------

EXTRA.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Unknown CPU Type
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 511.48 MiB / 225.89 MiB
Pagefile Memory (total/avail): 1248 MiB / 980.19 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.06 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 9.77 GiB total, 1.13 GiB free.
D: is Fixed (NTFS) - 27.53 GiB total, 0.35 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Fixed (NTFS) - 186.31 GiB total, 19.38 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG SP0411N - 37.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 9.77 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 27.53 GiB - D:

\\.\PHYSICALDRIVE1 - ST3200820A - 186.31 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 186.31 GiB - H:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Bitdefender Firewall v8.0 (Softwin) Disabled
FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Bitdefender Antivirus v8.0 (Softwin) Disabled
AV: Norton Internet Security v2005 (Symantec Corporation) Disabled
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"H:\\Documente\\Bitlord\\BitLord.exe"="H:\\Documente\\Bitlord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"H:\\Games\\LG Gunz\\Gunz.exe"="H:\\Games\\LG Gunz\\Gunz.exe:*:Enabled:Gunz"
"H:\\Games\\LG Gunz\\LegacyGamers.exe"="H:\\Games\\LG Gunz\\LegacyGamers.exe:*:Enabled:Gunz"
"D:\\cristi\\Counter-Strike v1.6\\hl.exe"="D:\\cristi\\Counter-Strike v1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"H:\\Games\\Counter-Strike 1.6\\hl.exe"="H:\\Games\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"H:\\Games\\Daemons Ring-Gunz\\DRGunZ.exe"="H:\\Games\\Daemons Ring-Gunz\\DRGunZ.exe:*:Enabled:Gunz"
"H:\\Games\\Daemons Ring-Gunz\\STGunz.exe"="H:\\Games\\Daemons Ring-Gunz\\STGunz.exe:*:Enabled:Gunz"
"H:\\Documente\\Limewire\\LimeWire.exe"="H:\\Documente\\Limewire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"H:\\Games\\EGUNZ\\gunz.exe"="H:\\Games\\EGUNZ\\gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"H:\\Games\\ijji Gunz\\Gunz\\Gunz.exe"="H:\\Games\\ijji Gunz\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"H:\\Games\\EGUNZ\\theduel.exe"="H:\\Games\\EGUNZ\\theduel.exe:*:Enabled:Gunz"
"H:\\Documente\\Xfire\\xfire.exe"="H:\\Documente\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Documents and Settings\\cristi_b\\Local Settings\\Temporary Internet Files\\Content.IE5\\MPOXI0UK\\WoW-BurningCrusade-enGB-Installer-downloader[1].exe"="C:\\Documents and Settings\\cristi_b\\Local Settings\\Temporary Internet Files\\Content.IE5\\MPOXI0UK\\WoW-BurningCrusade-enGB-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
"H:\\Games\\Warcraft III\\Warcraft III\\Warcraft III.exe"="H:\\Games\\Warcraft III\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"H:\\Games\\DRGUNZ\\DRGunZ.exe"="H:\\Games\\DRGUNZ\\DRGunZ.exe:*:Enabled:Gunz"
"C:\\ijji\\ENGLISH\\u_goonzu.exe"="C:\\ijji\\ENGLISH\\u_goonzu.exe:*:Enabled:<ijji Downloader>"
"H:\\Games\\WA\\WA.exe"="H:\\Games\\WA\\WA.exe:*:Enabled:Worms Armageddon"
"H:\\Games\\CS 1.6 Final By Jo\\cstrike.exe"="H:\\Games\\CS 1.6 Final By Jo\\cstrike.exe:*:Enabled:XTCS Counter-Strike 1.6 Final Release"
"H:\\Documente\\BitComet\\BitComet.exe"="H:\\Documente\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"H:\\Documente\\BitTornado\\btdownloadgui.exe"="H:\\Documente\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"H:\\Documente\\Deluge\\deluge.exe"="H:\\Documente\\Deluge\\deluge.exe:*:Enabled:deluge"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\cristi_b\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CRISTI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\cristi_b
LOGONSERVER=\\CRISTI
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\cristi_b\LOCALS~1\Temp
TMP=C:\DOCUME~1\cristi_b\LOCALS~1\Temp
USERDOMAIN=CRISTI
USERNAME=cristi_b
USERPROFILE=C:\Documents and Settings\cristi_b
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

cristi_b (admin)
LogMeInRemoteUser.CRISTI (new local, admin)
LogMeInRemoteUser.CRISTI.000 (admin)

