Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No clue [CLOSED]

Started by fastingaciu , Apr 12 2008 10:13 PM

  • This topic is locked This topic is locked

#1
fastingaciu
Posted 12 April 2008 - 10:13 PM

fastingaciu

    New Member

  • Member
  • Pip
  • 9 posts
Pop ups are a normality and the speed of my computer is definitely very slow. Tried scanning with Symantec, Ad-Ware and Yahoo Anti Spy. I also had the white screen problem but I fixed that by deleting the web tabs other then my home page in the display\customize your desktop. Here's the log file. Help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:29 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\hqhcxily.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Florin\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: vnbptxlf - {2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc4c2a6e] rundll32.exe "C:\WINDOWS\system32\sgoajnau.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ycmklfyq] C:\WINDOWS\system32\hqhcxily.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156908970488
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157302271718
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O21 - SSODL: mgsvflkw - {7D2F61CD-8283-422F-99ED-2D9E4E3EE10C} - C:\WINDOWS\mgsvflkw.dll
O21 - SSODL: qdnkewfa - {AF29C0B3-0C77-46C4-8840-2C3739D4EB19} - C:\WINDOWS\qdnkewfa.dll
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 13916 bytes

Edited by fastingaciu, 12 April 2008 - 10:32 PM.

  • 0

Advertisements

#2
Essexboy
Posted 13 April 2008 - 06:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you have a nice little set of mix and match there - sooo lets get to work :)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
O3 - Toolbar: vnbptxlf - {2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [bc4c2a6e] rundll32.exe "C:\WINDOWS\system32\sgoajnau.dll",b
O4 - HKCU\..\Run: [ycmklfyq] C:\WINDOWS\system32\hqhcxily.exe
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O21 - SSODL: mgsvflkw - {7D2F61CD-8283-422F-99ED-2D9E4E3EE10C} - C:\WINDOWS\mgsvflkw.dll
O21 - SSODL: qdnkewfa - {AF29C0B3-0C77-46C4-8840-2C3739D4EB19} - C:\WINDOWS\qdnkewfa.dll
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\vnbptxlf.dll
C:\WINDOWS\system32\sgoajnau.dll
C:\WINDOWS\system32\hqhcxily.exe
C:\WINDOWS\mgsvflkw.dll
C:\WINDOWS\qdnkewfa.dll
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
fastingaciu
Posted 13 April 2008 - 11:39 AM

fastingaciu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I had one problem. I understand everything we're doing at this point. When I ran OTMoveit and I copied the paths you gave me and pressed move it the program did what it was supposed to do and then simply shut off before I could save the log file. I know it worked because when I started the program again and put the same paths they did not exist anymore. For now here's the DSS's log:

Deckard's System Scanner v20071014.68
Run by Florin on 2008-04-13 13:26:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-04-13 17:26:35 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-04-13 17:16:45 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Florin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:51 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Florin\Desktop\dss.exe
C:\DOCUME~1\Florin\Desktop\Florin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {02715E47-5A8E-495B-8F63-0D30470B8E72} - C:\WINDOWS\system32\byXOiIca.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AE89070E-F94D-4E93-8622-8351C6BD7668} - C:\WINDOWS\system32\yayvsPhh.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156908970488
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157302271718
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - Winlogon Notify: byXOiIca - C:\WINDOWS\SYSTEM32\byXOiIca.dll
O21 - SSODL: qdnkewfa - {7FCF8B39-6002-427E-9BDA-C30E916746BD} - C:\WINDOWS\qdnkewfa.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 14393 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Florin\Desktop\backups\) --------------

backup-20080413-131252-282 O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
backup-20080413-131252-366 O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
backup-20080413-131252-437 O3 - Toolbar: vnbptxlf - {2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3} - C:\WINDOWS\vnbptxlf.dll
backup-20080413-131252-460 O4 - HKCU\..\Run: [ycmklfyq] C:\WINDOWS\system32\hqhcxily.exe
backup-20080413-131252-609 O21 - SSODL: qdnkewfa - {AF29C0B3-0C77-46C4-8840-2C3739D4EB19} - C:\WINDOWS\qdnkewfa.dll
backup-20080413-131252-645 O4 - HKLM\..\Run: [bc4c2a6e] rundll32.exe "C:\WINDOWS\system32\sgoajnau.dll",b
backup-20080413-131252-657 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
backup-20080413-131252-740 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R1 BS_I2cIo - c:\windows\system32\drivers\bs_i2cio.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\windows\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>

S3 adxapie - c:\docume~1\sebast~1\locals~1\temp\adxapie.sys (file missing)
S4 vsdatant - c:\windows\system32\vsdatant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>

