[Slasherbaven]

Here's the fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:50, on 2008/03/30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Programz\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Programz\SysReset\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\utorrent-1.8-alpha-8855.uncompressed.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: flying spaghetti monster toolbar - {83ef376d-8874-4769-a2e7-7096480e7def} - C:\Program Files\flying spaghetti monster\tbblue.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles/l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96093AD6-BC84-4915-9330-B6288B9DAE55}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programz\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11466 bytes

As for the Kaspersky Online Scanner.. here:

Scan Target	  Critical Areas
C:\WINDOWS
C:\DOCUME~1\User\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects  24753
Number of viruses found  2
Number of infected objects  8
Number of suspicious objects  0
Duration of the scan process  00:20:26

Infected Object Name  Virus Name  Last Action
C:\WINDOWS\Debug\PASSWD.LOG  Object is locked  skipped
C:\WINDOWS\SchedLgU.Txt  Object is locked  skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  Object is locked  skipped
C:\WINDOWS\Sti_Trace.log  Object is locked  skipped
C:\WINDOWS\system32\1170497231.exe/stream/data0003  Infected: Trojan-Clicker.Win32.VB.zc  skipped
C:\WINDOWS\system32\1170497231.exe/stream  Infected: Trojan-Clicker.Win32.VB.zc  skipped
C:\WINDOWS\system32\1170497231.exe  NSIS: infected - 2  skipped
C:\WINDOWS\system32\CatRoot2\edb.log  Object is locked  skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb  Object is locked  skipped
C:\WINDOWS\system32\config\Antivirus.Evt  Object is locked  skipped
C:\WINDOWS\system32\config\AppEvent.Evt  Object is locked  skipped
C:\WINDOWS\system32\config\default  Object is locked  skipped
C:\WINDOWS\system32\config\DEFAULT.LOG  Object is locked  skipped
C:\WINDOWS\system32\config\Internet.evt  Object is locked  skipped
C:\WINDOWS\system32\config\SAM  Object is locked  skipped
C:\WINDOWS\system32\config\SAM.LOG  Object is locked  skipped
C:\WINDOWS\system32\config\SecEvent.Evt  Object is locked  skipped
C:\WINDOWS\system32\config\SECURITY  Object is locked  skipped
C:\WINDOWS\system32\config\SECURITY.LOG  Object is locked  skipped
C:\WINDOWS\system32\config\software  Object is locked  skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG  Object is locked  skipped
C:\WINDOWS\system32\config\SysEvent.Evt  Object is locked  skipped
C:\WINDOWS\system32\config\system  Object is locked  skipped
C:\WINDOWS\system32\config\SYSTEM.LOG  Object is locked  skipped
C:\WINDOWS\system32\drivers\sptd.sys  Object is locked  skipped
C:\WINDOWS\system32\gpeucl.dll  Infected: Trojan-Clicker.Win32.VB.zc  skipped
C:\WINDOWS\system32\h323log.txt  Object is locked  skipped
C:\WINDOWS\system32\serole.dll  Infected: not-a-virus:AdWare.Win32.VB.ad  skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  Object is locked  skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP  Object is locked  skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  Object is locked  skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP  Object is locked  skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP  Object is locked  skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  Object is locked  skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  Object is locked  skipped
C:\WINDOWS\system32\winstlr32.exe/stream/data0006  Infected: not-a-virus:AdWare.Win32.VB.ad  skipped
C:\WINDOWS\system32\winstlr32.exe/stream  Infected: not-a-virus:AdWare.Win32.VB.ad  skipped
C:\WINDOWS\system32\winstlr32.exe  NSIS: infected - 2  skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat  Object is locked  skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt  Object is locked  skipped
C:\WINDOWS\wiadebug.log  Object is locked  skipped
C:\WINDOWS\wiaservc.log  Object is locked  skipped
C:\WINDOWS\WindowsUpdate.log  Object is locked  skipped
C:\DOCUME~1\User\LOCALS~1\Temp\~DF9C35.tmp  Object is locked  skipped
C:\DOCUME~1\User\LOCALS~1\Temp\~DF9C45.tmp  Object is locked  skipped
C:\DOCUME~1\User\LOCALS~1\Temp\~DFD54A.tmp  Object is locked  skipped
C:\DOCUME~1\User\LOCALS~1\Temp\~DFD61A.tmp  Object is locked  skipped

A fellow forumer (natakaasd) from another forum says it's ADS-related infection, and he told me to come here to get you guys' help.

[Advertisements]

I know I shouldn't bump, but it's been 3 days...
Can someone please help?

=EDIT=
I should've read the Sticky Topic. Shoot me. >_>
If any mods could delete this post, it would be helpful.

Edited by Slasherbaven, 02 April 2008 - 09:29 AM.

[Slasherbaven]

I know I shouldn't bump, but it's been 3 days...
Can someone please help?

=EDIT=
I should've read the Sticky Topic. Shoot me. >_>
If any mods could delete this post, it would be helpful.

Edited by Slasherbaven, 02 April 2008 - 09:29 AM.

[Essexboy]

=EDIT=
I should've read the Sticky Topic. Shoot me. >_>

Nah I'm too soft for that

As it has been a few days I would like a fresh look at your system if I may

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Slasherbaven]

Nah I'm too soft for that

As it has been a few days I would like a fresh look at your system if I may

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Here's the main.txt:

Deckard's System Scanner v20071014.68
Run by User on 2008-04-04 08:51:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
34: 2008-04-04 00:51:47 UTC - RP894 - Deckard's System Scanner Restore Point
33: 2008-04-03 22:16:34 UTC - RP893 - System Checkpoint
32: 2008-04-02 21:13:19 UTC - RP892 - System Checkpoint
31: 2008-04-01 19:28:44 UTC - RP891 - System Checkpoint
30: 2008-03-31 17:01:17 UTC - RP890 - System Checkpoint


-- First Restore Point -- 
1: 2008-03-08 00:26:58 UTC - RP861 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 448 MiB (512 MiB recommended).[/color]
[color=red]System Drive C: has 2.82 GiB (less than 15%) free.[/color]