-- Add/Remove Programs ---------------------------------------------------------

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Advanced Registry Fix --> "H:\Documente\Advanced Registry Fix\Advanced Registry Fix\uninstall.exe" "/U:H:\Documente\Advanced Registry Fix\Uninstall\uninstall.xml"
Ahead Nero Burning ROM --> H:\Documente\Nero\nero\uninstall\UNNERO.exe /UNINSTALL
Bluesoleil3.2.2.8 Release 070421 --> MsiExec.exe /X{85B73D1A-EEEA-4F95-BA6F-7A8EC31D94F6}
BS.Player PRO --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Counter-Strike 1.6 --> H:\Games\Counter-Strike 1.6\Uninstal.exe
Daemons Ring GunZ --> H:\Games\DRGUNZ\Uninstal.exe
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ErrClean 1.5.1.0 --> "C:\Program Files\ErrClean\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Documents and Settings\cristi_b\Desktop\HijackThis.exe" /uninstall
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> H:\Documente\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java 2 Runtime Environment, SE v1.4.2_15 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142150}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 3.6.2 --> "H:\Documente\K-Lite Codec Pack\unins000.exe"
LimeWire 4.14.10 --> "H:\Documente\Limewire\uninstall.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MessengerDiscovery Live 1.3.0322 --> "C:\Program Files\MessengerDiscovery\unins000.exe"
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Nitro Stunt Racing English --> H:\Games\Nitro Stunt Racing\Uninstall.exe
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
PC Optimizer Pro ver.4.5.17 --> "C:\Program Files\PC Optimizer Pro\unins000.exe"
RegCure 1.5.0.0 --> H:\Documente\RegCure\uninst.exe
Restorer2000 Pro 3.3 --> "C:\Program Files\Restorer2000 Pro\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Starcraft --> C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
Total Commander (Remove or Repair) --> H:\Documente\totalcmd\tcuninst.exe
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft Desktop --> H:\DOCUME~1\THEMEM~1\thememgr.exe /uninstallwise
Worms World Party --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type2370 / Error
Event Submitted/Written: 02/24/2008 05:45:26 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2364 / Error
Event Submitted/Written: 02/23/2008 11:08:51 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 - Update 'Update for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Event Record #/Type2363 / Error
Event Submitted/Written: 02/23/2008 11:08:51 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Produs: Microsoft Office Professional Edition 2003 -- Eroare 25090. Programul de instalare Office a detectat o problema la Motorul sursa Office, eroare de sistem: -2147023838. Deschideti C:\Program Files\Microsoft Office\OFFICE11\1048\SETUP.CHM si cautati dupa "Motor sursa Office" pentru informatii despre modul de rezolvare a acestei probleme.

Event Record #/Type2361 / Error
Event Submitted/Written: 02/23/2008 11:08:33 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003: Junk E-mail Filter (KB944941): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Event Record #/Type2360 / Error
Event Submitted/Written: 02/23/2008 11:08:33 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Produs: Microsoft Office Professional Edition 2003 -- Eroare 25090. Programul de instalare Office a detectat o problema la Motorul sursa Office, eroare de sistem: -2147023838. Deschideti C:\Program Files\Microsoft Office\OFFICE11\1048\SETUP.CHM si cautati dupa "Motor sursa Office" pentru informatii despre modul de rezolvare a acestei probleme.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type20516 / Warning
Event Submitted/Written: 02/24/2008 05:38:33 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00E04CB8139E. The IP address being used is 169.254.85.141.

Event Record #/Type20495 / Error
Event Submitted/Written: 02/24/2008 05:37:37 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SAVRTPEL
SPBBCDrv

Event Record #/Type20494 / Error
Event Submitted/Written: 02/24/2008 05:37:37 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDRSDRV service failed to start due to the following error:
%%3

Event Record #/Type20482 / Warning
Event Submitted/Written: 02/24/2008 10:42:24 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00E04CB8139E. The IP address being used is 169.254.85.141.

Event Record #/Type20465 / Error
Event Submitted/Written: 02/24/2008 10:41:55 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SAVRTPEL
SPBBCDrv

-- End of Deckard's System Scanner: finished at 2008-02-24 17:46:28 ------------

#7
kahdah

Posted 24 February 2008 - 10:02 AM

GeekU Teacher

Retired Staff
15,822 posts

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#8
crystyxn

Posted 24 February 2008 - 11:51 AM

Member

Topic Starter
Member
22 posts

Ok.
combo fix log:
ComboFix 08-02-24.4 - cristi_b 2008-02-24 19:47:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.177 [GMT 2:00]
Running from: C:\Documents and Settings\cristi_b\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\PELoader.exe