S3 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-13 13:00:00 268 --ah----- C:\WINDOWS\Tasks\A0054BE891E6FEB4.job
2008-04-13 11:47:00 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-09 08:47:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-13 10:21:46 0 d-------- C:\Program Files\Alwil Software
2008-04-12 16:11:19 0 d-------- C:\WINDOWS\privacy_danger
2008-04-12 13:40:45 0 d-------- C:\Program Files\PC-Cleaner
2008-04-12 08:05:33 0 d-------- C:\Documents and Settings\Florin\Application Data\Ahead
2008-04-12 07:57:09 1462272 --a------ C:\WINDOWS\system32\vbsgf.dat <Not Verified; GetFLV; GetFLV>
2008-04-12 07:57:08 0 d-------- C:\Program Files\GetFLV
2008-04-12 07:53:00 57344 --a------ C:\WINDOWS\system32\streamio.dll <Not Verified; dicas digital image coding GmbH; mpegable StreamIO>
2008-04-12 07:53:00 217088 --a------ C:\WINDOWS\system32\mp4filelib.dll <Not Verified; dicas digital image coding GmbH; mpegable MP4FileLib>
2008-04-12 07:53:00 233472 --a------ C:\WINDOWS\system32\dllzaac.dll <Not Verified; zplane.development; zplane.development zAAC Codec>
2008-04-12 07:53:00 577536 --a------ C:\WINDOWS\system32\audiocodec.dll <Not Verified; dicas digital image coding GmbH; mpegable AudioCodec>
2008-04-12 07:53:00 282624 --a------ C:\WINDOWS\system32\4codedecoder.dll <Not Verified; dicas digital image coding GmbH; 4codeVideoCodec>
2008-04-11 22:44:54 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-11 22:10:53 0 d-------- C:\Documents and Settings\Sorin_Diana\Application Data\TmpRecentIcons
2008-04-11 22:08:25 98304 --a------ C:\WINDOWS\system32\abgnqtux.exe
2008-04-11 22:02:56 94208 --a------ C:\WINDOWS\system32\wdalonoz.exe
2008-04-11 18:36:00 0 d-------- C:\Documents and Settings\Florin\Application Data\TmpRecentIcons
2008-04-11 17:03:52 135168 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-11 17:03:52 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-11 17:03:50 0 d-------- C:\Program Files\SourceTec
2008-04-11 16:59:07 127111 --ahs---- C:\WINDOWS\system32\hhPsvyay.ini2
2008-04-11 16:59:01 273408 --a------ C:\WINDOWS\system32\yayvsPhh.dll
2008-04-11 16:56:12 0 d-------- C:\Program Files\Swf2Avi
2008-04-11 16:52:14 0 d-------- C:\Program Files\Xilisoft
2008-04-11 16:49:20 94208 --a------ C:\WINDOWS\apoxqwfv.exe
2008-04-11 16:49:13 0 d-------- C:\Documents and Settings\All Users\Application Data\noteborq
2008-04-11 16:49:04 39936 --a------ C:\WINDOWS\system32\byXOiIca.dll
2008-04-11 16:41:11 0 d-------- C:\Program Files\Moyea
2008-04-11 16:37:48 0 d-------- C:\Documents and Settings\Florin\Application Data\Moyea
2008-04-11 16:32:40 0 d-------- C:\Documents and Settings\Florin\Application Data\Eltima Software
2008-04-08 17:51:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 17:50:55 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-03 18:02:02 0 d-------- C:\WINDOWS\.rk_save_32
2008-03-31 17:47:52 0 d-------- C:\Program Files\Common Files\Scanner
2008-03-31 17:47:49 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-03-30 11:41:03 0 d-------- C:\Program Files\BITS ITCH TITLE
2008-03-28 09:05:50 0 d-------- C:\Program Files\MSECache
2008-03-26 08:17:31 145 --a------ C:\WINDOWS\?????????????????????????????????i
2008-03-25 23:46:13 0 d-------- C:\Documents and Settings\Sorin_Diana\Application Data\Winamp
2008-03-25 09:02:57 0 d-------- C:\Documents and Settings\Florin\Application Data\Winamp
2008-03-23 11:07:56 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-17 08:35:59 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000008-00001102-00000002-80641102}.dat
2008-03-17 08:35:59 24 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000008-00001102-00000002-80641102}.dat
2008-03-17 07:40:32 270336 --a------ C:\WINDOWS\system32\SFMS32.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-17 07:40:32 36864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2008-03-17 07:40:32 110592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL <Not Verified; Creative Technology Ltd; E-mu PIA>
2008-03-17 07:40:32 135168 --a------ C:\WINDOWS\system32\OPENAL32.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-17 07:40:32 49152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2008-03-17 07:40:32 77824 --a------ C:\WINDOWS\system32\EAXAC3.DLL <Not Verified; Creative Labs; EAX-AC3 DLL>
2008-03-17 07:40:32 28672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL <Not Verified; Creative Technology Ltd; CtSpkHlp Dynamic Link Library>
2008-03-17 07:40:32 643072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-17 07:40:32 155648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-17 07:40:32 184320 --a------ C:\WINDOWS\PSCONV.EXE
2008-03-17 07:40:32 61440 --a------ C:\WINDOWS\MIDIDEF.EXE <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-17 07:40:32 94208 --a------ C:\WINDOWS\DEVREG.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-17 07:40:32 49152 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Technology Ltd CTDCRES>
2008-03-17 07:40:31 36864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-17 07:40:31 106496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-17 07:40:31 319488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-17 07:40:31 106496 --a------ C:\WINDOWS\system32\CTASIO.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-17 07:40:31 61440 --a------ C:\WINDOWS\system32\CTAGENT.DLL <Not Verified; Creative Technology Ltd; ctagent>
2008-03-17 07:40:31 110592 --a------ C:\WINDOWS\system32\COMMONFX.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-17 07:40:31 53248 --a------ C:\WINDOWS\system32\AC3API.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-03-16 03:11:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-16 03:11:19 0 d-------- C:\Program Files\Symantec
2008-03-16 03:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-16 03:04:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-16 02:45:50 0 d-------- C:\WINDOWS\Prefetch
2008-03-16 01:42:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Subliminal Flash
2008-03-16 01:42:04 0 d-------- C:\Program Files\Subliminal Flash
2008-03-16 01:38:46 0 d-------- C:\Program Files\Subliminal Images
2008-03-15 20:41:58 0 d-------- C:\Documents and Settings\Sorin_Diana\Application Data\Ahead
2008-03-15 20:40:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-15 20:37:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-15 20:37:40 0 d-------- C:\Program Files\Nero
2008-03-15 20:37:40 0 d-------- C:\Program Files\Common Files\Ahead