-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:27, on 2008/04/04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Programz\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\User\Desktop\utorrent-1.8-alpha-8855.uncompressed.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: blueserver toolbar - {83ef376d-8874-4769-a2e7-7096480e7def} - C:\Program Files\blueserver\tbblue.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles/l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-21-515967899-2025429265-682003330-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-515967899-2025429265-682003330-1011\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-515967899-2025429265-682003330-1011\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96093AD6-BC84-4915-9330-B6288B9DAE55}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programz\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11860 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 VCAM (Fake Webcam (WDM)) - c:\windows\system32\drivers\vcam.sys <Not Verified; Web Solution Mart; Fake Webcam>
R2 Vcs (Vcs support) - c:\windows\system32\drivers\vcs.sys
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S2 BDRSDRV - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 libusb0 (LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120) - c:\windows\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver>
S3 nocashio - c:\windows\system32\drivers\nocashio.sys
S3 npkcrypt - d:\programz\gravity\ro\npkcrypt.sys (file missing)
S3 npkycryp - d:\programz\gravity\ro\npkycryp.sys (file missing)
S3 NTACCESS - e:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - e:\ntglm7x.sys (file missing)
S3 ZSMC301b (VIMICRO USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-31 17:36:07	   284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-03-31 10:18:41		 0 d-------- C:\Documents and Settings\User\.housecall6.6
2008-03-30 08:58:22		 0 d-------- C:\Program Files\Trend Micro
2008-03-30 00:34:47	 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-29 18:59:58		 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-29 18:59:56		 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-29 18:23:30		 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-29 18:23:30		 0 d--h----- C:\Documents and Settings\User\Application Data\ijjigame
2008-03-29 18:23:21		 0 d-------- C:\Program Files\Gravity
2008-03-29 18:23:20		 0 d-------- C:\Program Files\Triggersoft
2008-03-28 14:29:49		 0 d-------- C:\Program Files\MAIET
2008-03-27 03:00:18  15204352 --a------ C:\Documents and Settings\User\ntuser.dat
2008-03-26 13:03:42		 0 d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-03-26 11:39:36		 0 d-------- C:\ijji
2008-03-24 02:43:54		 0 d-------- C:\Program Files\Common Files\ParallelGraphics
2008-03-24 00:07:58	 53248 --a------ C:\WINDOWS\system32\ImageOle.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-03-24 00:07:56		 0 d-------- C:\Program Files\Garena
2008-03-24 00:07:16		 0 d-------- C:\Documents and Settings\User\Application Data\InstallShield
2008-03-24 00:03:25		 0 d-------- C:\WINDOWS\pss
2008-03-23 23:57:48		 0 d-------- C:\Documents and Settings\User\Application Data\Flock
2008-03-23 23:57:18		 0 d-------- C:\Program Files\Flock
2008-03-23 15:48:39		 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-22 10:55:54		 0 drahs---- C:\autorun.inf
2008-03-21 22:37:39		 0 d-------- C:\WINDOWS\system32\avsplugin
2008-03-20 16:00:08   1245184 --a------ C:\Documents and Settings\asder\ntuser.dat
2008-03-20 16:00:08   3125248 --a------ C:\Documents and Settings\Asder.PC\ntuser.dat
2008-03-19 23:26:46	487479 --a------ C:\WINDOWS\system32\SkinMagic.dll <Not Verified; Appspeed Inc.; Appspeed SkinMagic Toolkit>
2008-03-19 23:26:44	 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-03-19 23:26:42   7277568 --a------ C:\WINDOWS\system32\3gpcore.dll
2008-03-19 23:26:40		 0 d-------- C:\Program Files\Smallvideosoft
2008-03-13 00:48:58		 0 -r-hs---- C:\fufb6tq3.cmd
2008-03-11 11:47:43	691545 --a------ C:\WINDOWS\unins000.exe
2008-03-11 11:47:42	  2536 --a------ C:\WINDOWS\unins000.dat
2008-03-10 12:47:08		 0 d-------- C:\Documents and Settings\Asder.PC\Application Data\Sony Ericsson
2008-03-08 17:48:18		 0 d-------- C:\Documents and Settings\User\Application Data\Teleca
2008-03-08 17:39:02		 0 d-------- C:\Documents and Settings\User\Application Data\Sony Ericsson
2008-03-08 17:34:27		 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-08 17:34:05		 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-03-08 17:33:54		 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-08 17:33:51		 0 d-------- C:\Program Files\Sony Ericsson
2008-03-08 17:33:51		 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-03-07 12:30:52		 0 -r-hs---- C:\ntphyy.com
2008-03-05 22:50:54		 0 d-------- C:\Program Files\Conference