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate
.
((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-24 17:43 . 2008-02-24 17:43 <DIR> d-------- C:\Deckard
2008-02-24 10:45 . 2008-02-24 10:45 268 --ah----- C:\sqmdata16.sqm
2008-02-24 10:45 . 2008-02-24 10:45 244 --ah----- C:\sqmnoopt16.sqm
2008-02-23 21:24 . 2008-02-23 21:24 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-02-23 21:24 . 2008-02-23 21:24 54 --a------ C:\WINDOWS\wb.ini
2008-02-23 11:06 . 2008-02-23 11:06 <DIR> d-------- C:\Program Files\Restorer2000 Pro
2008-02-23 11:03 . 2008-02-23 11:03 263,231 --a------ C:\Documents and Settings\cristi_b\scan.dat
2008-02-23 11:02 . 2008-02-23 11:02 268 --ah----- C:\sqmdata15.sqm
2008-02-23 11:02 . 2008-02-23 11:02 244 --ah----- C:\sqmnoopt15.sqm
2008-02-22 22:30 . 2008-02-22 22:30 268 --ah----- C:\sqmdata14.sqm
2008-02-22 22:30 . 2008-02-22 22:30 244 --ah----- C:\sqmnoopt14.sqm
2008-02-22 19:09 . 2008-02-22 19:10 <DIR> d-------- C:\WINDOWS\system32\QVJGTGljZW5zZUluZm8=
2008-02-22 19:01 . 2008-02-22 19:01 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\errclean
2008-02-22 18:59 . 2008-02-22 18:59 <DIR> d-------- C:\Program Files\uTorrent
2008-02-22 18:59 . 2008-02-22 21:45 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\uTorrent
2008-02-22 18:56 . 2008-02-22 18:59 <DIR> d-------- C:\Program Files\ErrClean
2008-02-22 18:56 . 2008-02-22 18:56 <DIR> d-------- C:\Program Files\Common Files\ErrClean
2008-02-22 18:56 . 2008-02-22 18:56 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\errclean
2008-02-22 15:58 . 2008-02-22 15:58 268 --ah----- C:\sqmdata13.sqm
2008-02-22 15:58 . 2008-02-22 15:58 244 --ah----- C:\sqmnoopt13.sqm
2008-02-22 15:52 . 2008-02-22 15:52 1,104 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-02-22 15:32 . 2008-02-22 15:32 <DIR> d-------- C:\Program Files\CCleaner
2008-02-22 15:05 . 2008-02-22 15:05 268 --ah----- C:\sqmdata12.sqm
2008-02-22 15:05 . 2008-02-22 15:05 244 --ah----- C:\sqmnoopt12.sqm
2008-02-21 21:30 . 2008-02-21 21:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-21 20:28 . 2008-01-15 18:38 782,336 -ra------ C:\WINDOWS\system32\tmp315.tmp
2008-02-21 19:41 . 2008-02-21 19:41 268 --ah----- C:\sqmdata11.sqm
2008-02-21 19:41 . 2008-02-21 19:41 244 --ah----- C:\sqmnoopt11.sqm
2008-02-21 19:34 . 2008-02-21 19:34 <DIR> d-------- C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP
2008-02-21 19:33 . 2008-02-21 19:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 19:27 . 2008-02-21 19:28 <DIR> d-------- C:\Program Files\PC Optimizer Pro
2008-02-21 19:27 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-02-21 19:27 . 2004-03-09 00:00 440,352 --a------ C:\WINDOWS\system32\mshflxgd.ocx
2008-02-21 19:27 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-02-21 19:27 . 2007-03-19 13:25 18,728 --a------ C:\WINDOWS\system32\ishf_Ex.TLB
2008-02-21 19:27 . 2007-03-19 13:25 7,752 --a------ C:\WINDOWS\system32\shelllink.TLB
2008-02-21 19:08 . 2008-02-21 19:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-21 19:08 . 2008-02-21 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-21 17:24 . 2008-02-21 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-21 16:07 . 2008-02-21 17:04 3,066 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-21 16:06 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-21 16:06 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-21 16:06 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-21 16:06 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-21 16:06 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-21 16:06 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-21 16:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-20 21:53 . 2008-02-21 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 21:11 . 2008-02-22 15:54 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-17 16:53 . 2008-02-17 16:53 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\AltrixSoft
2008-02-16 10:52 . 2008-02-16 10:52 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\gtk-2.0
2008-02-16 10:50 . 2008-02-17 10:00 <DIR> d-------- C:\Documents and Settings\cristi_b\deluge
2008-02-16 09:00 . 2008-02-16 09:00 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\.BitTornado
2008-02-15 22:08 . 2007-10-30 19:20 360,064 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-02-15 22:08 . 2008-02-15 22:08 360,064 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-02-15 14:20 . 2008-02-15 14:20 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-14 22:08 . 2007-04-17 11:28 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-14 22:08 . 2007-02-09 15:26 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-10 15:28 . 2008-02-10 15:28 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-02-10 15:28 . 2008-02-10 15:28 <DIR> d-------- C:\Program Files\VisualTooltip
2008-02-10 15:28 . 2008-02-10 15:28 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-02-10 15:01 . 2008-02-10 15:01 <DIR> d-------- C:\Program Files\Stardock
2008-02-10 14:48 . 2008-02-10 15:28 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-02-09 11:22 . 2008-02-11 14:28 <DIR> d-------- C:\Program Files\Webteh
2008-02-08 10:50 . 2008-02-11 14:28 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\BSplayer PRO