-- Find3M Report ---------------------------------------------------------------

2008-04-12 09:26:54 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-12 07:52:59 0 d-------- C:\Program Files\Eltima Software
2008-04-09 15:54:01 0 d-------- C:\Program Files\iTunes
2008-04-09 15:53:52 0 d-------- C:\Program Files\iPod
2008-04-09 15:52:46 0 d-------- C:\Program Files\QuickTime
2008-04-08 17:52:18 0 d-------- C:\Program Files\MSN Messenger
2008-04-08 17:51:12 0 d-------- C:\Program Files\Windows Live
2008-04-04 19:01:11 0 d-------- C:\Documents and Settings\Florin\Application Data\FrostWire
2008-04-04 18:49:23 194066 --a------ C:\Documents and Settings\Florin\Application Data\com.kennettnet.MusicRescueProfiles.plist
2008-04-04 18:49:22 3232 --a------ C:\Documents and Settings\Florin\Application Data\com.kennettnet.MusicRescue.plist
2008-03-30 11:40:50 0 d-------- C:\Program Files\Circle Developement
2008-03-30 11:40:47 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-26 23:25:29 0 d-------- C:\Program Files\Winamp
2008-03-26 08:17:31 145 --a------ C:\WINDOWS\?????????????????????????????????i
2008-03-25 09:03:43 0 d-------- C:\Program Files\Winamp Toolbar
2008-03-23 18:58:58 89 --ah----- C:\WINDOWS\popcinfo.dat
2008-03-22 12:47:49 16 --a------ C:\WINDOWS\popcinfot.dat
2008-03-21 14:49:01 0 d-------- C:\Documents and Settings\Florin\Application Data\Adobe
2008-03-21 14:44:24 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-17 07:40:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-16 05:18:51 0 d-------- C:\Program Files\DAEMON Tools
2008-03-16 02:31:50 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-16 02:31:29 0 d-------- C:\Program Files\Windows NT
2008-03-15 20:25:32 0 d-------- C:\Program Files\Ahead
2008-03-12 15:59:56 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-03-10 00:08:26 0 d-------- C:\Program Files\QuickTax 2007
2008-03-09 20:29:27 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-28 19:09:28 0 d-------- C:\Program Files\AoA Audio Extractor
2008-02-28 18:57:13 0 d-------- C:\Program Files\FLV Player
2008-02-28 17:50:29 0 d-------- C:\Documents and Settings\Florin\Application Data\CopyTrans
2008-02-20 20:27:35 0 d-------- C:\Program Files\EasyRecorder
2008-02-09 11:21:40 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-01-14 08:52:00 81920 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02715E47-5A8E-495B-8F63-0D30470B8E72}]
04/11/2008 04:49 PM 39936 --a------ C:\WINDOWS\system32\byXOiIca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
12/13/2007 12:49 PM 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE89070E-F94D-4E93-8622-8351C6BD7668}]
04/11/2008 04:59 PM 273408 --a------ C:\WINDOWS\system32\yayvsPhh.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [12/13/2007 12:49 PM 1185120]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [07/02/2002 06:56 PM C:\WINDOWS\system32\CTHELPER.EXE]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [12/26/2001 02:00 AM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [01/13/2006 08:13 PM]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [07/08/2003 03:00 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 01:35 PM]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [01/05/2007 06:12 PM]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [09/15/2006 02:21 PM]
"SoundMan"="SOUNDMAN.EXE" [08/17/2005 06:39 PM C:\WINDOWS\soundman.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/09/2007 04:15 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 06:54 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Florin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [6/28/2007 10:14:11 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{02715E47-5A8E-495B-8F63-0D30470B8E72}"= C:\WINDOWS\system32\byXOiIca.dll [04/11/2008 04:49 PM 39936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qdnkewfa"= {7FCF8B39-6002-427E-9BDA-C30E916746BD} - C:\WINDOWS\qdnkewfa.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOiIca]
byXOiIca.dll 04/11/2008 04:49 PM 39936 C:\WINDOWS\system32\byXOiIca.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayvsPhh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sorin_Diana^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\Sorin_Diana\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
"C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder]
"C:\Program Files\MSN Webcam Recorder\ml20gui.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\onlinevga]
C:\DOCUME~1\SORIN_~1\APPLIC~1\BITSIT~1\Curb second.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\part chin math idol]
C:\Documents and Settings\All Users\Application Data\That size part chin\Dent Frag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\pacsteam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
C:\WINDOWS\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"C:\Program Files\WhenUSearch\Search.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
"C:\Program Files\WhenUSearch\whse.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\wianmpa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZortamMp3MediaStudio]
"C:\Program Files\Zortam Mp3 Media Studio\zmmspro.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2754bbf4-b306-11dc-9899-00e04ceb2af3}]
AutoRun\command- J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3df7748-c5bc-11dc-ae25-00e04ceb2af3}]
AutoRun\command- J:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-13 13:32:41 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4400+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4400+
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2046.46 MiB / 1423.09 MiB
Pagefile Memory (total/avail): 3938.65 MiB / 3408.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.48 MiB

C: is Fixed (NTFS) - 92.41 GiB total, 29.88 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 65.8 GiB total, 28.88 GiB free.
F: is Fixed (NTFS) - 97.66 GiB total, 42.26 GiB free.
G: is Fixed (NTFS) - 42.21 GiB total, 21.05 GiB free.

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 92.41 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 205.67 GiB - E: - F: - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallOverride is set.

FW: Symantec Endpoint Protection v10.0 (Symantec Corporation.)
AV: Symantec Endpoint Protection v11.0.1000.1112 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"="C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"F:\\Softwere\\LimeWire\\LimeWire.exe"="F:\\Softwere\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\iWin Games\\iWinGames.exe"="C:\\Program Files\\iWin Games\\iWinGames.exe:*:Enabled:iWin Games application."
"C:\\Program Files\\iWin Games\\WebUpdater.exe"="C:\\Program Files\\iWin Games\\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
&q
  • 0

#4
Essexboy
Posted 13 April 2008 - 02:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK more to do as that revealed a lot of other infections

This will be a big fix so I would recommend copying this post to a text file for reference

Please Download NoLop to your desktop from the link below...
Link 1
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

NEXT

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02715E47-5A8E-495B-8F63-0D30470B8E72} - C:\WINDOWS\system32\byXOiIca.dll
O2 - BHO: (no name) - {AE89070E-F94D-4E93-8622-8351C6BD7668} - C:\WINDOWS\system32\yayvsPhh.dll
O20 - Winlogon Notify: byXOiIca - C:\WINDOWS\SYSTEM32\byXOiIca.dll
O21 - SSODL: qdnkewfa - {7FCF8B39-6002-427E-9BDA-C30E916746BD} - C:\WINDOWS\qdnkewfa.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

PC-Cleaner

Please note any other programs that you dont recognize in that list in your next response