-- Find3M Report ---------------------------------------------------------------

2008-04-04 16:45:05		 0 d-------- C:\Documents and Settings\User\Application Data\uTorrent
2008-03-30 21:53:11		 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-30 15:30:58		 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-03-29 23:43:07		 0 d-------- C:\Program Files\Advanced System Optimizer
2008-03-29 23:39:47		 0 d-------- C:\Program Files\eMule
2008-03-29 23:35:38		 0 d-------- C:\Program Files\Free Download Manager
2008-03-28 08:34:42		 0 d-------- C:\Documents and Settings\User\Application Data\Skype
2008-03-28 08:00:31		 0 d-------- C:\Documents and Settings\User\Application Data\skypePM
2008-03-26 21:48:39		 0 d-------- C:\Documents and Settings\User\Application Data\Real
2008-03-26 13:06:00		 0 d-------- C:\Program Files\Common Files
2008-03-24 02:43:58	  5593 --a----c- C:\WINDOWS\mozver.dat
2008-03-24 00:07:54		 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-22 22:26:56		 0 d-------- C:\Program Files\Java
2008-03-22 00:20:11		 0 d-------- C:\Program Files\tamasoftware
2008-03-21 00:27:02		 0 d-------- C:\Documents and Settings\User\Application Data\Orbit
2008-03-15 21:21:13		 0 d-------- C:\Program Files\iPod
2008-03-12 19:56:04		 0 d-------- C:\Program Files\Stardock
2008-03-12 19:54:20		 0 d-------- C:\Program Files\The Rosetta Stone
2008-03-09 20:06:51		 0 d-------- C:\Program Files\Spyware Doctor
2008-03-04 21:55:39		 0 d-------- C:\Program Files\Orbitdownloader
2008-03-02 14:03:24		 0 d-------- C:\Program Files\Leaf
2008-03-02 00:53:51		 0 d-------- C:\Program Files\Windows Live
2008-02-19 18:53:57		 0 d-------- C:\Program Files\Acoustica Mixcraft 3
2008-02-19 18:53:57		 0 d-------- C:\Documents and Settings\User\Application Data\Acoustica
2008-02-19 18:53:36		 0 d-------- C:\Program Files\Vstplugins
2008-02-19 18:53:28		 0 d-------- C:\Program Files\Acoustica Shared Effects
2008-02-18 21:50:04		 0 d-------- C:\Documents and Settings\User\Application Data\GRETECH
2008-02-18 21:48:53		 0 d-------- C:\Program Files\GRETECH
2008-02-17 21:37:05		 0 d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-17 16:31:38		 0 d-------- C:\Program Files\FLV Player
2008-02-17 12:22:39		 0 d-------- C:\Program Files\Common Files\xing shared
2008-02-17 12:22:24		 0 d-------- C:\Program Files\Common Files\Real
2008-02-16 22:05:53		 0 d-------- C:\Program Files\VOCALOID2
2008-02-16 21:58:34		 0 d-------- C:\Program Files\Steinberg
2008-02-14 22:33:11		 0 d-------- C:\Documents and Settings\User\Application Data\Adobe
2008-02-14 22:26:36		 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-14 22:20:39		 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-14 16:13:47		 0 d-------- C:\Program Files\SysMetrix
2008-02-14 16:13:41		 0 d-------- C:\Program Files\Declan's Japanese FlashCards
2008-02-14 16:13:30		 0 d-------- C:\Program Files\Universal Document Converter
2008-01-19 10:54:12	   280 --a------ C:\WINDOWS\system32\PDBootState


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007/12/04 21:00]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004/08/04 20:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008/02/17 12:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004/08/04 20:00]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007/10/18 11:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"=C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles/l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f29dda6-fdad-11dc-9f8f-028037050300}]
AutoRun\command- J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37282309-68a8-11dc-9f25-00038a000015}]
AutoRun\command- G:\ntphyy.com
explore\Command- G:\ntphyy.com
open\Command- G:\ntphyy.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{813115ef-d8cb-11db-930b-00038a000015}]
AutoRun\command- G:\ntphyy.com
explore\Command- G:\ntphyy.com
open\Command- G:\ntphyy.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f686d2da-b8f3-11db-9300-00038a000015}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

*Newly Created Service* - TMCOMM



-- End of Deckard's System Scanner: finished at 2008-04-04 16:45:22 ------------

And here's the extra.txt:
[code=auto:0]Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 447.48 MiB / 91.58 MiB
Pagefile Memory (total/avail): 1056.91 MiB / 736.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.24 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 48.83 GiB total, 2.82 GiB free.
D: is Fixed (NTFS) - 141.08 GiB total, 2.83 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is CDROM (CDFS)
I: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Maxtor 6 L200M0 SCSI Disk Device - 189.92 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 48.83 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 141.08 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Bitdefender Firewall v8.0 (Softwin) [COLOR=RED]Disabled[/COLOR]
AV: Bitdefender Antivirus v8.0 (Softwin) [COLOR=RED]Disabled[/COLOR]
AV: avast! antivirus 4.7.1098 [VPS 080403-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"D:\\Programz\\AIM\\aim.exe"="D:\\Programz\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Programz\\SysReset\\mirc.exe"="D:\\Programz\\SysReset\\mirc.exe:*:Enabled:mIRC"
"D:\\Programz\\BitTornado\\btdownloadgui.exe"="D:\\Programz\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Programz\\WIZET\\MapleStory\\Patcher.exe"="D:\\Programz\\WIZET\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"D:\\Programz\\DC++\\DCPlusPlus.exe"="D:\\Programz\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"D:\\Programz\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="D:\\Programz\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:WindowsR NetMeetingR"
"D:\\Programz\\Warcraft III\\Warcraft III.exe"="D:\\Programz\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Programz\\AIM\\aim.exe"="D:\\Programz\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\\Programz\\Trillian\\trillian.exe"="D:\\Programz\\Trillian\\trillian.exe:*:Enabled:Trillian"
"D:\\Programz\\eMule++\\eMule.exe"="D:\\Programz\\eMule++\\eMule.exe:*:Enabled:eMule++ Client"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\Programz\\LimeWire\\LimeWire.exe"="D:\\Programz\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\AOLOpenRide.exe"="C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\AOLOpenRide.exe:*:Enabled:AOL OpenRide"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\eMule++\\emule.exe"="C:\\Program Files\\eMule++\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\mcoinstall.exe"="C:\\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"="C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE:*:Enabled:Microsoft (R) Visual Studio VSA RPC Event Creator"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"D:\\Programz\\Hamachi\\hamachi.exe"="D:\\Programz\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"D:\\Programz\\uTorrent\\utorrent.exe"="D:\\Programz\\uTorrent\\utorrent.exe:*:Enabled:μTorrent"
"C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:μTorrent"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Documents and Settings\\User\\Desktop\\lancraft.exe"="C:\\Documents and Settings\\User\\Desktop\\lancraft.exe:*:Enabled:lancraft"
"%windir%\\explorer.exe"="%windir%\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"="C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe:*:Enabled:rct"
"C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"="C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe:*:Enabled:GG E-Sports Platform Client"
"D:\\My Folder\\Downloads\\utorrent-1.8-alpha-7676.upx.exe"="D:\\My Folder\\Downloads\\utorrent-1.8-alpha-7676.upx.exe:*:Enabled:μTorrent"
"C:\\Documents and Settings\\User\\Desktop\\utorrent-1.8-alpha-7676.upx.exe"="C:\\Documents and Settings\\User\\Desktop\\utorrent-1.8-alpha-7676.upx.exe:*:Enabled:μTorrent"
"C:\\Program Files\\Deluge\\deluge.exe"="C:\\Program Files\\Deluge\\deluge.exe:*:Enabled:deluge"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\My Folder\\Downloads\\utorrent-1.8-alpha-8855.uncompressed.exe"="D:\\My Folder\\Downloads\\utorrent-1.8-alpha-8855.uncompressed.exe:*:Enabled:μTorrent"
"C:\\Documents and Settings\\User\\Desktop\\utorrent-1.8-alpha-8855.uncompressed.exe"="C:\\Documents and Settings\\User\\Desktop\\utorrent-1.8-alpha-8855.uncompressed.exe:*:Enabled:μTorrent"
"C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"="C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena.exe:*:Enabled:Garena"
"D:\\Programz\\eMule\\emule.exe"="D:\\Programz\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Garena\\Garena.exe"="C:\\Program Files\\Garena\\Garena.exe:*:Enabled:Garena"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
include=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
LOGONSERVER=\\PC
MSDevDir=C:\Program Files\Microsoft Visual Studio\Common\MSDev98
NUMBER_OF_PROCESSORS=2
OPENSSL_CONF=C:\Program Files\OpenSSL\bin\openssl.cnf
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\IDM Computer Solutions\UltraEdit-32;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin;C:\Program Files\MKVtoolnix;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=PC
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User [I](admin)[/I]
Feaw [I]