2008-02-07 18:37 . 2008-02-07 18:37 268 --ah----- C:\sqmdata10.sqm
2008-02-07 18:37 . 2008-02-07 18:37 244 --ah----- C:\sqmnoopt10.sqm
2008-02-06 13:06 . 2003-07-13 02:49 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-06 13:06 . 2003-07-13 02:49 57,344 --------- C:\WINDOWS\system32\ImageDrive.cpl
2008-02-06 13:05 . 2008-02-06 13:05 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-02-06 13:05 . 2003-07-13 02:49 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-02-06 13:05 . 2003-07-13 02:49 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-02-06 13:05 . 2003-07-13 02:49 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-02-06 13:05 . 2003-07-13 02:49 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-06 13:05 . 2003-07-13 02:49 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-02-05 10:08 . 2008-02-05 10:08 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\Media Player Classic
2008-02-05 10:07 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-05 10:07 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-02-05 10:07 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-05 10:07 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-02-05 10:07 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-02-05 10:07 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-02-05 10:06 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-05 10:06 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-02-05 10:06 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-02-05 10:06 . 2007-12-07 18:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-05 10:06 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-02 16:18 . 2008-01-15 18:38 782,336 -ra------ C:\WINDOWS\system32\tmpE24.tmp
2008-02-02 16:18 . 2008-01-15 18:38 782,336 -ra------ C:\WINDOWS\system32\tmpE23.tmp
2008-01-31 16:38 . 2008-01-31 16:38 83 --a------ C:\WINDOWS\wwp.INI
2008-01-31 15:11 . 2008-01-31 15:11 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 04:02 . 2008-01-31 04:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-28 15:35 . 2008-01-28 15:35 122 --a------ C:\WINDOWS\WA.INI
2008-01-26 20:21 . 2008-01-26 20:21 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2008-01-26 20:20 . 2008-01-29 15:36 <DIR> d-------- C:\Program Files\Replay Media Catcher
2008-01-26 20:19 . 2008-01-26 20:19 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-01-26 13:45 . 2008-01-26 13:45 <DIR> d-------- C:\ijji
2008-01-25 18:01 . 2008-01-25 18:01 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\IDM
2008-01-24 19:36 . 2008-01-24 19:36 <DIR> d-------- C:\Program Files\NHN USA
2008-01-24 19:36 . 2008-01-16 18:25 679,936 --a------ C:\WINDOWS\system32\ijjiSetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 18:29 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-02-22 13:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-20 18:24 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\FourStartDefault
2008-02-16 07:00 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\.BitTornado
2008-02-15 20:08 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-14 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Frag great bend logo
2008-02-07 23:52 --------- d-----w C:\Program Files\ESET
2008-02-05 10:08 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\LimeWire
2008-02-02 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 14:37 --------- d-----w C:\Program Files\Unlocker
2008-01-31 12:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-29 17:05 --------- d-----w C:\Program Files\DivX
2008-01-29 13:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-26 12:46 --------- d--h--w C:\Documents and Settings\cristi_b\Application Data\ijjigame
2008-01-25 16:04 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\DMCache
2008-01-23 16:22 --------- d-----w C:\Program Files\MSN Messenger
2008-01-23 16:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 16:22 --------- d-----w C:\Program Files\Circle Developement
2008-01-12 07:46 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\Hamachi
2008-01-11 13:54 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-10 12:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-06 09:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-01-06 09:27 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-01-05 13:08 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\Yahoo!
2008-01-02 21:13 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-02 17:51 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\NeroVision
2007-12-29 14:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-29 14:24 --------- d--h--r C:\Documents and Settings\cristi_b\Application Data\SecuROM
2007-12-28 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-12-28 20:46 --------- d-----w C:\Program Files\IVT Corporation
2007-12-28 10:30 --------- d-----w C:\Program Files\Common Files\logishrd
2007-12-28 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-24 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-24 15:34 --------- d-----w C:\Program Files\Electronic Arts
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-06-13 10:23 293,965 --sh--r C:\WINDOWS\system32\hcbgth.exe
.