THEN

Download and run ERUNT http://www.larsheder...nline.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

FOLLOWED BY

  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\WhenUSearch
c:\docume~1\sebast~1\locals~1\temp\adxapie.sys 
C:\WINDOWS\Tasks\A0054BE891E6FEB4.job
C:\WINDOWS\privacy_danger
C:\Program Files\PC-Cleaner
C:\WINDOWS\system32\abgnqtux.exe
C:\WINDOWS\system32\wdalonoz.exe
C:\WINDOWS\system32\hhPsvyay.ini2
C:\WINDOWS\system32\yayvsPhh.dll
C:\WINDOWS\apoxqwfv.exe
C:\WINDOWS\system32\byXOiIca.dll
C:\WINDOWS\.rk_save_32
C:\Program Files\BITS ITCH TITLE
C:\WINDOWS\qdnkewfa.dll 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\onlinevga
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

AND FINALLY FOR NOW

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Logs required : NoLop, OTMoveit and Combofix
  • 0

#5
fastingaciu
Posted 13 April 2008 - 05:38 PM

fastingaciu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you for your fast response. I have done everything you've asked for and here are the logs. Also I did not find Pc Cleaner in my Add\Remove Program list.


NoLop LogFile

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Florin\Desktop
[4/13/2008]
[6:40:20 PM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A0054BE891E6FEB4.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Ati
C:\Documents and Settings\All Users\Application Data\Autodesk
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Bvrp Software
C:\Documents and Settings\All Users\Application Data\Creative
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Enternhelp
C:\Documents and Settings\All Users\Application Data\Espionserverdata
C:\Documents and Settings\All Users\Application Data\Google Updater
C:\Documents and Settings\All Users\Application Data\Intuit Canada
C:\Documents and Settings\All Users\Application Data\Iwin Games
C:\Documents and Settings\All Users\Application Data\Kodak
C:\Documents and Settings\All Users\Application Data\Last.fm
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Mumbojumbo
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Netjet
C:\Documents and Settings\All Users\Application Data\Nikon
C:\Documents and Settings\All Users\Application Data\Noteborq -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Oberon Media
C:\Documents and Settings\All Users\Application Data\Orbnetworks
C:\Documents and Settings\All Users\Application Data\Popcap
C:\Documents and Settings\All Users\Application Data\Sega
C:\Documents and Settings\All Users\Application Data\Subliminal Flash
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Ultima_t15
C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\All Users\Application Data\Wlinstaller
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\All Users\Application Data\{cd08d33b-f39b-4a65-944a-a36fe20fb7bc}
C:\Documents and Settings\Default User\Application Data\Apple Computer
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Florin\Application Data\4team
C:\Documents and Settings\Florin\Application Data\Adobe
C:\Documents and Settings\Florin\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Florin\Application Data\Ahead
C:\Documents and Settings\Florin\Application Data\Apple Computer
C:\Documents and Settings\Florin\Application Data\Atari
C:\Documents and Settings\Florin\Application Data\Ati
C:\Documents and Settings\Florin\Application Data\Autodesk
C:\Documents and Settings\Florin\Application Data\Bittorrent
C:\Documents and Settings\Florin\Application Data\Converttemp -- EMPTY Directory
C:\Documents and Settings\Florin\Application Data\Copytrans
C:\Documents and Settings\Florin\Application Data\Creative
C:\Documents and Settings\Florin\Application Data\Cyberlink
C:\Documents and Settings\Florin\Application Data\Dev-cpp
C:\Documents and Settings\Florin\Application Data\Eltima Software
C:\Documents and Settings\Florin\Application Data\Frostwire
C:\Documents and Settings\Florin\Application Data\Google
C:\Documents and Settings\Florin\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Florin\Application Data\Identities
C:\Documents and Settings\Florin\Application Data\Installshield
C:\Documents and Settings\Florin\Application Data\Intertrust
C:\Documents and Settings\Florin\Application Data\Lavasoft
C:\Documents and Settings\Florin\Application Data\Limewire
C:\Documents and Settings\Florin\Application Data\Macromedia
C:\Documents and Settings\Florin\Application Data\Microsoft
C:\Documents and Settings\Florin\Application Data\Moyea
C:\Documents and Settings\Florin\Application Data\Mozilla
C:\Documents and Settings\Florin\Application Data\Musicip
C:\Documents and Settings\Florin\Application Data\Oberon Media
C:\Documents and Settings\Florin\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Florin\Application Data\Rapidget
C:\Documents and Settings\Florin\Application Data\Ringtone
C:\Documents and Settings\Florin\Application Data\Samsung
C:\Documents and Settings\Florin\Application Data\Seven Zip
C:\Documents and Settings\Florin\Application Data\Sun
C:\Documents and Settings\Florin\Application Data\Synthfont
C:\Documents and Settings\Florin\Application Data\Talkback
C:\Documents and Settings\Florin\Application Data\Temporary
C:\Documents and Settings\Florin\Application Data\Tmprecenticons
C:\Documents and Settings\Florin\Application Data\Transrender -- EMPTY Directory
C:\Documents and Settings\Florin\Application Data\Vlc
C:\Documents and Settings\Florin\Application Data\Winamp
C:\Documents and Settings\Florin\Application Data\Xfire
C:\Documents and Settings\Florin\Application Data\Yahoo!
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mozilla
C:\Documents and Settings\Localservice\Application Data\Talkback
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Sorin_diana\Application Data\Adobe
C:\Documents and Settings\Sorin_diana\Application Data\Adobeum
C:\Documents and Settings\Sorin_diana\Application Data\Ahead
C:\Documents and Settings\Sorin_diana\Application Data\Apple Computer
C:\Documents and Settings\Sorin_diana\Application Data\Arcsoft
C:\Documents and Settings\Sorin_diana\Application Data\Atari
C:\Documents and Settings\Sorin_diana\Application Data\Ati
C:\Documents and Settings\Sorin_diana\Application Data\Autodesk
C:\Documents and Settings\Sorin_diana\Application Data\Creative
C:\Documents and Settings\Sorin_diana\Application Data\Cyberlink
C:\Documents and Settings\Sorin_diana\Application Data\Google
C:\Documents and Settings\Sorin_diana\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Sorin_diana\Application Data\Identities
C:\Documents and Settings\Sorin_diana\Application Data\Installshield
C:\Documents and Settings\Sorin_diana\Application Data\Intuit Canada
C:\Documents and Settings\Sorin_diana\Application Data\Iwin
C:\Documents and Settings\Sorin_diana\Application Data\Lavasoft
C:\Documents and Settings\Sorin_diana\Application Data\Leadertech
C:\Documents and Settings\Sorin_diana\Application Data\Macromedia
C:\Documents and Settings\Sorin_diana\Application Data\Mechsoft
C:\Documents and Settings\Sorin_diana\Application Data\Microsoft
C:\Documents and Settings\Sorin_diana\Application Data\Mozilla
C:\Documents and Settings\Sorin_diana\Application Data\Msn6
C:\Documents and Settings\Sorin_diana\Application Data\Musicip
C:\Documents and Settings\Sorin_diana\Application Data\Nikon
C:\Documents and Settings\Sorin_diana\Application Data\Oberon Media
C:\Documents and Settings\Sorin_diana\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Sorin_diana\Application Data\Panasonic
C:\Documents and Settings\Sorin_diana\Application Data\Samsung
C:\Documents and Settings\Sorin_diana\Application Data\Screenshot Sender
C:\Documents and Settings\Sorin_diana\Application Data\Starware347
C:\Documents and Settings\Sorin_diana\Application Data\Sun
C:\Documents and Settings\Sorin_diana\Application Data\Talkback
C:\Documents and Settings\Sorin_diana\Application Data\Tmprecenticons
C:\Documents and Settings\Sorin_diana\Application Data\U3
C:\Documents and Settings\Sorin_diana\Application Data\Utorrent
C:\Documents and Settings\Sorin_diana\Application Data\Vlc
C:\Documents and Settings\Sorin_diana\Application Data\Whenu
C:\Documents and Settings\Sorin_diana\Application Data\Winamp
C:\Documents and Settings\Sorin_diana\Application Data\Xfire -- EMPTY Directory
C:\Documents and Settings\Sorin_diana\Application Data\Yahoo!