[Essexboy]

Hi you have lots of different problems here so lets start with the malware and progress to the system

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\fufb6tq3.cmd
  C:\ntphyy.com

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37282309-68a8-11dc-9f25-00038a000015}
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{813115ef-d8cb-11db-930b-00038a000015}
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f686d2da-b8f3-11db-9300-00038a000015}
  Purity

• Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

THEN

• 1 - Flash Drive Disinfector
  Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

NEXT

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

AND FINALLY FOR NOW

@echo off
sc stop GMSIPCI
sc delete GMSIPCI
sc stop NTACCESS
sc delete NTACCESS
sc stop SetupNTGLM7X
sc delete SetupNTGLM7X
exit

Next you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file.
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat

This will create a batch file

Then run fix.bat by double clicking you may see a black box appear this is normal

Logs required : OTMoveit and Combofix

[Slasherbaven]

Please download the OTMoveIt2 by OldTimer.
[list]
[*] Save it to your desktop.
[*] Please double-click OTMoveIt2.exe to run it.
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\fufb6tq3.cmd
C:\ntphyy.com

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.

Okay, for this, there is no light blue bar.
BUT there is a yellow bar, saying "Paste List of Files/Folders to be Moved"

And if I were to paste the two files there, what of this:

[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37282309-68a8-11dc-9f25-00038a000015}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{813115ef-d8cb-11db-930b-00038a000015}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f686d2da-b8f3-11db-9300-00038a000015}
Purity

[*] Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.

There's only one place where I can paste, which was the earlier one.
The "Paste List Of Files/Patterns To Search For and Move" isn't there.

=EDIT=

Picture = 1000 words XD

Edited by Slasherbaven, 05 April 2008 - 12:37 AM.

[Essexboy]

Hi the programme was updated yesterday and simplified after I posted the fix When OT updates he does it well and fast

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\fufb6tq3.cmd
  C:\ntphyy.com
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37282309-68a8-11dc-9f25-00038a000015}
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{813115ef-d8cb-11db-930b-00038a000015}
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f686d2da-b8f3-11db-9300-00038a000015}
  Purity

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

[Slasherbaven]

Ah, so that's why.

So after doing all of them, here:

OTMoveIt2 Report:

File/Folder C:\fufb6tq3.cmd not found.
File/Folder C:\ntphyy.com not found.
File/Folder HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37282309-68a8-11dc-9f25-00038a000015} not found.
File/Folder HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{813115ef-d8cb-11db-930b-00038a000015} not found.
File/Folder HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f686d2da-b8f3-11db-9300-00038a000015} not found.
< Purity >
 
OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04052008_220335

ComboFix Report:

ComboFix 08-04-04.1 - User 2008-04-06  8:55:58.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.932.1.1033.18.136 [GMT 8:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
TimedOut: progfile.dat 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
C:\WINDOWS\system32\BrwsPtnr.dll

.
(((((((((((((((((((((((((   Files Created from 2008-03-06 to 2008-04-06  )))))))))))))))))))))))))))))))
.