------- Sigcheck -------

acd81e0e711f40eabbee3f3af59fbc44 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
----a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 340,480 2006-04-20 11:38:44 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
-c----w 359,040 2004-08-04 06:14:40 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c----w 332,928 2003-03-31 12:00:00 C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys
-c----w 359,808 2006-04-20 11:51:50 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
------w 359,040 2004-08-04 06:14:40 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
-c--a-w 360,064 2008-02-15 20:08:31 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 360,064 2008-02-15 20:08:31 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"Amen Win"="C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\locks load.exe" [2008-02-14 22:01 415232]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 11:22 86016]
"C-Media Mixer"="Mixer.exe" [2002-10-15 17:00 1818624 C:\WINDOWS\mixer.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-23 20:30 949376]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 16:59 224248]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
H:\Documente\ThemeManager\fastload.dll 2001-12-20 23:34 24576 H:\Documente\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpsa32]
winpsa32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^cristi_b^Start Menu^Programs^Startup^hamachi.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
--a------ 2006-10-06 08:21 942080 C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ose"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISSVC"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"cookw"="C:\PROGRA~1\COMMON~1\ErrClean\cookw.exe" -start

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"H:\\Documente\\Bitlord\\BitLord.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"H:\\Games\\LG Gunz\\Gunz.exe"=
"H:\\Games\\LG Gunz\\LegacyGamers.exe"=
"D:\\cristi\\Counter-Strike v1.6\\hl.exe"=
"H:\\Games\\Counter-Strike 1.6\\hl.exe"=
"H:\\Documente\\Limewire\\LimeWire.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"H:\\Games\\ijji Gunz\\Gunz\\Gunz.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"H:\\Games\\Warcraft III\\Warcraft III\\Warcraft III.exe"=
"H:\\Games\\DRGUNZ\\DRGunZ.exe"=
"C:\\ijji\\ENGLISH\\u_goonzu.exe"=
"H:\\Documente\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19763:TCP"= 19763:TCP:BitComet 19763 TCP
"19763:UDP"= 19763:UDP:BitComet 19763 UDP
"7934:TCP"= 7934:TCP:BitComet 7934 TCP
"7934:UDP"= 7934:UDP:BitComet 7934 UDP

S3 Revolution1;Revolution1;C:\Documents and Settings\cristi_b\Desktop\Workin Uce\SHAK3.sys []
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 14:54]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 08:01]
S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys []
S3 xp1;xp1;H:\Documente\Other\gunz hax\GUNZ HAX\xpengine\xp.sys [2007-02-06 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc6490f5-7270-11dc-8793-00e04cb8139e}]
\Shell\1\Command - autorun.pif
\Shell\2\Command - autorun.pif

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 15:15:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- H:\Documente\TuneUp\SystemOptimizer.exe
"2008-02-24 16:00:00 C:\WINDOWS\Tasks\AA6C76A1918BF0F1.job"
- c:\docume~1\cristi_b\applic~1\fourst~1\Barb Mags Coal.exe
"2008-02-24 17:50:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-24 17:43:07 C:\WINDOWS\Tasks\RegCure Program Check.job"
- H:\Documente\RegCure\RegCure.exe
"2008-02-22 17:04:30 C:\WINDOWS\Tasks\RegCure.job"
- H:\Documente\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 19:49:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-24 19:50:50
ComboFix-quarantined-files.txt 2008-02-24 17:50:35
.
2008-02-23 21:08:52 --- E O F ---

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:41 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\cristi_b\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Amen Win] C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\locks load.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Cercetare - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1181893040171
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{79535192-E34E-48A5-8436-A0483240A644}: NameServer = 81.196.170.20 194.102.233.1
O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 6975 bytes

#9
kahdah

Posted 24 February 2008 - 01:15 PM

GeekU Teacher

Retired Staff
15,822 posts

1. Please open Notepad

Click Start , then Run
type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\WINDOWS\system32\tmp315.tmp
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\WINDOWS\Tasks\AA6C76A1918BF0F1.job
Folder::
C:\WINDOWS\system32\QVJGTGljZW5zZUluZm8=
C:\Documents and Settings\cristi_b\Application Data\errclean
C:\Program Files\ErrClean
C:\Program Files\Common Files\ErrClean
C:\Documents and Settings\All Users\Application Data\errclean
C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpsa32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"cookw"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#10
crystyxn

Posted 25 February 2008 - 06:26 AM

Member

Topic Starter
Member
22 posts

Combofix log:

ComboFix 08-02-24.4 - cristi_b 2008-02-25 14:22:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.155 [GMT 2:00]
Running from: C:\Documents and Settings\cristi_b\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\cristi_b\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP
C:\WINDOWS\system32\tmp315.tmp
C:\WINDOWS\Tasks\AA6C76A1918BF0F1.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1
C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\0
C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\Barb Mags Coal.exe
C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\hcmbomwi.exe
C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\locks load.exe
C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\slfftauy.exe
C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\viewmemoeggscash.exe
C:\Documents and Settings\All Users\Application Data\errclean
C:\Documents and Settings\All Users\Application Data\errclean\Data\ac
C:\Documents and Settings\All Users\Application Data\errclean\Data\em
C:\Documents and Settings\All Users\Application Data\errclean\Data\oid
C:\Documents and Settings\All Users\Application Data\errclean\Data\user
C:\Documents and Settings\cristi_b\Application Data\errclean
C:\Documents and Settings\cristi_b\Application Data\errclean\Logs\update.log
C:\Program Files\Common Files\ErrClean
C:\Program Files\Common Files\ErrClean\cookw.exe
C:\Program Files\ErrClean
C:\Program Files\ErrClean\atl71.dll
C:\Program Files\ErrClean\License.rtf
C:\Program Files\ErrClean\mfc71.dll
C:\Program Files\ErrClean\msvcp71.dll
C:\Program Files\ErrClean\msvcr71.dll
C:\Program Files\ErrClean\Readme.rtf
C:\Program Files\ErrClean\Res\Main.ico
C:\Program Files\ErrClean\Res\RecycleBin.ico
C:\Program Files\ErrClean\scan.dat
C:\Program Files\ErrClean\sr.log
C:\Program Files\ErrClean\swupd.log
C:\Program Files\ErrClean\SysRep.exe
C:\Program Files\ErrClean\SysRep.exe.cer
C:\Program Files\ErrClean\SysRep.exe.Log
C:\Program Files\ErrClean\SysRep.exe.xml
C:\Program Files\ErrClean\SysRep.url
C:\Program Files\ErrClean\unins000.dat
C:\Program Files\ErrClean\unins000.exe
C:\Program Files\ErrClean\urls.ini
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\WINDOWS\system32\QVJGTGljZW5zZUluZm8=
C:\WINDOWS\system32\QVJGTGljZW5zZUluZm8=\QVJGTGljZW5zZUluZm8=.dll
C:\WINDOWS\system32\tmp315.tmp
C:\WINDOWS\Tasks\AA6C76A1918BF0F1.job