HijackThis Log File after NoLop

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:43 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Florin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc4c2a6e] rundll32.exe "C:\WINDOWS\system32\tmvvqude.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156908970488
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157302271718
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O21 - SSODL: qdnkewfa - {7FCF8B39-6002-427E-9BDA-C30E916746BD} - C:\WINDOWS\qdnkewfa.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 12860 bytes

OTmoveIt log file

File/Folder C:\Program Files\WhenUSearch not found.
File/Folder c:\docume~1\sebast~1\locals~1\temp\adxapie.sys not found.
File/Folder C:\WINDOWS\Tasks\A0054BE891E6FEB4.job not found.
Folder move failed. C:\WINDOWS\privacy_danger scheduled to be moved on reboot.
C:\Program Files\PC-Cleaner moved successfully.
C:\WINDOWS\system32\abgnqtux.exe moved successfully.
C:\WINDOWS\system32\wdalonoz.exe moved successfully.
C:\WINDOWS\system32\hhPsvyay.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayvsPhh.dll
C:\WINDOWS\system32\yayvsPhh.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yayvsPhh.dll scheduled to be moved on reboot.
C:\WINDOWS\apoxqwfv.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\byXOiIca.dll
C:\WINDOWS\system32\byXOiIca.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\byXOiIca.dll scheduled to be moved on reboot.
C:\WINDOWS\.rk_save_32 moved successfully.
C:\Program Files\BITS ITCH TITLE moved successfully.
File/Folder C:\WINDOWS\qdnkewfa.dll not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\onlinevga >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\onlinevga\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE\\ deleted successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04132008_190041

Files moved on Reboot...
Folder move failed. C:\WINDOWS\privacy_danger scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayvsPhh.dll
C:\WINDOWS\system32\yayvsPhh.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yayvsPhh.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\byXOiIca.dll
C:\WINDOWS\system32\byXOiIca.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\byXOiIca.dll scheduled to be moved on reboot.