2008-04-05 22:08 . 2008-04-05 22:08	<DIR>	d--------	C:\Documents and Settings\User\Application Data\MathWorks
2008-04-05 22:03 . 2008-04-05 22:03	<DIR>	d--------	C:\_OTMoveIt
2008-04-05 19:02 . 2008-04-05 19:02	645,120	--a------	C:\WINDOWS\system32\config.gms
2008-04-05 18:32 . 2008-04-05 18:32	<DIR>	d--------	C:\Program Files\MATLAB
2008-04-04 08:51 . 2008-04-04 08:51	<DIR>	d--------	C:\Deckard
2008-03-31 10:25 . 2008-03-31 10:19	102,664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-31 10:18 . 2008-03-31 15:15	<DIR>	d--------	C:\Documents and Settings\User\.housecall6.6
2008-03-30 15:31 . 2008-03-30 15:31	686,080	--a------	C:\WINDOWS\isRS-000.tmp
2008-03-30 08:58 . 2008-03-30 08:58	<DIR>	d--------	C:\Program Files\Trend Micro
2008-03-30 00:34 . 2008-03-30 00:34	43,520	--a------	C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-29 18:59 . 2008-03-29 18:59	<DIR>	d--------	C:\WINDOWS\system32\Kaspersky Lab
2008-03-29 18:59 . 2008-03-29 18:59	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-29 18:23 . 2008-03-29 18:23	<DIR>	d--------	C:\Program Files\Triggersoft
2008-03-29 18:23 . 2008-03-29 18:23	<DIR>	d--------	C:\Program Files\Gravity
2008-03-29 18:23 . 2008-03-29 18:23	<DIR>	d--------	C:\Program Files\Common Files\INCA Shared
2008-03-29 18:23 . 2008-03-29 18:23	<DIR>	d--h-----	C:\Documents and Settings\User\Application Data\ijjigame
2008-03-28 14:29 . 2008-03-28 14:29	<DIR>	d--------	C:\Program Files\MAIET
2008-03-26 13:05 . 2008-03-30 10:44	39	--a------	C:\WINDOWS\GunzLauncher.INI
2008-03-26 13:03 . 2008-03-29 18:23	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-03-26 11:39 . 2008-03-26 11:39	<DIR>	d--------	C:\ijji
2008-03-24 02:43 . 2008-03-24 02:43	<DIR>	d--------	C:\Program Files\Common Files\ParallelGraphics
2008-03-24 00:07 . 2008-04-04 17:20	<DIR>	d--------	C:\Program Files\Garena
2008-03-24 00:07 . 2008-03-24 00:07	<DIR>	d--------	C:\Documents and Settings\User\Application Data\InstallShield
2008-03-24 00:07 . 2006-03-14 02:26	53,248	--a------	C:\WINDOWS\system32\ImageOle.dll
2008-03-23 23:57 . 2008-03-23 23:57	<DIR>	d--------	C:\Program Files\Flock
2008-03-23 23:57 . 2008-03-23 23:57	<DIR>	d--------	C:\Documents and Settings\User\Application Data\Flock
2008-03-23 15:48 . 2008-03-23 15:48	<DIR>	d--------	C:\Program Files\Microsoft Silverlight
2008-03-21 22:37 . 2008-03-21 22:37	<DIR>	d--------	C:\WINDOWS\system32\avsplugin
2008-03-19 23:26 . 2008-03-19 23:26	<DIR>	d--------	C:\Program Files\Smallvideosoft
2008-03-19 23:26 . 2007-04-19 15:15	7,277,568	--a------	C:\WINDOWS\system32\3gpcore.dll
2008-03-19 23:26 . 2006-10-17 22:29	487,479	--a------	C:\WINDOWS\system32\SkinMagic.dll
2008-03-19 23:26 . 2007-02-16 07:10	60,273	--a------	C:\WINDOWS\system32\pthreadGC2.dll
2008-03-15 21:19 . 2008-03-15 21:19	244	--ah-----	C:\sqmnoopt02.sqm
2008-03-15 21:19 . 2008-03-15 21:19	232	--ah-----	C:\sqmdata02.sqm
2008-03-13 00:53 . 2008-02-25 11:44	603,176	--a------	C:\autoruns.exe
2008-03-11 11:47 . 2008-03-11 11:42	691,545	--a------	C:\WINDOWS\unins000.exe
2008-03-11 11:47 . 2008-03-11 11:47	2,536	--a------	C:\WINDOWS\unins000.dat
2008-03-10 12:47 . 2008-03-10 12:47	<DIR>	d--------	C:\Documents and Settings\Asder.PC\Application Data\Sony Ericsson
2008-03-08 17:48 . 2008-03-08 18:51	<DIR>	d--------	C:\Documents and Settings\User\Application Data\Teleca
2008-03-08 17:39 . 2008-03-08 17:39	<DIR>	d--------	C:\Documents and Settings\User\Application Data\Sony Ericsson
2008-03-08 17:34 . 2008-03-08 17:34	<DIR>	d--------	C:\Program Files\Common Files\Sony Ericsson Shared
2008-03-08 17:34 . 2008-03-08 17:34	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-08 17:33 . 2008-03-10 08:33	<DIR>	d--------	C:\Program Files\Sony Ericsson
2008-03-08 17:33 . 2008-03-08 17:34	<DIR>	d--------	C:\Program Files\Common Files\Teleca Shared
2008-03-08 17:33 . 2008-03-08 17:34	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Teleca

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 00:53	---------	d-----w	C:\Documents and Settings\User\Application Data\uTorrent
2008-04-05 05:34	---------	d-----w	C:\Documents and Settings\User\Application Data\Skype
2008-04-05 05:04	---------	d-----w	C:\Documents and Settings\User\Application Data\skypePM
2008-03-30 13:53	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-03-30 07:30	---------	d-----w	C:\Program Files\Combined Community Codec Pack
2008-03-29 15:43	---------	d-----w	C:\Program Files\Advanced System Optimizer
2008-03-29 15:39	---------	d-----w	C:\Program Files\eMule
2008-03-29 15:35	---------	d-----w	C:\Program Files\Free Download Manager
2008-03-23 16:07	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-03-22 14:26	---------	d-----w	C:\Program Files\Java
2008-03-21 16:20	---------	d-----w	C:\Program Files\tamasoftware
2008-03-20 16:27	---------	d-----w	C:\Documents and Settings\User\Application Data\Orbit
2008-03-15 13:21	---------	d-----w	C:\Program Files\iPod
2008-03-12 11:56	---------	d-----w	C:\Program Files\Stardock
2008-03-12 11:56	---------	d-----w	C:\Program Files\Conference
2008-03-12 11:54	---------	d-----w	C:\Program Files\The Rosetta Stone
2008-03-11 14:19	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-11 07:54	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-03-09 12:06	---------	d-----w	C:\Program Files\Spyware Doctor
2008-03-04 13:55	---------	d-----w	C:\Program Files\Orbitdownloader
2008-03-02 06:03	---------	d-----w	C:\Program Files\Leaf
2008-03-01 17:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 16:53	---------	d-----w	C:\Program Files\Windows Live
2008-02-19 10:53	---------	d-----w	C:\Program Files\Vstplugins
2008-02-19 10:53	---------	d-----w	C:\Program Files\Acoustica Shared Effects
2008-02-19 10:53	---------	d-----w	C:\Program Files\Acoustica Mixcraft 3
2008-02-19 10:53	---------	d-----w	C:\Documents and Settings\User\Application Data\Acoustica
2008-02-19 10:53	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Acoustica
2008-02-18 13:50	---------	d-----w	C:\Documents and Settings\User\Application Data\GRETECH
2008-02-18 13:50	---------	d-----w	C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-18 13:48	---------	d-----w	C:\Program Files\GRETECH
2008-02-17 13:37	---------	d-----w	C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-17 08:31	---------	d-----w	C:\Program Files\FLV Player
2008-02-17 04:22	---------	d-----w	C:\Program Files\Common Files\xing shared
2008-02-17 04:22	---------	d-----w	C:\Program Files\Common Files\Real
2008-02-16 14:05	---------	d-----w	C:\Program Files\VOCALOID2
2008-02-16 13:58	---------	d-----w	C:\Program Files\Steinberg
2008-02-14 14:34	---------	d-----w	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-14 14:26	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared
2008-02-14 14:20	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-02-14 08:13	---------	d-----w	C:\Program Files\Universal Document Converter
2008-02-14 08:13	---------	d-----w	C:\Program Files\SysMetrix
2008-02-14 08:13	---------	d-----w	C:\Program Files\Declan's Japanese FlashCards
2008-01-16 18:00	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-04-10 03:57	56	-csh--r	C:\WINDOWS\system32\A3CF54ADF8.sys
2006-04-10 03:57	848	-csha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Crtc]
@={3CF539EB-73D6-4ECA-BA48-96A1814523C8}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 21:00 79224]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 20:00 158208]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-17 12:21 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 20:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= L3CODECA.ACM
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.lameacm"= lameACM.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.ac3acm"= ac3acm.acm
"MSVideo8"= VfWWDM32.dll
"vidc.yv12"= yv12vfw.dll
"msacm.avis"= ff_acm.acm
"msacm.l3codec"= l3codecp.acm
"VIDC.FPS1"= frapsvid.dll
"msacm.at3"= atrac3.acm
"msacm.atrac3"= atrac3.acm
"VIDC.CFHD"= cfhd.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-03 06:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-02-25 17:14 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-01-26 13:36 495616 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-17 12:21 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Programz\\SysReset\\mirc.exe"=
"C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"D:\\Programz\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Programz\\Trillian\\trillian.exe"=
"C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"D:\\Programz\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\aim6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"%windir%\\explorer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\My Folder\\Downloads\\utorrent-1.8-alpha-8855.uncompressed.exe"=
"C:\\Documents and Settings\\User\\Desktop\\utorrent-1.8-alpha-8855.uncompressed.exe"=
"C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"=
"D:\\Programz\\eMule\\emule.exe"=
"C:\\Program Files\\Garena\\Garena.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6113:TCP"= 6113:TCP:WarIII
"1217:UDP"= 1217:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"1216:UDP"= 1216:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"1226:UDP"= 1226:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"8080:TCP"= 8080:TCP:@xpsp2res.dll,-22008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2004-11-14 06:01]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-05 05:38]
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 14:05]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2007-05-11 12:12]
S3 npkycryp;npkycryp;D:\Programz\Gravity\RO\npkycryp.sys []
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f29dda6-fdad-11dc-9f8f-028037050300}]
\Shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37282309-68a8-11dc-9f25-00038a000015}]
\Shell\AutoRun\command - G:\ntphyy.com
\Shell\explore\Command - G:\ntphyy.com
\Shell\open\Command - G:\ntphyy.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{813115ef-d8cb-11db-930b-00038a000015}]
\Shell\AutoRun\command - G:\ntphyy.com
\Shell\explore\Command - G:\ntphyy.com
\Shell\open\Command - G:\ntphyy.com

*Newly Created Service* - CATCHME
*Newly Created Service* - TMCOMM
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 09:36:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 08:59:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-04-06  9:07:59
ComboFix-quarantined-files.txt  2008-04-06 01:07:53
Pre-Run: 1,423,888,384 bytes free
Post-Run: 1,406,361,600 bytes free
.
2008-01-27 19:02:28	--- E O F ---

Along with a new HijackThis report for further review:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:45, on 2008/04/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programz\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: blueserver toolbar - {83ef376d-8874-4769-a2e7-7096480e7def} - C:\Program Files\blueserver\tbblue.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles/l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-21-515967899-2025429265-682003330-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-515967899-2025429265-682003330-1011\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-515967899-2025429265-682003330-1011\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96093AD6-BC84-4915-9330-B6288B9DAE55}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programz\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11361 bytes

Edited by Slasherbaven, 05 April 2008 - 07:36 PM.

[Essexboy]

Hi again - a tad more to do, followed by a deep scan then a look at your system operation

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37282309-68a8-11dc-9f25-00038a000015}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{813115ef-d8cb-11db-930b-00038a000015}]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

NEXT

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanit folder and double-click on OTScanit.exe to start the program.
• Check the box that says Scan All User Accounts
• Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
• Under Additional Scans check the following:
  • File - Additional Folder Scans
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Logs required : Just the OTScanit as an attachment

[Slasherbaven]

After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

ComboFix 08-04-04.1 - User 2008-04-06 22:17:42.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.932.1.1033.18.188 [GMT 8:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
TimedOut: progfile.dat 

(((((((((((((((((((((((((   Files Created from 2008-03-06 to 2008-04-06  )))))))))))))))))))))))))))))))
.