.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 17:43 . 2008-02-24 17:43 <DIR> d-------- C:\Deckard
2008-02-23 21:24 . 2008-02-23 21:24 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-02-23 21:24 . 2008-02-23 21:24 54 --a------ C:\WINDOWS\wb.ini
2008-02-23 11:06 . 2008-02-23 11:06 <DIR> d-------- C:\Program Files\Restorer2000 Pro
2008-02-23 11:03 . 2008-02-23 11:03 263,231 --a------ C:\Documents and Settings\cristi_b\scan.dat
2008-02-22 18:59 . 2008-02-22 18:59 <DIR> d-------- C:\Program Files\uTorrent
2008-02-22 18:59 . 2008-02-22 21:45 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\uTorrent
2008-02-22 15:52 . 2008-02-22 15:52 1,104 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-02-22 15:32 . 2008-02-22 15:32 <DIR> d-------- C:\Program Files\CCleaner
2008-02-21 21:30 . 2008-02-21 21:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-21 19:34 . 2008-02-21 19:34 <DIR> d-------- C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP
2008-02-21 19:33 . 2008-02-21 19:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 19:27 . 2008-02-21 19:28 <DIR> d-------- C:\Program Files\PC Optimizer Pro
2008-02-21 19:27 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-02-21 19:27 . 2004-03-09 00:00 440,352 --a------ C:\WINDOWS\system32\mshflxgd.ocx
2008-02-21 19:27 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-02-21 19:27 . 2007-03-19 13:25 18,728 --a------ C:\WINDOWS\system32\ishf_Ex.TLB
2008-02-21 19:27 . 2007-03-19 13:25 7,752 --a------ C:\WINDOWS\system32\shelllink.TLB
2008-02-21 19:08 . 2008-02-21 19:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-21 19:08 . 2008-02-21 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-21 17:24 . 2008-02-21 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-21 16:07 . 2008-02-21 17:04 3,066 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-21 16:06 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-21 16:06 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-21 16:06 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-21 16:06 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-21 16:06 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-21 16:06 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-21 16:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-20 21:53 . 2008-02-21 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 21:11 . 2008-02-22 15:54 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-17 16:53 . 2008-02-17 16:53 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\AltrixSoft
2008-02-16 10:52 . 2008-02-16 10:52 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\gtk-2.0
2008-02-16 10:50 . 2008-02-17 10:00 <DIR> d-------- C:\Documents and Settings\cristi_b\deluge
2008-02-16 09:00 . 2008-02-16 09:00 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\.BitTornado
2008-02-15 22:08 . 2007-10-30 19:20 360,064 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-02-15 22:08 . 2008-02-15 22:08 360,064 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-02-15 14:20 . 2008-02-15 14:20 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-14 22:08 . 2007-04-17 11:28 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-14 22:08 . 2007-02-09 15:26 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-10 15:28 . 2008-02-10 15:28 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-02-10 15:28 . 2008-02-10 15:28 <DIR> d-------- C:\Program Files\VisualTooltip
2008-02-10 15:28 . 2008-02-10 15:28 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-02-10 15:01 . 2008-02-10 15:01 <DIR> d-------- C:\Program Files\Stardock
2008-02-10 14:48 . 2008-02-10 15:28 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-02-09 11:22 . 2008-02-11 14:28 <DIR> d-------- C:\Program Files\Webteh
2008-02-08 10:50 . 2008-02-11 14:28 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\BSplayer PRO
2008-02-06 13:06 . 2003-07-13 02:49 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-06 13:06 . 2003-07-13 02:49 57,344 --------- C:\WINDOWS\system32\ImageDrive.cpl
2008-02-06 13:05 . 2008-02-06 13:05 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-02-06 13:05 . 2003-07-13 02:49 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-02-06 13:05 . 2003-07-13 02:49 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-02-06 13:05 . 2003-07-13 02:49 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-02-06 13:05 . 2003-07-13 02:49 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-06 13:05 . 2003-07-13 02:49 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-02-05 10:08 . 2008-02-05 10:08 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\Media Player Classic
2008-02-05 10:07 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-05 10:07 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-02-05 10:07 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-05 10:07 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-02-05 10:07 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-02-05 10:07 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-02-05 10:06 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-05 10:06 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-02-05 10:06 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-02-05 10:06 . 2007-12-07 18:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-05 10:06 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-02 16:18 . 2008-01-15 18:38 782,336 -ra------ C:\WINDOWS\system32\tmpE24.tmp
2008-02-02 16:18 . 2008-01-15 18:38 782,336 -ra------ C:\WINDOWS\system32\tmpE23.tmp
2008-01-31 16:38 . 2008-01-31 16:38 83 --a------ C:\WINDOWS\wwp.INI
2008-01-31 15:11 . 2008-01-31 15:11 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 04:02 . 2008-01-31 04:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-28 15:35 . 2008-01-28 15:35 122 --a------ C:\WINDOWS\WA.INI
2008-01-26 20:21 . 2008-01-26 20:21 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2008-01-26 20:20 . 2008-01-29 15:36 <DIR> d-------- C:\Program Files\Replay Media Catcher
2008-01-26 20:19 . 2008-01-26 20:19 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-01-26 13:45 . 2008-01-26 13:45 <DIR> d-------- C:\ijji
2008-01-25 18:01 . 2008-01-25 18:01 <DIR> d-------- C:\Documents and Settings\cristi_b\Application Data\IDM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 18:29 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-02-22 13:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-16 07:00 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\.BitTornado
2008-02-15 20:08 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-14 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Frag great bend logo
2008-02-07 23:52 --------- d-----w C:\Program Files\ESET
2008-02-05 10:08 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\LimeWire
2008-02-02 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 14:37 --------- d-----w C:\Program Files\Unlocker
2008-01-31 12:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-29 17:05 --------- d-----w C:\Program Files\DivX
2008-01-29 13:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-26 12:46 --------- d--h--w C:\Documents and Settings\cristi_b\Application Data\ijjigame
2008-01-25 16:04 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\DMCache
2008-01-24 17:36 --------- d-----w C:\Program Files\NHN USA
2008-01-24 10:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-23 16:22 --------- d-----w C:\Program Files\MSN Messenger
2008-01-23 16:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 16:22 --------- d-----w C:\Program Files\Circle Developement
2008-01-16 16:25 679,936 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2008-01-12 07:46 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\Hamachi
2008-01-11 13:54 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-10 12:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-06 09:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-01-06 09:27 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-01-05 13:08 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\Yahoo!
2008-01-02 21:13 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-02 17:51 --------- d-----w C:\Documents and Settings\cristi_b\Application Data\NeroVision
2007-12-29 14:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-29 14:24 --------- d--h--r C:\Documents and Settings\cristi_b\Application Data\SecuROM
2007-12-28 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-12-28 20:46 --------- d-----w C:\Program Files\IVT Corporation
2007-12-28 10:30 --------- d-----w C:\Program Files\Common Files\logishrd
2007-12-28 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-06-13 10:23 293,965 --sh--r C:\WINDOWS\system32\hcbgth.exe
.