CombFix logfile
ComboFix 08-04-13.1 - Florin 2008-04-13 19:10:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1427 [GMT -4:00]
Running from: C:\Documents and Settings\Florin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Florin\Favorites\Error Cleaner.url
C:\Documents and Settings\Florin\Favorites\Privacy Protector.url
C:\Documents and Settings\Florin\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Configurator\Configurator.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Configurator\Configurator.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Games\GamesOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Games\GamesOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Manager\ManagerOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Movies\MoviesOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Pranks\PranksOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Sorin_Diana\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Sorin_Diana\Desktop\Error Cleaner.url
C:\Documents and Settings\Sorin_Diana\Desktop\Privacy Protector.url
C:\Documents and Settings\Sorin_Diana\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Sorin_Diana\Favorites\Error Cleaner.url
C:\Documents and Settings\Sorin_Diana\Favorites\Privacy Protector.url
C:\Documents and Settings\Sorin_Diana\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\byXOiIca.dll
C:\WINDOWS\system32\eduqvvmt.ini
C:\WINDOWS\system32\hhPsvyay.ini
C:\WINDOWS\system32\hhPsvyay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\tmvvqude.dll
C:\WINDOWS\system32\yayvsPhh.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 18:57 . 2008-04-13 18:57 <DIR> d-------- C:\Program Files\ERUNT
2008-04-13 18:43 . 2008-04-13 18:44 <DIR> d-------- C:\NoLopBackups
2008-04-13 13:16 . 2008-04-13 13:16 <DIR> d-------- C:\Deckard
2008-04-13 13:14 . 2008-04-13 13:14 <DIR> d-------- C:\_OTMoveIt
2008-04-13 10:21 . 2008-04-13 10:21 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-13 10:15 . 2008-04-13 10:14 230,776 --a------ C:\aswclear.exe
2008-04-13 09:32 . 2008-04-13 09:32 2,218,368 --a------ C:\AROTrial.exe
2008-04-12 16:11 . 2008-04-12 16:11 <DIR> d-------- C:\WINDOWS\privacy_danger
2008-04-12 13:54 . 2008-04-13 13:04 1,134 --ahs---- C:\WINDOWS\system32\uanjaogs.ini
2008-04-12 08:05 . 2008-04-12 08:05 <DIR> d-------- C:\Documents and Settings\Florin\Application Data\Ahead
2008-04-12 07:57 . 2008-04-12 07:57 <DIR> d-------- C:\Program Files\GetFLV
2008-04-12 07:57 . 2008-04-04 07:18 1,462,272 --a------ C:\WINDOWS\system32\vbsgf.dat
2008-04-12 07:53 . 2007-06-29 10:55 577,536 --a------ C:\WINDOWS\system32\audiocodec.dll
2008-04-12 07:53 . 2007-06-29 10:55 282,624 --a------ C:\WINDOWS\system32\4codedecoder.dll
2008-04-12 07:53 . 2007-06-29 10:55 233,472 --a------ C:\WINDOWS\system32\dllzaac.dll
2008-04-12 07:53 . 2007-06-29 10:55 217,088 --a------ C:\WINDOWS\system32\mp4filelib.dll
2008-04-12 07:53 . 2007-06-29 10:55 57,344 --a------ C:\WINDOWS\system32\streamio.dll
2008-04-11 22:10 . 2008-04-13 09:46 <DIR> d-------- C:\Documents and Settings\Sorin_Diana\Application Data\TmpRecentIcons
2008-04-11 18:36 . 2008-04-12 10:09 <DIR> d-------- C:\Documents and Settings\Florin\Application Data\TmpRecentIcons
2008-04-11 17:03 . 2008-04-11 17:03 <DIR> d-------- C:\Program Files\SourceTec
2008-04-11 17:03 . 2007-02-05 12:00 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-11 17:03 . 2007-02-05 12:00 135,168 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-11 17:03 . 2008-04-11 17:03 37 --a------ C:\WINDOWS\SWFConverter.INI
2008-04-11 17:00 . 2008-04-12 09:07 714 --ahs---- C:\WINDOWS\system32\uwcpxadx.ini
2008-04-11 16:56 . 2008-04-11 16:56 <DIR> d-------- C:\Program Files\Swf2Avi
2008-04-11 16:52 . 2008-04-11 16:52 <DIR> d-------- C:\Program Files\Xilisoft
2008-04-11 16:49 . 2008-04-12 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\noteborq
2008-04-11 16:41 . 2008-04-11 16:41 <DIR> d-------- C:\Program Files\Moyea
2008-04-11 16:37 . 2008-04-11 16:37 <DIR> d-------- C:\Documents and Settings\Florin\Application Data\Moyea
2008-04-11 16:32 . 2008-04-11 16:32 <DIR> d-------- C:\Documents and Settings\Florin\Application Data\Eltima Software
2008-04-09 07:23 . 2008-04-13 19:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-09 07:23 . 2008-04-09 07:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-08 17:51 . 2008-04-08 17:51 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 17:50 . 2008-04-08 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-31 17:47 . 2008-03-31 17:47 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-03-31 17:47 . 2008-04-12 08:42 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 09:05 . 2008-03-28 09:05 <DIR> d-------- C:\Program Files\MSECache
2008-03-26 18:00 . 2008-03-26 18:00 1,816 --a------ C:\WINDOWS\TSearch.INI
2008-03-26 08:17 . 2008-03-26 08:17 145 --a------ C:\WINDOWS\?????????????????????????????????i
2008-03-25 23:46 . 2008-03-25 23:48 <DIR> d-------- C:\Documents and Settings\Sorin_Diana\Application Data\Winamp
2008-03-25 09:02 . 2008-03-25 16:47 <DIR> d-------- C:\Documents and Settings\Florin\Application Data\Winamp
2008-03-23 11:07 . 2008-03-23 11:19 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-17 15:51 . 2008-04-13 19:20 3,375,934 --a------ C:\WINDOWS\{00000004-00000000-00000008-00001102-00000002-80641102}.CDF
2008-03-17 15:51 . 2008-04-13 19:20 3,375,934 --a------ C:\WINDOWS\{00000004-00000000-00000008-00001102-00000002-80641102}.BAK
2008-03-17 08:35 . 2008-04-13 19:18 29,808 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000004-00000000-00000008-00001102-00000002-80641102}.rfx
2008-03-17 08:35 . 2008-04-13 19:18 29,808 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000004-00000000-00000008-00001102-00000002-80641102}.rfx
2008-03-17 08:35 . 2008-04-13 19:18 17,500 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000004-00000000-00000008-00001102-00000002-80641102}.rfx
2008-03-17 08:35 . 2008-04-13 19:18 17,500 --a------ C:\WINDOWS\system32\BMXState-{00000004-00000000-00000008-00001102-00000002-80641102}.rfx
2008-03-17 08:35 . 2008-04-13 19:18 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000008-00001102-00000002-80641102}.dat
2008-03-17 08:35 . 2008-04-13 19:18 24 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000008-00001102-00000002-80641102}.dat
2008-03-16 03:15 . 2008-03-16 03:15 136,496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-16 03:15 . 2007-12-18 20:06 91,008 --a------ C:\WINDOWS\system32\drivers\SysPlant.sys