2008-04-06 09:56 . 2008-04-06 09:56	<DIR>	d--------	C:\Documents and Settings\Asder.PC\Application Data\MathWorks
2008-04-05 22:08 . 2008-04-05 22:08	<DIR>	d--------	C:\Documents and Settings\User\Application Data\MathWorks
2008-04-05 22:03 . 2008-04-05 22:03	<DIR>	d--------	C:\_OTMoveIt
2008-04-05 19:02 . 2008-04-05 19:02	645,120	--a------	C:\WINDOWS\system32\config.gms
2008-04-05 18:32 . 2008-04-05 18:32	<DIR>	d--------	C:\Program Files\MATLAB
2008-04-04 08:51 . 2008-04-04 08:51	<DIR>	d--------	C:\Deckard
2008-03-31 10:25 . 2008-03-31 10:19	102,664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-31 10:18 . 2008-03-31 15:15	<DIR>	d--------	C:\Documents and Settings\User\.housecall6.6
2008-03-30 08:58 . 2008-03-30 08:58	<DIR>	d--------	C:\Program Files\Trend Micro
2008-03-30 00:34 . 2008-03-30 00:34	43,520	--a------	C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-29 18:59 . 2008-03-29 18:59	<DIR>	d--------	C:\WINDOWS\system32\Kaspersky Lab
2008-03-29 18:59 . 2008-03-29 18:59	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-29 18:23 . 2008-03-29 18:23	<DIR>	d--------	C:\Program Files\Triggersoft
2008-03-29 18:23 . 2008-03-29 18:23	<DIR>	d--------	C:\Program Files\Gravity
2008-03-29 18:23 . 2008-03-29 18:23	<DIR>	d--------	C:\Program Files\Common Files\INCA Shared
2008-03-29 18:23 . 2008-03-29 18:23	<DIR>	d--h-----	C:\Documents and Settings\User\Application Data\ijjigame
2008-03-28 14:29 . 2008-03-28 14:29	<DIR>	d--------	C:\Program Files\MAIET
2008-03-26 13:05 . 2008-03-30 10:44	39	--a------	C:\WINDOWS\GunzLauncher.INI
2008-03-26 13:03 . 2008-03-29 18:23	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-03-26 11:39 . 2008-03-26 11:39	<DIR>	d--------	C:\ijji
2008-03-24 02:43 . 2008-03-24 02:43	<DIR>	d--------	C:\Program Files\Common Files\ParallelGraphics
2008-03-24 00:07 . 2008-04-06 17:07	<DIR>	d--------	C:\Program Files\Garena
2008-03-24 00:07 . 2008-03-24 00:07	<DIR>	d--------	C:\Documents and Settings\User\Application Data\InstallShield
2008-03-24 00:07 . 2006-03-14 02:26	53,248	--a------	C:\WINDOWS\system32\ImageOle.dll
2008-03-23 23:57 . 2008-03-23 23:57	<DIR>	d--------	C:\Program Files\Flock
2008-03-23 23:57 . 2008-03-23 23:57	<DIR>	d--------	C:\Documents and Settings\User\Application Data\Flock
2008-03-23 15:48 . 2008-03-23 15:48	<DIR>	d--------	C:\Program Files\Microsoft Silverlight
2008-03-21 22:37 . 2008-03-21 22:37	<DIR>	d--------	C:\WINDOWS\system32\avsplugin
2008-03-19 23:26 . 2008-03-19 23:26	<DIR>	d--------	C:\Program Files\Smallvideosoft
2008-03-19 23:26 . 2007-04-19 15:15	7,277,568	--a------	C:\WINDOWS\system32\3gpcore.dll
2008-03-19 23:26 . 2006-10-17 22:29	487,479	--a------	C:\WINDOWS\system32\SkinMagic.dll
2008-03-19 23:26 . 2007-02-16 07:10	60,273	--a------	C:\WINDOWS\system32\pthreadGC2.dll
2008-03-15 21:19 . 2008-03-15 21:19	244	--ah-----	C:\sqmnoopt02.sqm
2008-03-15 21:19 . 2008-03-15 21:19	232	--ah-----	C:\sqmdata02.sqm
2008-03-13 00:53 . 2008-02-25 11:44	603,176	--a------	C:\autoruns.exe
2008-03-11 11:47 . 2008-03-11 11:42	691,545	--a------	C:\WINDOWS\unins000.exe
2008-03-11 11:47 . 2008-03-11 11:47	2,536	--a------	C:\WINDOWS\unins000.dat
2008-03-10 12:47 . 2008-03-10 12:47	<DIR>	d--------	C:\Documents and Settings\Asder.PC\Application Data\Sony Ericsson
2008-03-08 17:48 . 2008-03-08 18:51	<DIR>	d--------	C:\Documents and Settings\User\Application Data\Teleca
2008-03-08 17:39 . 2008-03-08 17:39	<DIR>	d--------	C:\Documents and Settings\User\Application Data\Sony Ericsson
2008-03-08 17:34 . 2008-03-08 17:34	<DIR>	d--------	C:\Program Files\Common Files\Sony Ericsson Shared
2008-03-08 17:34 . 2008-03-08 17:34	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-08 17:33 . 2008-03-10 08:33	<DIR>	d--------	C:\Program Files\Sony Ericsson
2008-03-08 17:33 . 2008-03-08 17:34	<DIR>	d--------	C:\Program Files\Common Files\Teleca Shared
2008-03-08 17:33 . 2008-03-08 17:34	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Teleca

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 14:16	---------	d-----w	C:\Documents and Settings\User\Application Data\uTorrent
2008-04-05 05:34	---------	d-----w	C:\Documents and Settings\User\Application Data\Skype
2008-04-05 05:04	---------	d-----w	C:\Documents and Settings\User\Application Data\skypePM
2008-03-30 13:53	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-03-30 07:30	---------	d-----w	C:\Program Files\Combined Community Codec Pack
2008-03-29 15:43	---------	d-----w	C:\Program Files\Advanced System Optimizer
2008-03-29 15:39	---------	d-----w	C:\Program Files\eMule
2008-03-29 15:35	---------	d-----w	C:\Program Files\Free Download Manager
2008-03-23 16:07	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-03-22 14:26	---------	d-----w	C:\Program Files\Java
2008-03-21 16:20	---------	d-----w	C:\Program Files\tamasoftware
2008-03-20 16:27	---------	d-----w	C:\Documents and Settings\User\Application Data\Orbit
2008-03-15 13:21	---------	d-----w	C:\Program Files\iPod
2008-03-12 11:56	---------	d-----w	C:\Program Files\Stardock
2008-03-12 11:56	---------	d-----w	C:\Program Files\Conference
2008-03-12 11:54	---------	d-----w	C:\Program Files\The Rosetta Stone
2008-03-11 14:19	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-11 07:54	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-03-09 12:06	---------	d-----w	C:\Program Files\Spyware Doctor
2008-03-04 13:55	---------	d-----w	C:\Program Files\Orbitdownloader
2008-03-02 06:03	---------	d-----w	C:\Program Files\Leaf
2008-03-01 17:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 16:53	---------	d-----w	C:\Program Files\Windows Live
2008-02-19 10:53	---------	d-----w	C:\Program Files\Vstplugins
2008-02-19 10:53	---------	d-----w	C:\Program Files\Acoustica Shared Effects
2008-02-19 10:53	---------	d-----w	C:\Program Files\Acoustica Mixcraft 3
2008-02-19 10:53	---------	d-----w	C:\Documents and Settings\User\Application Data\Acoustica
2008-02-19 10:53	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Acoustica
2008-02-18 13:50	---------	d-----w	C:\Documents and Settings\User\Application Data\GRETECH
2008-02-18 13:50	---------	d-----w	C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-18 13:48	---------	d-----w	C:\Program Files\GRETECH
2008-02-17 13:37	---------	d-----w	C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-17 08:31	---------	d-----w	C:\Program Files\FLV Player
2008-02-17 04:22	---------	d-----w	C:\Program Files\Common Files\xing shared
2008-02-17 04:22	---------	d-----w	C:\Program Files\Common Files\Real
2008-02-16 14:05	---------	d-----w	C:\Program Files\VOCALOID2
2008-02-16 13:58	---------	d-----w	C:\Program Files\Steinberg
2008-02-14 14:34	---------	d-----w	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-14 14:26	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared
2008-02-14 14:20	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-02-14 08:13	---------	d-----w	C:\Program Files\Universal Document Converter
2008-02-14 08:13	---------	d-----w	C:\Program Files\SysMetrix
2008-02-14 08:13	---------	d-----w	C:\Program Files\Declan's Japanese FlashCards
2008-01-16 18:00	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-04-10 03:57	56	-csh--r	C:\WINDOWS\system32\A3CF54ADF8.sys
2006-04-10 03:57	848	-csha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-04-06_ 9.07.41.20   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-06 04:41:06	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Crtc]
@={3CF539EB-73D6-4ECA-BA48-96A1814523C8}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 21:00 79224]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 20:00 158208]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-17 12:21 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 20:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= L3CODECA.ACM
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.lameacm"= lameACM.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.ac3acm"= ac3acm.acm
"MSVideo8"= VfWWDM32.dll
"vidc.yv12"= yv12vfw.dll
"msacm.avis"= ff_acm.acm
"msacm.l3codec"= l3codecp.acm
"VIDC.FPS1"= frapsvid.dll
"msacm.at3"= atrac3.acm
"msacm.atrac3"= atrac3.acm
"VIDC.CFHD"= cfhd.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-03 06:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-02-25 17:14 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-01-26 13:36 495616 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-17 12:21 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Programz\\SysReset\\mirc.exe"=
"C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"D:\\Programz\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Programz\\Trillian\\trillian.exe"=
"C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"D:\\Programz\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Common Files\\AOL\\1145114589\\ee\\aim6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"%windir%\\explorer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\My Folder\\Downloads\\utorrent-1.8-alpha-8855.uncompressed.exe"=
"C:\\Documents and Settings\\User\\Desktop\\utorrent-1.8-alpha-8855.uncompressed.exe"=
"C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"=
"D:\\Programz\\eMule\\emule.exe"=
"C:\\Program Files\\Garena\\Garena.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6113:TCP"= 6113:TCP:WarIII
"1217:UDP"= 1217:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"1216:UDP"= 1216:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"1226:UDP"= 1226:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"8080:TCP"= 8080:TCP:@xpsp2res.dll,-22008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2004-11-14 06:01]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-05 05:38]
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 14:05]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2007-05-11 12:12]
S3 npkycryp;npkycryp;D:\Programz\Gravity\RO\npkycryp.sys []
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f29dda6-fdad-11dc-9f8f-028037050300}]
\Shell\AutoRun\command - J:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 09:36:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 22:21:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-04-06 22:27:12
ComboFix-quarantined-files.txt  2008-04-06 14:27:08
ComboFix2.txt  2008-04-06 01:08:00
Pre-Run: 2,305,855,488 bytes free
Post-Run: 2,288,463,872 bytes free
.
2008-01-27 19:02:28	--- E O F ---

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:54, on 2008/04/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Programz\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: blueserver toolbar - {83ef376d-8874-4769-a2e7-7096480e7def} - C:\Program Files\blueserver\tbblue.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles/l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96093AD6-BC84-4915-9330-B6288B9DAE55}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programz\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11351 bytes

Just the OTScanit as an attachment

Attached to this post is the OTScanit log.

Attached Files

•  OTScanIt.Txt   195.29KB   190 downloads

Edited by Slasherbaven, 06 April 2008 - 08:59 AM.

[Essexboy]

Looking a lot better now - what we shall do this time is a final scan to clear the registry entries. Follow that up with a spring clean and then see how your system is running

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> FFTI -> %AppData%\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe [C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles/l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"]
< RunOnce [HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\] > -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> FFTI -> %AppData%\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe [C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles/l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"]
[Files/Folders - Created Within 90 days]
NY -> 3gpcore.dll -> %SystemRoot%\System32\3gpcore.dll
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 368 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF
NY -> @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:B63300D1
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ff(1).PNG:Zone.Identifier
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

THEN

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

NEXT

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

FINALLY FOR NOW

Spring clean

Download, install and run Tuneup Utilities 2008

Select Free up disk space

Select Unneccesary files and backups then clean

Select Maintain Windows

Run Drive Defrag

Run Tune Up registry clean up

Then run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Select Increase performance

Run the internet Optimiser to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click Increase performance then system optimizer to run system advisor


Logs required : MBAM and how is your system now ?

[Slasherbaven]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

The log is attached to this post.
And problems encounted are:
- Error Popup, saying 3gpcore.dll is not a valid Windows file.
Other than that, everything's ok. I forgot the HJT log though, will that be a problem?

Logs required : MBAM and how is your system now ?

The MBAM log is attached to this post as an attachment.
And my system feels fresh! But.. the 10-20 minutes freezing at the beginning still hasn't disappeared. =/

Attached Files

•  mbam_log_4_7_2008__00_24_32_.txt   738bytes   165 downloads
•  OTScanIt.Txt   195.29KB   127 downloads

Edited by Slasherbaven, 07 April 2008 - 09:00 AM.

[Essexboy]

But.. the 10-20 minutes freezing at the beginning still hasn't disappeared

I think now that may be driver related - so I will get my spiel out of the way and then see if that can be resolved

Now the best part of the day ----- Your log now appears clean

Double click OTScanit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe

OK can you boot into safe mode and see if the freeeze still occurs - if it does can you note down the programme/file that it sticks on

[Slasherbaven]

Thanks a lot for helping me from the start, you were a great help!

And I found out what the problem was... it was my MSN.
Do you know how I can fix it? As in, say if you were to recommend reinstalling, should I delete anything else from the registry or anything?

[Essexboy]

A straight forward uninstall and the re-install with the latest version should work. Also you may consider not letting it start with your computer, but only to run when you want it to