------- Sigcheck -------

acd81e0e711f40eabbee3f3af59fbc44 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
----a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 340,480 2006-04-20 11:38:44 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
-c----w 359,040 2004-08-04 06:14:40 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c----w 332,928 2003-03-31 12:00:00 C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys
-c----w 359,808 2006-04-20 11:51:50 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
------w 359,040 2004-08-04 06:14:40 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
-c--a-w 360,064 2008-02-15 20:08:31 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 360,064 2008-02-15 20:08:31 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"Amen Win"="C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\locks load.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 11:22 86016]
"C-Media Mixer"="Mixer.exe" [2002-10-15 17:00 1818624 C:\WINDOWS\mixer.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-23 20:30 949376]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 16:59 224248]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
H:\Documente\ThemeManager\fastload.dll 2001-12-20 23:34 24576 H:\Documente\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^cristi_b^Start Menu^Programs^Startup^hamachi.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
--a------ 2006-10-06 08:21 942080 C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ose"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISSVC"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"H:\\Documente\\Bitlord\\BitLord.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"H:\\Games\\LG Gunz\\Gunz.exe"=
"H:\\Games\\LG Gunz\\LegacyGamers.exe"=
"D:\\cristi\\Counter-Strike v1.6\\hl.exe"=
"H:\\Games\\Counter-Strike 1.6\\hl.exe"=
"H:\\Documente\\Limewire\\LimeWire.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"H:\\Games\\ijji Gunz\\Gunz\\Gunz.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"H:\\Games\\Warcraft III\\Warcraft III\\Warcraft III.exe"=
"H:\\Games\\DRGUNZ\\DRGunZ.exe"=
"C:\\ijji\\ENGLISH\\u_goonzu.exe"=
"H:\\Documente\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19763:TCP"= 19763:TCP:BitComet 19763 TCP
"19763:UDP"= 19763:UDP:BitComet 19763 UDP
"7934:TCP"= 7934:TCP:BitComet 7934 TCP
"7934:UDP"= 7934:UDP:BitComet 7934 UDP

S3 Revolution1;Revolution1;C:\Documents and Settings\cristi_b\Desktop\Workin Uce\SHAK3.sys []
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 14:54]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 08:01]
S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys []
S3 xp1;xp1;H:\Documente\Other\gunz hax\GUNZ HAX\xpengine\xp.sys [2007-02-06 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc6490f5-7270-11dc-8793-00e04cb8139e}]
\Shell\1\Command - autorun.pif
\Shell\2\Command - autorun.pif