2008-03-16 03:15 . 2008-03-16 03:15 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-16 03:15 . 2008-03-16 03:15 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-16 03:15 . 2008-03-16 03:15 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-16 03:11 . 2008-03-16 03:15 <DIR> d-------- C:\Program Files\Symantec
2008-03-16 03:11 . 2008-03-16 03:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-16 03:11 . 2008-03-16 03:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-16 03:04 . 2008-03-16 03:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-16 02:37 . 2004-08-04 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-16 02:36 . 2004-08-04 08:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-03-16 02:33 . 2008-03-16 02:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-16 02:32 . 2004-08-04 08:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-03-16 02:32 . 2008-03-16 02:32 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-16 02:32 . 2008-03-16 02:32 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-16 02:32 . 2008-03-16 02:32 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-16 02:32 . 2008-03-16 02:32 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-16 02:32 . 2008-03-16 02:32 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-16 02:18 . 2004-08-04 08:00 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-03-16 02:18 . 2004-08-04 08:00 1,086,058 -ra------ C:\WINDOWS\SET103.tmp
2008-03-16 02:18 . 2004-08-04 08:00 1,042,903 --a--c--- C:\WINDOWS\system32\dllcache\SP2.CAT
2008-03-16 02:18 . 2004-08-04 08:00 1,042,903 -ra------ C:\WINDOWS\SET101.tmp
2008-03-16 02:18 . 2004-08-04 08:00 502,724 --a--c--- C:\WINDOWS\system32\dllcache\NT5INF.CAT
2008-03-16 02:18 . 2004-08-04 08:00 13,753 -ra------ C:\WINDOWS\SET10B.tmp
2008-03-16 01:42 . 2008-03-16 01:42 <DIR> d-------- C:\Program Files\Subliminal Flash
2008-03-16 01:42 . 2008-03-16 01:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Subliminal Flash
2008-03-16 01:38 . 2008-03-16 01:38 <DIR> d-------- C:\Program Files\Subliminal Images
2008-03-15 20:41 . 2008-03-15 23:27 <DIR> d-------- C:\Documents and Settings\Sorin_Diana\Application Data\Ahead
2008-03-15 20:40 . 2008-03-15 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-15 20:37 . 2008-03-15 20:37 <DIR> d-------- C:\Program Files\Nero
2008-03-15 20:37 . 2008-03-15 20:43 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-15 20:37 . 2008-03-15 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 11:52 --------- d-----w C:\Program Files\Eltima Software
2008-04-11 12:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-11 03:38 --------- d-----w C:\Documents and Settings\Sorin_Diana\Application Data\U3
2008-04-09 19:54 --------- d-----w C:\Program Files\iTunes
2008-04-09 19:53 --------- d-----w C:\Program Files\iPod
2008-04-09 19:52 --------- d-----w C:\Program Files\QuickTime
2008-04-08 21:52 --------- d-----w C:\Program Files\MSN Messenger
2008-04-08 21:51 --------- d-----w C:\Program Files\Windows Live
2008-04-04 23:01 --------- d-----w C:\Documents and Settings\Florin\Application Data\FrostWire
2008-03-30 15:40 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-30 15:40 --------- d-----w C:\Program Files\Circle Developement
2008-03-30 06:15 --------- d-----w C:\Documents and Settings\Sorin_Diana\Application Data\MSN6
2008-03-27 03:25 --------- d-----w C:\Program Files\Winamp
2008-03-25 20:15 50,536 ----a-w C:\WINDOWS\system32\drivers\WpsHelper.sys
2008-03-25 13:03 --------- d-----w C:\Program Files\Winamp Toolbar
2008-03-21 18:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-17 11:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 09:18 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-16 00:25 --------- d-----w C:\Program Files\Ahead
2008-03-10 04:08 --------- d-----w C:\Program Files\QuickTax 2007
2008-03-10 00:29 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-10 00:29 --------- d-----w C:\Documents and Settings\Sorin_Diana\Application Data\Intuit Canada
2008-03-10 00:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit Canada
2008-02-28 23:09 --------- d-----w C:\Program Files\AoA Audio Extractor
2008-02-28 22:57 --------- d-----w C:\Program Files\FLV Player
2008-02-28 21:50 --------- d-----w C:\Documents and Settings\Florin\Application Data\CopyTrans
2008-02-21 00:27 --------- d-----w C:\Program Files\EasyRecorder
2008-02-09 15:21 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-02 22:04 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-12-02 22:04 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-03-08 03:22 67,922 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_03_07_19_52_04_small.dmp.zip
2007-02-25 03:39 15,230,483 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_02_24_09_05_58_full.dmp.zip
2007-02-13 11:32 65,046 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_02_12_08_00_29_small.dmp.zip
2007-02-13 11:32 64,631 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_02_12_08_11_30_small.dmp.zip
2007-01-16 20:44 60,757 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_01_16_15_39_38_small.dmp.zip
2007-01-16 20:44 60,142 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_01_16_15_39_45_small.dmp.zip
2006-12-27 00:53 126,848 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_26_14_02_26_small.dmp.zip
2006-11-02 21:14 131,279 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_11_02_16_06_46_small.dmp.zip
2006-10-22 19:53 7,988 ----a-w C:\Program Files\install.log
2006-10-22 03:41 2,983 ----a-w C:\Program Files\install_wizard.log
2006-10-20 23:29 88,254 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_20_16_26_15_small.dmp.zip
2006-10-20 23:29 107,868 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_20_16_26_29_small.dmp.zip
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 12:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 12:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 12:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49 4662776]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 02:00 191488]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-13 20:13 172032]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [2003-07-08 03:00 99840]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2007-01-05 18:12 258048]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-15 14:21 675840]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 90112 C:\WINDOWS\soundman.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 16:15 115560]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 18:54 37376]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]