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 15:15:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- H:\Documente\TuneUp\SystemOptimizer.exe
"2008-02-24 18:50:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-25 12:14:41 C:\WINDOWS\Tasks\RegCure Program Check.job"
- H:\Documente\RegCure\RegCure.exe
"2008-02-22 17:04:30 C:\WINDOWS\Tasks\RegCure.job"
- H:\Documente\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 14:24:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-25 14:25:40
ComboFix-quarantined-files.txt 2008-02-25 12:25:23
ComboFix2.txt 2008-02-24 17:50:51
.
2008-02-25 12:20:03 --- E O F ---

HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:46 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\cristi_b\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Amen Win] C:\DOCUME~1\cristi_b\APPLIC~1\FOURST~1\locks load.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Cercetare - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1181893040171
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{79535192-E34E-48A5-8436-A0483240A644}: NameServer = 81.196.170.20 194.102.233.1
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 6877 bytes

#11
kahdah

Posted 25 February 2008 - 08:05 PM

GeekU Teacher

Retired Staff
15,822 posts

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

#12
crystyxn

Posted 26 February 2008 - 11:05 AM

Member

Topic Starter
Member
22 posts

Malwarebytes' Anti-Malware 1.05
Database version: 407

Scan type: Full Scan (A:\|C:\|D:\|H:\|)
Objects scanned: 138106
Time elapsed: 47 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ErrClean (Rogue.Errclean) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrClean (Rogue.Errclean) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\ErrClean (Rogue.ErrClean) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\winmfu32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{362187AA-E715-4D7D-8DA0-280B1767FC31}\RP448\A0184545.dll (Rogue.ErrorEraser) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{362187AA-E715-4D7D-8DA0-280B1767FC31}\RP448\A0184548.dll (Rogue.ErrorEraser) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{362187AA-E715-4D7D-8DA0-280B1767FC31}\RP448\A0184551.dll (Rogue.ErrorEraser) -> Quarantined and deleted successfully.

thank you <3

Edited by crystyxn, 26 February 2008 - 11:07 AM.

#13
kahdah

Posted 26 February 2008 - 08:26 PM

GeekU Teacher

Retired Staff
15,822 posts

You are welcome

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#14
crystyxn

Posted 27 February 2008 - 07:01 AM

Member

Topic Starter
Member
22 posts

EDIT:

k here it is.

Attached Files

ersg.html 111.91KB 7 downloads

Edited by crystyxn, 29 February 2008 - 06:21 AM.

#15
kahdah

Posted 01 March 2008 - 08:50 AM

GeekU Teacher

Retired Staff
15,822 posts

Sorry didn't get a notification that you replied.
==============================
OTMoveIt2 -

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Documents and Settings\cristi_b\Application Data\TuneUp Software\TuneUp Utilities\Backups\00000001.rcb 
C:\kkmgpnx.exe 
C:\nniq.exe 
C:\Program Files\DAEMON Tools\SetupDTSB.exe 
C:\wekqya.exe
H:\Documente\Bitlord\Downloads\Nero.Ultra.Edition.v8.0.3.0.Retail-ZWTiSO\nue8.0.3.0r.iso
H:\Documente\CrystyXN's Protection Pack\ErrClean.v1.5.1.0-UNiQUE\SystemErrorRepairFull_en_2.exe 
H:\Documente\Files\Adbux_and_Bux.zip 
H:\Documente\Files\AutoClickers.rar
H:\Documente\Files\Auto_Quest.rar 
H:\Documente\Files\CheatNation.org- OverNightPlvl.rar 
H:\Documente\Files\CRC32.rar
H:\Documente\Files\DarkX Full.rar 
H:\Documente\Files\gunz hacks.rar 
H:\Documente\Files\Injec-TOR.exe
H:\Documente\Files\Lg Aimbot.rar 
H:\Documente\Files\LGGunZ Injector.exe
H:\Documente\Files\LGGunZ Injector[UPDATED].rar 
H:\Documente\Files\OverCoders.MRS%20%5Bv1.0%5D%20Godmode%20%5Bv1.0%5D.rar 
H:\Documente\Other\Fileš\Morphine_v4.1.rar
H:\Documente\Other\Fileš\Injec-TOR.exe 
H:\Documente\Other\gunz hax\GUNZ HAX
H:\Documente\Torrented\Download Accelerator Plus 8.5.5.5 Premium Edition\Download Accelerator Plus 8.5.5.5 Premium Edition.rar 
H:\Documente\Torrented\Download Accelerator Plus 8.5.5.5 Premium Edition\Download_Accelerator_Crack
H:\Documente\Torrented\ErrClean.v1.5.1.0-UNiQUE\SystemErrorRepairFull_en_2.exe
H:\Documente\Vista Transformation Pack 6.0.exe
H:\f67193df77b780fad907da6dbeabf3\IE7_Final_WGA_Crack
H:\Random\SmitfraudFix

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===================
ALso please post a new Hijackthis log and let me know how things are running?

Edited by kahdah, 01 March 2008 - 08:51 AM.