C:\Documents and Settings\Sorin_Diana\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 22:14:11 106496]

C:\Documents and Settings\Florin\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 22:14:11 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOiIca]
byXOiIca.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sorin_Diana^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\Sorin_Diana\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 21:52 483328 C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-08-30 06:32 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 18:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msc
  • 0

#6
fastingaciu
Posted 13 April 2008 - 05:42 PM

fastingaciu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Combfix log file (continuation)


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 18:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 10:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2005-11-22 18:38 221184 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2007-07-11 17:09 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-01-13 20:13 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--a------ 2001-11-29 02:00 28672 C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-03-13 22:01 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2007-11-12 17:01 249856 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-12-10 18:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-12-10 18:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 17:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder]
--a------ 2007-11-26 23:03 110592 C:\Program Files\MSN Webcam Recorder\ml20gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-06-11 08:44 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-10-07 20:18 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\part chin math idol]
C:\Documents and Settings\All Users\Application Data\That size part chin\Dent Frag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--a------ 2006-09-15 14:21 675840 C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-08-17 18:39 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-09-13 05:00 1258744 c:\pacsteam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
--a------ 2007-01-05 18:12 258048 C:\WINDOWS\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\wianmpa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--a------ 2004-03-18 09:33 892928 C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZortamMp3MediaStudio]
--a------ 2008-01-29 07:21 2654208 C:\Program Files\Zortam Mp3 Media Studio\zmmspro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"F:\\Softwere\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 BIOS;BIOS;C:\WINDOWS\System32\drivers\BIOS.sys [2005-03-16 02:23]
R1 BS_I2cIo;BS_I2cIo;C:\WINDOWS\System32\drivers\BS_I2cIo.sys [2005-08-14 14:42]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-04-27 19:02]
S3 adxapie;adxapie;C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\adxapie.sys []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 14:55]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-06-10 14:16]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2754bbf4-b306-11dc-9899-00e04ceb2af3}]
\Shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3df7748-c5bc-11dc-ae25-00e04ceb2af3}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 12:47:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-13 22:47:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 19:20:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-13 19:26:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 23:26:39
Pre-Run: 31,728,193,536 bytes free
Post-Run: 32,543,342,592 bytes free
.
2008-04-13 21:04:51 --- E O F ---


Hijackthis after combfix log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:13 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Florin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156908970488
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157302271718
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - Winlogon Notify: byXOiIca - byXOiIca.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 14069 bytes

Edited by fastingaciu, 13 April 2008 - 05:43 PM.

  • 0

#7
Essexboy
Posted 14 April 2008 - 12:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like we got the majority on that run :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
adxapie

File::
C:\WINDOWS\system32\uanjaogs.ini
C:\WINDOWS\system32\vbsgf.dat
C:\WINDOWS\system32\uwcpxadx.ini
C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\adxapie.sys 

Folder::
C:\WINDOWS\privacy_danger
C:\WINDOWS\?????????????????????????????????i

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOiIca]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

NEXT

A search for the waifs and strays

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Logs required : Combofix and the OTScanit log attached
  • 0

#8
fastingaciu
Posted 15 April 2008 - 02:04 PM

fastingaciu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey thanks for all the help. Everything is running much better. Also I have a question. How come there are about 10 svchost.exe running when I open Task Manger?

Also the logs are attached below.

Attached Files


  • 0

#9
Essexboy
Posted 15 April 2008 - 03:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Also I have a question. How come there are about 10 svchost.exe running when I open Task Manger?

Let me know how many after this fix
You will lose your desktop during this fix


Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1085031214-2147134177-725345543-1005\] > -> 
YN -> HKEY_USERS\S-1-5-21-1085031214-2147134177-725345543-1005\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.]
[Files/Folders - Created Within 90 days]
NY -> privacy_danger -> %SystemRoot%\privacy_danger
NY -> {00000004-00000000-00000008-00001102-00000002-80641102}.BAK -> %SystemRoot%\{00000004-00000000-00000008-00001102-00000002-80641102}.BAK
NY -> {00000004-00000000-00000008-00001102-00000002-80641102}.CDF -> %SystemRoot%\{00000004-00000000-00000008-00001102-00000002-80641102}.CDF
NY -> ?????????????????????????????????i -> %SystemRoot%\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳汆牯湩䅜灰楬慣楴湯䐠瑡屡楗慮灭坜湩浡⹰湩i
NY -> ????????????????? -> %SystemRoot%\㩃停潲牧浡䘠汩獥坜湩浡屰楗慮灭椮楮
[Files/Folders - Modified Within 90 days]
NY -> popcinfo.dat -> %SystemRoot%\popcinfo.dat
NY -> popcinfot.dat -> %SystemRoot%\popcinfot.dat
NY -> privacy_danger -> %SystemRoot%\privacy_danger
NY -> {00000004-00000000-00000008-00001102-00000002-80641102}.BAK -> %SystemRoot%\{00000004-00000000-00000008-00001102-00000002-80641102}.BAK
NY -> {00000004-00000000-00000008-00001102-00000002-80641102}.CDF -> %SystemRoot%\{00000004-00000000-00000008-00001102-00000002-80641102}.CDF
NY -> ?????????????????????????????????i -> %SystemRoot%\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳汆牯湩䅜灰楬慣楴湯䐠瑡屡楗慮灭坜湩浡⹰湩i
NY -> ????????????????? -> %SystemRoot%\㩃停潲牧浡䘠汩獥坜湩浡屰楗慮灭椮楮
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 498 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF
NY -> @Alternate Data Stream - 151 bytes -> %AllUsersProfile%\Application Data\TEMP:0B9D8E22
NY -> @Alternate Data Stream - 132 bytes -> %AllUsersProfile%\Application Data\TEMP:1A6AFE3D
NY -> @Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:242231A9
NY -> @Alternate Data Stream - 133 bytes -> %AllUsersProfile%\Application Data\TEMP:268F887D
NY -> @Alternate Data Stream - 110 bytes -> %AllUsersProfile%\Application Data\TEMP:3D5184D8
NY -> @Alternate Data Stream - 109 bytes -> %AllUsersProfile%\Application Data\TEMP:42294FD9
NY -> @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:4DE8EA4B
NY -> @Alternate Data Stream - 105 bytes -> %AllUsersProfile%\Application Data\TEMP:6509ADED
NY -> @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:756C8543
NY -> @Alternate Data Stream - 201 bytes -> %AllUsersProfile%\Application Data\TEMP:7AB4D952
NY -> @Alternate Data Stream - 122 bytes -> %AllUsersProfile%\Application Data\TEMP:8CE646EE
NY -> @Alternate Data Stream - 109 bytes -> %AllUsersProfile%\Application Data\TEMP:B203B914
NY -> @Alternate Data Stream - 135 bytes -> %AllUsersProfile%\Application Data\TEMP:BE76DBCF
NY -> @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:BF218358
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs rewuired : OTScanit report and MBAM
  • 0

#10
Essexboy
Posted 21 April 2008 - 01:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP