Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System auto shuts down while scanning for virus [RESOLVED]


  • This topic is locked This topic is locked

#1
samsungR50

samsungR50

    Member

  • Member
  • PipPip
  • 49 posts
Hello... i'm having a big trouble with my pc, which i think has been infected by virus. i have installed antivir personal edition, and everytime i run the complete scan, even in safe mode, the system of my pc always auto shuts down after about 58% of scan.

i have read some instructions in this forum before posting the HJT logs and the results are the followings:

Step1a - Scan for Spyware/Adware
Malwarebytes' Anti-Malware 1.14
Database version: 811

20:11:49 31/05/2008
mbam-log-5-31-2008 (20-10-57).txt

Scan type: Quick Scan
Objects scanned: 36810
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9fe5b166-bc73-48f4-8696-a66adb1485ae} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{28f85800-2969-4966-8894-eda174875e71} (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Step1b - SUPERAntiSpyware Home Edition
SUPERAntiSpyware Scan Log
Generated 05/31/2008 at 09:59 PM

Application Version : 3.6.1000

Core Rules Database Version : 3472
Trace Rules Database Version: 1463

Scan type : Complete Scan
Total Scan Time : 00:40:55

Memory items scanned : 521
Memory threats detected : 0
Registry items scanned : 4523
Registry threats detected : 0
File items scanned : 45994
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Public\Cookies\[email protected][2].txt


Step 2: Viruses/Trojans

The system also auto shuts down during the scan by Panda Activescan.

My pc is still infected;;;

Here after i run the HJT, the result is as below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:24:31, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Net Studio\USB_FW.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [USBFireWall] C:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impot...gnerADP-1.1.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCB9F5A8-DACC-4E71-8ADD-5716DD651582}: NameServer = 202.56.215.6,202.56.230.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9168 bytes

And here is the uninstall list:

Adobe Flash Player ActiveX
Adobe Reader 8 - Français
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal – Free Antivirus
Concise Oxford English Dictionary (Eleventh Edition)
Désinstaller Le Petit Robert de la langue française
Free Easy Burner V 3.8
getPlus®_ocx
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel® PROSet/Wireless Software
J2SE Runtime Environment 5.0 Update 3
K-Lite Codec Pack 2.72 Full
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mEoU.msi
mHelp
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mSSO
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
mToolkit
mWlsSafe
mXML
mZConfig
New Khmer Dictionary
Nokia Connectivity Cable Driver
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries System Utilities
Nokia PC Suite
Nokia PC Suite
Nokia Software Launcher
Panda ActiveScan 2.0
PC Connectivity Solution
PDFCreator
Search Settings 1.2
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
SENS LT56ADW Modem
SoundMAX
SUPERAntiSpyware Free Edition
TrueCrypt
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB FireWall
VoipStunt
WIDCOMM Bluetooth Software
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WOW XT and TSXT Filter Driver
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

Please help me... Thank you in advance for your kind helps...
  • 0

Advertisements


#2
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello samsungR50 and Welcome to Geeks to Go!

Sorry for the delay in response. We've been quite busy this week. :)

Please read this post completely before proceeding with the fix.
If you have questions, don't hesitate to ask.

First,

Click Start >> Run >> then copy paste text in codebox below

shutdown -a

then press Enter key.

Next,

Please download this file - combofix.exe by sUBs
  • Save it to your Desktop
  • Please, never rename Combofix unless instructed.
  • Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

    "%userprofile%\desktop\ComboFix.exe" /KillAll


  • Click OK and this will start ComboFix in a special way.
  • When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

* Reconnect to the internet

* Post the following logs/Reports:
  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.

Edited by koko_crunch, 02 June 2008 - 03:35 PM.

  • 0

#3
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello koko_crunch. Thank you for your help. I will do as per ur instructions, but I have a question regarding the clean up tools to be performed before running the Hijackthis? should it be the same clean up tools, ie. Malwarebytes' Anti-Malware 1.14 and SUPERAntiSpyware Home Edition?

Regards...
  • 0

#4
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

Hello koko_crunch. Thank you for your help. I will do as per ur instructions, but I have a question regarding the clean up tools to be performed before running the Hijackthis? should it be the same clean up tools, ie. Malwarebytes' Anti-Malware 1.14 and SUPERAntiSpyware Home Edition?


You are referring to the "Before posting a HijackThis log" thread right? Yes, you should use the tools indicated prior to posting a log but once you have performed it, no need to repeat the scans (Malwarebytes/SUperAntispyware) unless included in the fix. You are pass that now, right now just follow my intructions exactly as I have posted on this thread.

If you still have questions, please don't hesitate to ask. :)

Edited by koko_crunch, 03 June 2008 - 07:45 AM.

  • 0

#5
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
hello koko_crunch. the link for downloading combofix.exe doesn't work. could you check it please? or if u have that file please email me to [email protected]

Thank you...
  • 0

#6
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello... i finally found the Combofix.exe and run it as instructed. Hereunder the report:

Thank you.



ComboFix 08-06-01.6 - Public 2008-06-03 9:25:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.272 [GMT -7:00]
Running from: C:\Documents and Settings\Public\desktop\ComboFix.exe
Command switches used :: /KillAll
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ntsdextsd.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-02 10:52 . 2008-06-02 10:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-31 22:21 . 2008-05-31 23:26 <DIR> d-------- C:\Program Files\Panda Security
2008-05-31 21:04 . 2008-06-01 00:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-31 21:04 . 2008-05-31 21:04 <DIR> d-------- C:\Documents and Settings\Public\Application Data\SUPERAntiSpyware.com
2008-05-31 21:04 . 2008-05-31 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-31 21:03 . 2008-05-31 21:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 19:57 . 2008-05-31 19:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 19:57 . 2008-05-31 19:57 <DIR> d-------- C:\Documents and Settings\Public\Application Data\Malwarebytes
2008-05-31 19:57 . 2008-05-31 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 19:57 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-31 19:57 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 19:54 . 2008-05-31 19:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-31 10:50 . 2008-05-31 10:50 <DIR> d-------- C:\Program Files\Net Studio
2008-05-31 08:41 . 2008-05-31 10:39 <DIR> d-------- C:\Documents and Settings\Public\.housecall6.6
2008-05-31 08:39 . 2008-05-31 08:39 <DIR> d-------- C:\WINDOWS\Sun
2008-05-31 08:38 . 2004-08-03 12:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-31 08:35 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-05-31 08:34 . 2008-05-31 08:35 <DIR> d-------- C:\Program Files\Java
2008-05-31 08:24 . 2008-05-31 08:24 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-31 05:21 . 2008-05-31 07:37 145 --a------ C:\WINDOWS\PR1V2.INI
2008-05-31 05:16 . 2008-05-31 05:16 <DIR> d-------- C:\Documents and Settings\Public\Application Data\Search Settings
2008-05-31 05:15 . 2008-05-31 05:15 <DIR> d-------- C:\Program Files\Search Settings
2008-05-31 05:06 . 2008-05-31 05:21 <DIR> d-------- C:\Program Files\Free Easy Burner
2008-05-31 04:38 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-31 04:38 . 2008-05-31 04:38 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-31 04:37 . 2008-05-31 04:37 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-05-31 04:36 . 2008-05-31 04:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-31 04:36 . 2008-05-31 04:36 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-31 04:35 . 2008-05-31 04:35 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-31 04:34 . 2008-05-31 04:36 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-31 04:27 . 2008-05-31 04:27 <DIR> d-------- C:\Program Files\Le Robert
2008-05-31 04:26 . 2008-05-31 04:26 <DIR> d-------- C:\Program Files\COED11
2008-05-31 04:26 . 1998-01-23 13:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
2008-05-31 04:25 . 2008-05-31 04:25 <DIR> d-------- C:\Program Files\New Khmer Dictionary
2008-05-31 04:25 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-05-31 04:25 . 2008-06-01 01:28 89 --a------ C:\WINDOWS\system32\VGAD3.VXD
2008-05-31 04:25 . 1995-05-10 10:02 89 --a------ C:\WINDOWS\system32\SYSTHK.DLX
2008-05-31 04:25 . 2003-03-19 12:26 89 --a------ C:\WINDOWS\system\VGAD3.VXD
2008-05-31 04:25 . 1995-05-10 10:02 89 --a------ C:\WINDOWS\system\SYSTHK.DLX
2008-05-31 04:24 . 2008-05-31 04:24 380 --a------ C:\WINDOWS\vw.ini
2008-05-31 04:23 . 2008-05-31 04:23 <DIR> d-------- C:\LAROUSSE
2008-05-31 04:23 . 2008-05-31 04:23 <DIR> d-------- C:\Documents and Settings\Public\WINDOWS
2008-05-31 04:23 . 1995-12-18 03:02 34,620 --a------ C:\WINDOWS\system\LAIPAREG.TTF
2008-05-31 04:23 . 1994-08-22 22:36 25,808 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2008-05-31 04:23 . 2008-05-31 04:23 1,409 --a------ C:\WINDOWS\system\LAIPAREG.FOT
2008-05-31 04:23 . 2008-05-31 04:24 866 --a------ C:\WINDOWS\LAROUSSE.INI
2008-05-31 04:07 . 2008-05-31 04:07 <DIR> d-------- C:\Documents and Settings\Public\Application Data\Media Player Classic
2008-05-31 04:06 . 2008-05-31 04:06 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 04:05 . 2008-05-31 04:06 <DIR> d-------- C:\Program Files\PDFCreator
2008-05-31 04:05 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-05-31 04:05 . 2004-03-09 01:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-05-31 04:05 . 1998-06-24 01:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-05-31 04:05 . 2001-10-28 17:42 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-05-31 04:05 . 1998-07-06 01:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-05-31 04:03 . 2008-05-31 04:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-30 06:44 . 2008-03-01 06:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-30 06:44 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-30 06:44 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-30 06:44 . 2008-03-01 06:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-30 06:44 . 2008-03-01 06:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-30 06:44 . 2008-03-01 06:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-30 06:44 . 2008-03-01 06:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-30 06:44 . 2008-03-01 06:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-30 06:44 . 2008-02-22 03:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-29 11:40 . 2008-05-29 11:40 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-29 11:06 . 2008-05-29 11:06 <DIR> d-------- C:\Program Files\VoipStunt.com
2008-05-29 11:06 . 2008-05-31 05:35 <DIR> d-------- C:\Documents and Settings\Public\Application Data\VoipStunt
2008-05-29 10:09 . 2008-05-29 10:09 <DIR> d-------- C:\Documents and Settings\Public\Application Data\NSeries
2008-05-29 09:21 . 2008-05-29 09:21 <DIR> d-------- C:\77b71b88c5deaebd98026c86806855bc
2008-05-29 08:42 . 2008-05-29 08:42 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-29 07:04 . 2008-05-31 10:42 <DIR> d-------- C:\Documents and Settings\Public\Application Data\Yahoo!
2008-05-29 07:02 . 2008-06-01 01:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-29 06:50 . 2008-05-31 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-29 06:44 . 2008-05-31 19:11 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-28 20:30 . 2008-05-30 08:21 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-28 20:30 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-28 20:01 . 2008-05-28 20:01 <DIR> d--hs---- C:\Documents and Settings\Public\UserData
2008-05-28 16:48 . 2006-05-17 11:03 44,544 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2008-05-28 16:45 . 2008-05-28 16:45 <DIR> d-------- C:\Program Files\Avira
2008-05-28 16:45 . 2008-05-28 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-28 16:35 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-28 12:14 . 2008-05-31 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-28 11:37 . 2008-05-28 11:37 <DIR> d-------- C:\Documents and Settings\Public\Bluetooth Software
2008-05-28 11:37 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-28 11:37 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-28 11:36 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-28 11:36 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-28 11:35 . 2008-05-28 11:35 <DIR> d-------- C:\Program Files\WIDCOMM
2008-05-28 11:35 . 2007-02-27 11:02 868,042 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2008-05-28 11:35 . 2007-01-24 11:33 530,861 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2008-05-28 11:35 . 2006-10-15 10:01 149,123 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys
2008-05-28 11:35 . 2006-10-15 10:04 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll
2008-05-28 11:35 . 2007-01-24 11:27 67,960 --a------ C:\WINDOWS\system32\drivers\btwusb.sys
2008-05-28 11:35 . 2006-11-28 08:48 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2008-05-28 11:35 . 2006-10-09 18:00 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys
2008-05-28 11:35 . 2006-10-15 09:59 30,285 --a------ C:\WINDOWS\system32\drivers\btwmodem.sys
2008-05-28 11:33 . 2008-05-28 11:33 <DIR> d-------- C:\Program Files\DIFX
2008-05-28 11:33 . 2008-05-28 11:33 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-28 11:33 . 2008-05-28 11:33 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-28 11:33 . 2008-05-28 12:51 <DIR> d-------- C:\Documents and Settings\Public\Application Data\Nokia
2008-05-28 11:33 . 2008-05-28 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-28 11:32 . 2008-05-28 11:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-28 11:32 . 2008-05-28 11:32 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-28 11:32 . 2008-05-28 12:50 <DIR> d-------- C:\Program Files\Nokia
2008-05-28 11:32 . 2008-05-28 11:43 <DIR> d-------- C:\Documents and Settings\Public\Application Data\PC Suite
2008-05-28 11:32 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-05-28 11:32 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-28 11:32 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-28 11:32 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-05-28 11:32 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-05-28 11:32 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-05-28 11:31 . 2008-05-28 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-28 10:39 . 2008-05-28 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-28 10:39 . 2004-08-12 08:44 234,496 --a------ C:\WINDOWS\system32\drivers\iwca.sys
2008-05-28 10:39 . 2008-05-28 10:39 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-28 10:39 . 2004-08-12 08:44 16,384 --a------ C:\WINDOWS\system32\iwca.dll
2008-05-28 10:34 . 2008-05-28 10:40 <DIR> d-------- C:\Documents and Settings\Public\Application Data\Intel
2008-05-28 10:34 . 2008-05-28 10:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-28 10:34 . 2004-08-12 08:43 21,504 --a------ C:\WINDOWS\system32\drivers\iwca2k.sys
2008-05-28 10:34 . 2004-08-11 19:55 3,101 --a------ C:\WINDOWS\system32\drivers\netsiwca.inf
2008-05-28 10:34 . 2004-08-11 19:55 1,960 --a------ C:\WINDOWS\system32\drivers\netiwca.inf
2008-05-28 10:33 . 2005-05-31 22:46 1,671,168 --a------ C:\WINDOWS\system32\W29MLRES.DLL
2008-05-28 10:33 . 2005-06-03 09:20 13 --a------ C:\WINDOWS\system32\drivers\verfile.tic
2008-05-28 09:40 . 2008-05-28 09:40 <DIR> d-------- C:\Program Files\TrueCrypt
2008-05-28 09:40 . 2008-05-28 09:41 <DIR> d-------- C:\Documents and Settings\Public\Application Data\TrueCrypt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 22:44 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-04-16 17:56 1107296 --a------ C:\Program Files\Search Settings\kb127\SearchSettings.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 12:26 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"Le Petit Robert Hyperappel"="C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 12:11 22560]
"USBFireWall"="C:\Program Files\Net Studio\USB_FW.exe" [2008-03-22 00:11 1299968]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-01 00:49 1510640]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-06-02 08:49 2321600]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48 1388544]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 19:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 17:37 184320]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50 356352]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 07:30 3096576]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-04-16 17:56 985440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-01 00:49 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-01 00:49 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=

R3 wowfilter;WOW XT Filter Driver;C:\WINDOWS\system32\drivers\wowfilter.sys [2005-06-08 16:58]
S3 ADDMEM;ADDMEM;C:\DOCUME~1\Public\LOCALS~1\Temp\__Samsung_Update\ADDMEM.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5005506-2d0e-11dd-bd34-9d59d375d30a}]
\Shell\AutoRun\command - adb.com
\Shell\explore\Command - adb.com
\Shell\open\Command - adb.com

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 09:28:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
.
**************************************************************************
.
Completion time: 2008-06-03 9:31:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-03 16:31:06
ComboFix2.txt 2008-05-29 13:55:49

Pre-Run: 45,260,537,856 bytes free
Post-Run: 45,318,270,976 bytes free

238 --- E O F --- 2008-06-01 08:31:31





++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++

and here is the log file of HJthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:54, on 2008-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Net Studio\USB_FW.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [USBFireWall] C:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impot...gnerADP-1.1.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCB9F5A8-DACC-4E71-8ADD-5716DD651582}: NameServer = 202.56.215.6,202.56.230.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9209 bytes

Edited by samsungR50, 03 June 2008 - 10:55 AM.

  • 0

#7
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok... Let's check your system again.

Next,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Finally,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Post back with the following logs.

- MBAM log
- SuperAntispyware log
- DSS logs
  • 0

#8
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello... thanks again for your time. here are the results:

Malwarebytes

Malwarebytes' Anti-Malware 1.14
Database version: 821

06:23:33 2008-06-04
mbam-log-6-4-2008 (06-23-33).txt

Scan type: Quick Scan
Objects scanned: 37762
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Super anti spyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/04/2008 at 07:15 AM

Application Version : 4.1.1046

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 00:46:43

Memory items scanned : 457
Memory threats detected : 0
Registry items scanned : 4239
Registry threats detected : 0
File items scanned : 46027
File threats detected : 24

Adware.Tracking Cookie
C:\Documents and Settings\Public\Cookies\public@hotlog[1].txt
C:\Documents and Settings\Public\Cookies\public@adtech[1].txt
C:\Documents and Settings\Public\Cookies\public@xiti[1].txt
C:\Documents and Settings\Public\Cookies\[email protected][2].txt
C:\Documents and Settings\Public\Cookies\public@casalemedia[2].txt
C:\Documents and Settings\Public\Cookies\[email protected][1].txt
C:\Documents and Settings\Public\Cookies\[email protected][1].txt
C:\Documents and Settings\Public\Cookies\public@hitbox[2].txt
C:\Documents and Settings\Public\Cookies\[email protected][1].txt
C:\Documents and Settings\Public\Cookies\public@apmebf[1].txt
C:\Documents and Settings\Public\Cookies\public@adbrite[1].txt
C:\Documents and Settings\Public\Cookies\[email protected][2].txt
C:\Documents and Settings\Public\Cookies\public@adrevolver[2].txt
C:\Documents and Settings\Public\Cookies\[email protected][1].txt
C:\Documents and Settings\Public\Cookies\public@weborama[1].txt
C:\Documents and Settings\Public\Cookies\public@doubleclick[1].txt
C:\Documents and Settings\Public\Cookies\public@specificclick[2].txt
C:\Documents and Settings\Public\Cookies\public@statcounter[2].txt
C:\Documents and Settings\Public\Cookies\public@tribalfusion[2].txt
C:\Documents and Settings\Public\Cookies\public@questionmarket[1].txt
C:\Documents and Settings\Public\Cookies\public@yadro[1].txt
C:\Documents and Settings\Public\Cookies\[email protected][1].txt
C:\Documents and Settings\Public\Cookies\[email protected][2].txt
C:\Documents and Settings\Public\Cookies\public@revenue[2].txt


DSS main

Deckard's System Scanner v20071014.68
Run by Public on 2008-06-04 07:25:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
34: 2008-06-04 14:25:26 UTC - RP34 - Deckard's System Scanner Restore Point
33: 2008-06-03 16:25:09 UTC - RP33 - ComboFix created restore point
32: 2008-06-02 15:39:09 UTC - RP32 - System Checkpoint
31: 2008-06-01 08:30:44 UTC - RP31 - Software Distribution Service 3.0
30: 2008-06-01 04:04:02 UTC - RP30 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-05-28 22:51:22 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Public.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:25, on 2008-06-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Net Studio\USB_FW.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Public\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Public.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [USBFireWall] C:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impot...gnerADP-1.1.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCB9F5A8-DACC-4E71-8ADD-5716DD651582}: NameServer = 202.56.215.6,202.56.230.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9221 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 wowfilter (WOW XT Filter Driver) - c:\windows\system32\drivers\wowfilter.sys <Not Verified; ; SRS WOW XT for Windows XP>

S3 ADDMEM - c:\docume~1\public\locals~1\temp\__samsung_update\addmem.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 OwnershipProtocol - c:\program files\intel\wireless\bin\oprotsvc.exe <Not Verified; Intel Corporation; Intel PROSet/Wireless>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-02 10:52:15 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-02 07:42:14 0 d-------- C:\Documents and Settings\Public\Application Data\WinRAR
2008-05-31 22:21:17 0 d-------- C:\Program Files\Panda Security
2008-05-31 21:04:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-31 21:04:04 0 d-------- C:\Program Files\SUPERAntiSpyware <SUPERA~1>
2008-05-31 21:04:04 0 d-------- C:\Documents and Settings\Public\Application Data\SUPERAntiSpyware.com
2008-05-31 21:03:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 19:57:22 0 d-------- C:\Documents and Settings\Public\Application Data\Malwarebytes
2008-05-31 19:57:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 19:57:19 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware <MALWAR~1>
2008-05-31 19:54:21 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-31 10:50:35 0 d-------- C:\Program Files\Net Studio
2008-05-31 10:44:36 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-31 08:41:17 0 d-------- C:\Documents and Settings\Public\.housecall6.6
2008-05-31 08:39:58 0 d-------- C:\WINDOWS\Sun
2008-05-31 08:39:57 0 d-------- C:\Documents and Settings\Public\Application Data\Sun
2008-05-31 08:34:49 0 d-------- C:\Program Files\Java
2008-05-31 08:24:03 0 d-------- C:\Program Files\Common Files\Java
2008-05-31 05:16:49 0 d-------- C:\Documents and Settings\Public\Application Data\Search Settings
2008-05-31 05:15:00 0 d-------- C:\Program Files\Search Settings
2008-05-31 05:06:55 44544 --a------ C:\WINDOWS\system32\GIF89.DLL <Not Verified; ; Gif89 Module>
2008-05-31 05:06:53 348160 --a------ C:\WINDOWS\system32\WMAFile.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-05-31 05:06:53 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-05-31 05:06:53 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2008-05-31 05:06:53 1212416 --a------ C:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-05-31 05:06:53 1986560 --a------ C:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-05-31 05:06:52 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-05-31 05:06:52 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-31 05:06:52 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-05-31 05:06:52 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-05-31 05:06:52 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-05-31 05:06:51 0 d-------- C:\Program Files\Free Easy Burner
2008-05-31 04:37:07 0 d-------- C:\Program Files\Common Files\L&H
2008-05-31 04:36:50 0 d-------- C:\Program Files\Microsoft.NET
2008-05-31 04:36:31 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-31 04:35:30 0 d-------- C:\Program Files\Microsoft Works
2008-05-31 04:34:46 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-31 04:27:14 0 d-------- C:\Program Files\Le Robert
2008-05-31 04:26:59 305664 --a------ C:\WINDOWS\IsUn040c.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-31 04:26:01 0 d-------- C:\Program Files\COED11
2008-05-31 04:25:19 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-31 04:25:16 0 d-------- C:\Program Files\New Khmer Dictionary
2008-05-31 04:23:33 25808 --a------ C:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-05-31 04:23:33 0 d-------- C:\LAROUSSE
2008-05-31 04:23:22 0 d-------- C:\Documents and Settings\Public\WINDOWS
2008-05-31 04:07:05 0 d-------- C:\Documents and Settings\Public\Application Data\Media Player Classic
2008-05-31 04:06:39 157696 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-31 04:06:29 568850 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-05-31 04:06:29 286720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Pro>
2008-05-31 04:06:29 1024000 --a------ C:\WINDOWS\system32\3ivx.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Pro>
2008-05-31 04:06:28 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM>
2008-05-31 04:06:27 217088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-31 04:06:27 856064 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-31 04:06:27 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-31 04:06:25 619156 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 04:06:24 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-31 04:06:22 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 04:05:33 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-05-31 04:05:32 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-05-31 04:05:31 0 d-------- C:\Program Files\PDFCreator
2008-05-31 04:04:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-31 04:03:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-29 19:52:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-29 11:40:40 0 d-------- C:\Program Files\MSXML 4.0
2008-05-29 11:06:50 0 d-------- C:\Documents and Settings\Public\Application Data\VoipStunt
2008-05-29 11:06:11 0 d-------- C:\Program Files\VoipStunt.com
2008-05-29 10:09:26 0 d-------- C:\Documents and Settings\Public\Application Data\NSeries
2008-05-29 09:44:44 0 d-------- C:\WINDOWS\network diagnostic
2008-05-29 09:21:36 0 d-------- C:\77b71b88c5deaebd98026c86806855bc
2008-05-29 08:42:36 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-29 07:26:51 0 d-------- C:\Documents and Settings\Public\Recent
2008-05-29 07:04:23 0 d-------- C:\Documents and Settings\Public\Application Data\Yahoo!
2008-05-29 07:02:24 0 d-------- C:\Program Files\Trend Micro
2008-05-29 06:53:41 68096 --a------ C:\WINDOWS\zip.exe
2008-05-29 06:53:41 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-29 06:53:41 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-29 06:53:41 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-29 06:53:41 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-29 06:53:41 98816 --a------ C:\WINDOWS\sed.exe
2008-05-29 06:53:41 80412 --a------ C:\WINDOWS\grep.exe
2008-05-29 06:53:41 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-29 06:50:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-29 06:44:17 0 d-------- C:\Program Files\Yahoo!
2008-05-28 20:30:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-28 20:30:09 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-28 20:01:48 0 d--hs---- C:\Documents and Settings\Public\UserData
2008-05-28 20:01:09 0 d-------- C:\Documents and Settings\Public\Application Data\Adobe
2008-05-28 19:59:09 0 d-------- C:\Documents and Settings\Public\Application Data\Macromedia
2008-05-28 16:45:56 0 d-------- C:\Program Files\Avira
2008-05-28 16:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-28 15:51:04 0 d-------- C:\Documents and Settings\Public\Application Data\Identities
2008-05-28 15:50:54 0 d--h----- C:\Documents and Settings\Public\Templates
2008-05-28 15:50:54 0 dr------- C:\Documents and Settings\Public\Start Menu
2008-05-28 15:50:54 0 dr-h----- C:\Documents and Settings\Public\SendTo
2008-05-28 15:50:54 0 d--h----- C:\Documents and Settings\Public\PrintHood
2008-05-28 15:50:54 2621440 --ah----- C:\Documents and Settings\Public\NTUSER.DAT
2008-05-28 15:50:54 0 d--h----- C:\Documents and Settings\Public\NetHood
2008-05-28 15:50:54 0 dr------- C:\Documents and Settings\Public\My Documents
2008-05-28 15:50:54 0 d--h----- C:\Documents and Settings\Public\Local Settings
2008-05-28 15:50:54 0 dr------- C:\Documents and Settings\Public\Favorites
2008-05-28 15:50:54 0 d-------- C:\Documents and Settings\Public\Desktop
2008-05-28 15:50:54 0 d--hs---- C:\Documents and Settings\Public\Cookies
2008-05-28 15:50:54 0 dr-h----- C:\Documents and Settings\Public\Application Data
2008-05-28 15:49:18 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-28 15:49:16 0 d-------- C:\WINDOWS\Prefetch
2008-05-28 15:49:15 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-28 15:49:14 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-28 15:49:14 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-28 15:49:14 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-28 15:49:14 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-28 15:49:14 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-28 15:48:56 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-28 15:48:56 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-28 15:48:56 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-05-28 15:48:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-28 15:48:56 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-28 15:44:58 0 d-------- C:\WINDOWS\system32\xircom
2008-05-28 15:44:57 0 d-------- C:\Program Files\microsoft frontpage
2008-05-28 15:44:40 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-28 15:44:32 0 -rahs---- C:\MSDOS.SYS
2008-05-28 15:44:32 0 -rahs---- C:\IO.SYS
2008-05-28 15:44:32 0 --a------ C:\CONFIG.SYS
2008-05-28 15:44:32 0 --a------ C:\AUTOEXEC.BAT
2008-05-28 15:43:15 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-28 15:43:03 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-28 15:43:03 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-28 15:42:49 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-28 15:42:23 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-28 15:41:47 0 d---s---- C:\WINDOWS\Tasks
2008-05-28 15:41:46 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-28 15:41:42 0 d-------- C:\WINDOWS\srchasst
2008-05-28 15:41:41 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-28 15:41:31 0 d-------- C:\Program Files\Movie Maker
2008-05-28 15:41:21 0 d-------- C:\WINDOWS\system32\Restore
2008-05-28 15:40:33 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-28 15:40:10 0 d-------- C:\WINDOWS\Registration
2008-05-28 15:40:00 0 d-------- C:\Program Files\Online Services
2008-05-28 15:39:53 0 d-------- C:\Program Files\Messenger
2008-05-28 15:39:49 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-28 15:39:05 0 d-------- C:\Program Files\Windows NT
2008-05-28 15:39:02 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-28 15:39:00 0 d-------- C:\WINDOWS\system32\Com
2008-05-28 12:14:48 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-28 11:37:23 0 d-------- C:\Documents and Settings\Public\Bluetooth Software
2008-05-28 11:35:13 0 d-------- C:\Program Files\WIDCOMM
2008-05-28 11:33:57 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-28 11:33:23 0 d-------- C:\Documents and Settings\Public\Application Data\Nokia
2008-05-28 11:33:22 0 d-------- C:\Program Files\DIFX
2008-05-28 11:33:02 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-28 11:33:02 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-28 11:32:51 0 d-------- C:\Documents and Settings\Public\Application Data\PC Suite
2008-05-28 11:32:46 0 d-------- C:\Program Files\PC Connectivity Solution
2008-05-28 11:32:41 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-28 11:32:38 0 d-------- C:\Program Files\Nokia
2008-05-28 11:31:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-28 10:39:42 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-05-28 10:39:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-28 10:34:57 0 d-------- C:\Documents and Settings\Public\Application Data\Intel
2008-05-28 10:34:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-28 10:33:13 1671168 --a------ C:\WINDOWS\system32\W29MLRES.DLL <Not Verified; Intel Corporation; Intel® PRO/Wireless 2915ABG Network Connection>
2008-05-28 09:40:32 0 d-------- C:\Program Files\TrueCrypt
2008-05-28 09:40:19 0 d-------- C:\Documents and Settings\Public\Application Data\TrueCrypt
2008-05-28 09:17:29 0 d-------- C:\Documents and Settings\Public\Application Data\Help
2008-05-28 09:15:52 0 d-------- C:\Program Files\ltmoh
2008-05-28 09:15:35 0 d-------- C:\WINDOWS\Options
2008-05-28 09:14:31 0 d-------- C:\Program Files\ATI Technologies
2008-05-28 09:09:30 0 d-------- C:\Program Files\Intel
2008-05-28 09:08:52 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-28 09:06:34 0 d-------- C:\Program Files\SRS Labs
2008-05-28 09:05:46 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-05-28 09:05:46 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-05-28 09:05:45 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-05-28 09:05:45 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-05-28 09:05:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-28 09:05:45 0 d-------- C:\Program Files\Analog Devices
2008-05-28 09:05:36 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-28 08:48:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-28 08:48:36 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-28 08:48:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-28 08:48:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-28 08:48:36 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-28 08:48:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-28 08:48:36 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-28 08:48:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-28 08:48:36 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-28 08:48:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-28 08:48:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-28 08:48:35 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-28 08:48:35 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-28 08:48:35 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-28 08:33:40 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-28 08:33:40 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-28 08:33:40 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-28 08:33:40 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-28 08:33:40 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-28 08:33:40 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-28 08:33:40 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-28 08:33:40 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-28 08:33:40 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-28 08:33:40 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-28 08:33:40 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-28 08:33:40 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-28 08:33:40 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-28 08:33:40 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-28 08:33:40 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-28 08:33:40 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-28 08:33:09 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-28 08:33:09 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-28 08:33:08 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-28 08:33:08 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-28 08:27:51 0 d--hs---- C:\WINDOWS\Installer
2008-05-28 08:27:50 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-28 08:27:44 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-28 08:27:43 0 dr------- C:\Program Files
2008-05-28 08:27:43 0 d-------- C:\Program Files\Common Files
2008-05-28 08:26:47 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-28 08:26:47 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-28 08:25:28 0 d-------- C:\Documents and Settings
2008-05-28 08:25:27 0 d--hs---- C:\System Volume Information
2008-05-28 08:06:05 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\WinSxS
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\twain_32
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\usmt
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\oobe
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\mui
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\IME
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\export
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\3076
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\2052
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1054
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1042
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1041
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1037
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1033
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1031
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1028
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1025
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\Resources
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\Provisioning
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\PeerNet
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\pchealth
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\mui
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\msapps
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\ime
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\ehome
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\Debug
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\AppPatch
2008-05-27 12:42:00 0 d-------- C:\WINDOWS
2008-05-27 12:42:00 0 dr------- C:\WINDOWS\Web
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\wins
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\wbem
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\spool
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\Setup
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\ras
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\npp
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\ias
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\drivers
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-27 12:42:00 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\config
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\security
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\repair
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\msagent
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Media
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\java
2008-05-27 12:42:00 0 d--h----- C:\WINDOWS\inf
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Help
2008-05-27 12:42:00 0 dr--s---- C:\WINDOWS\Fonts
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Driver Cache
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Cursors
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Config
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-05-28 08:33:40 62 --ahs---- C:\Documents and Settings\Public\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-04-16 17:56 1107296 --a------ C:\Program Files\Search Settings\kb127\SearchSettings.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 19:01 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 17:37]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 07:30]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-04-16 17:56]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 12:26]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
"Le Petit Robert Hyperappel"="C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 12:11]
"USBFireWall"="C:\Program Files\Net Studio\USB_FW.exe" [2008-03-22 00:11]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-01 00:49]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-06-02 08:49]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-01 00:49 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-01 00:49 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5005506-2d0e-11dd-bd34-9d59d375d30a}]
AutoRun\command- adb.com
explore\Command- adb.com
open\Command- adb.com




-- End of Deckard's System Scanner: finished at 2008-06-04 07:26:59 ------------



DSS extra


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.86GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 510.17 MiB / 144.59 MiB
Pagefile Memory (total/avail): 1248.35 MiB / 733.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.36 MiB

C: is Fixed (NTFS) - 48.83 GiB total, 42.14 GiB free.
D: is Fixed (NTFS) - 37.08 GiB total, 10 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2100AT - 85.91 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 48.83 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 37.08 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Public\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VAUNG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Public
LOGONSERVER=\\VAUNG
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Public\LOCALS~1\Temp
TMP=C:\DOCUME~1\Public\LOCALS~1\Temp
USERDOMAIN=VAUNG
USERNAME=Public
USERPROFILE=C:\Documents and Settings\Public
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Public (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD4F051C-1A2B-4A91-B187-B093C597418C}\setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Concise Oxford English Dictionary (Eleventh Edition) --> C:\Program Files\COED11\Uninstal.exe
Désinstaller Le Petit Robert de la langue française --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Le Robert\Le Petit Robert\Uninst.isu"
Free Easy Burner V 3.8 --> "C:\Program Files\Free Easy Burner\unins000.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
K-Lite Codec Pack 2.72 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{7CD7A451-7224-49C8-95EF-9A1859C66607}
New Khmer Dictionary --> C:\WINDOWS\unvise32.exe C:\Program Files\New Khmer Dictionary\uninstal.log
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia NSeries Application Installer --> MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5}
Nokia NSeries Content Copier --> MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}
Nokia NSeries System Utilities --> MsiExec.exe /X{F1932E56-8A95-40E0-A15B-E06B45969845}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_fre_web.exe
Nokia PC Suite --> MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}
Nokia Software Launcher --> MsiExec.exe /I{B53F4598-B3D9-41DF-911E-523FA91EE464}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
Search Settings 1.2 --> MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
SENS LT56ADW Modem --> agrsmdel
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SUPERAntiSpyware Free Edition --> MsiExec.exe /
  • 0

#9
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey samsungR50,

Extra log got cut off. Could you please re-post extra.txt, you should be able to find it in C:\Deckard.
Thanks.
  • 0

#10
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello... sorry for that... here is the file...



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.86GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 510.17 MiB / 144.59 MiB
Pagefile Memory (total/avail): 1248.35 MiB / 733.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.36 MiB

C: is Fixed (NTFS) - 48.83 GiB total, 42.14 GiB free.
D: is Fixed (NTFS) - 37.08 GiB total, 10 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2100AT - 85.91 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 48.83 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 37.08 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Public\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VAUNG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Public
LOGONSERVER=\\VAUNG
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Public\LOCALS~1\Temp
TMP=C:\DOCUME~1\Public\LOCALS~1\Temp
USERDOMAIN=VAUNG
USERNAME=Public
USERPROFILE=C:\Documents and Settings\Public
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Public (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD4F051C-1A2B-4A91-B187-B093C597418C}\setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Concise Oxford English Dictionary (Eleventh Edition) --> C:\Program Files\COED11\Uninstal.exe
Désinstaller Le Petit Robert de la langue française --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Le Robert\Le Petit Robert\Uninst.isu"
Free Easy Burner V 3.8 --> "C:\Program Files\Free Easy Burner\unins000.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
K-Lite Codec Pack 2.72 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{7CD7A451-7224-49C8-95EF-9A1859C66607}
New Khmer Dictionary --> C:\WINDOWS\unvise32.exe C:\Program Files\New Khmer Dictionary\uninstal.log
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia NSeries Application Installer --> MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5}
Nokia NSeries Content Copier --> MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}
Nokia NSeries System Utilities --> MsiExec.exe /X{F1932E56-8A95-40E0-A15B-E06B45969845}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_fre_web.exe
Nokia PC Suite --> MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}
Nokia Software Launcher --> MsiExec.exe /I{B53F4598-B3D9-41DF-911E-523FA91EE464}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
Search Settings 1.2 --> MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
SENS LT56ADW Modem --> agrsmdel
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TrueCrypt --> "C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
USB FireWall --> "C:\Program Files\InstallShield Installation Information\{104C20FA-8F42-4958-B746-2A043DE1ECBF}\setup.exe" -runfromtemp -l0x0009 -removeonly
VoipStunt --> "C:\Program Files\VoipStunt.com\VoipStunt\unins000.exe"
WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WOW XT and TSXT Filter Driver --> MsiExec.exe /X{AAB9478F-DE6B-498B-9420-21E1F1AC700D}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type575 / Warning
Event Submitted/Written: 06/04/2008 06:39:53 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W95/Blumblebee.1738C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll

Event Record #/Type491 / Warning
Event Submitted/Written: 05/31/2008 11:53:17 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W95/Blumblebee.1738C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll

Event Record #/Type490 / Warning
Event Submitted/Written: 05/31/2008 11:52:05 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W95/Blumblebee.1738C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll

Event Record #/Type489 / Warning
Event Submitted/Written: 05/31/2008 11:51:03 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W95/Blumblebee.1738C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll

Event Record #/Type488 / Warning
Event Submitted/Written: 05/31/2008 11:26:33 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W95/Blumblebee.1738C:\Program Files\Panda Security\ActiveScan 2.0\SETF6.tmp



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1712 / Warning
Event Submitted/Written: 06/02/2008 10:12:13 AM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type1704 / Error
Event Submitted/Written: 06/02/2008 06:07:38 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type1703 / Error
Event Submitted/Written: 06/02/2008 06:07:38 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type1702 / Error
Event Submitted/Written: 06/02/2008 06:07:38 AM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type1676 / Warning
Event Submitted/Written: 06/01/2008 10:59:21 AM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.



-- End of Deckard's System Scanner: finished at 2008-06-04 07:26:59 ------------
  • 0

Advertisements


#11
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Thank you for the log. :)

Ok...

First, please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impot...gnerADP-1.1.cab

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Next,

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 3
Search Settings 1.2


Please note any other programs that you dont recognize in that list in your next response

Then,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Search Settings
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5005506-2d0e-11dd-bd34-9d59d375d30a}]

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot your computer

Finally,

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.

When done, please post back with a new HijackThis log.
  • 0

#12
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello... here are the results after performing as per your instructions.

Thank you.

1. OTMoveIt2

File/Folder C:\Program Files\Search Settings not found.
< [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5005506-2d0e-11dd-bd34-9d59d375d30a}] >
File/Folder [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5005506-2d0e-11dd-bd34-9d59d375d30a}] not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06052008_065115


2. HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:27, on 2008-06-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Net Studio\USB_FW.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [USBFireWall] C:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCB9F5A8-DACC-4E71-8ADD-5716DD651582}: NameServer = 202.56.215.6,202.56.230.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8388 bytes
  • 0

#13
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Looks good. :)

Next,

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#14
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello... here are the reports:

Thank you...

1. Combofix

ComboFix 08-06-05.3 - Public 2008-06-06 6:52:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.181 [GMT -7:00]
Running from: C:\Documents and Settings\Public\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-05 07:20 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-05 07:19 . 2008-06-05 07:20 <DIR> d-------- C:\Program Files\Java
2008-06-05 07:19 . 2008-06-05 07:19 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-05 06:51 . 2008-06-05 06:51 <DIR> d-------- C:\_OTMoveIt
2008-06-04 07:19 . 2008-06-04 07:19 <DIR> d-------- C:\Deckard
2008-06-02 10:52 . 2008-06-02 10:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-31 22:21 . 2008-06-05 07:13 <DIR> d-------- C:\Program Files\Panda Security
2008-05-31 21:04 . 2008-06-06 06:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-31 21:04 . 2008-06-06 06:47 <DIR> d-------- C:\Documents and Settings\Public\Application Data\SUPERAntiSpyware.com
2008-05-31 21:04 . 2008-05-31 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-31 19:57 . 2008-05-31 19:57 <DIR> d-------- C:\Documents and Settings\Public\Application Data\Malwarebytes
2008-05-31 19:57 . 2008-05-31 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 19:54 . 2008-05-31 19:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-31 08:41 . 2008-05-31 10:39 <DIR> d-------- C:\Documents and Settings\Public\.housecall6.6
2008-05-31 08:39 . 2008-05-31 08:39 <DIR> d-------- C:\WINDOWS\Sun
2008-05-31 08:38 . 2004-08-03 12:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-31 05:21 . 2008-06-04 09:01 144 --a------ C:\WINDOWS\PR1V2.INI
2008-05-31 05:06 . 2008-05-31 05:21 <DIR> d-------- C:\Program Files\Free Easy Burner
2008-05-31 04:38 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-31 04:38 . 2008-05-31 04:38 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-31 04:37 . 2008-05-31 04:37 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-05-31 04:36 . 2008-05-31 04:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-31 04:36 . 2008-05-31 04:36 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-31 04:35 . 2008-05-31 04:35 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-31 04:34 . 2008-05-31 04:36 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-31 04:27 . 2008-05-31 04:27 <DIR> d-------- C:\Program Files\Le Robert
2008-05-31 04:26 . 2008-05-31 04:26 <DIR> d-------- C:\Program Files\COED11
2008-05-31 04:26 . 1998-01-23 13:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
2008-05-31 04:25 . 2008-05-31 04:25 <DIR> d-------- C:\Program Files\New Khmer Dictionary
2008-05-31 04:25 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-05-31 04:25 . 2008-06-01 01:28 89 --a------ C:\WINDOWS\system32\VGAD3.VXD
2008-05-31 04:25 . 1995-05-10 10:02 89 --a------ C:\WINDOWS\system32\SYSTHK.DLX
2008-05-31 04:25 . 2003-03-19 12:26 89 --a------ C:\WINDOWS\system\VGAD3.VXD
2008-05-31 04:25 . 1995-05-10 10:02 89 --a------ C:\WINDOWS\system\SYSTHK.DLX
2008-05-31 04:24 . 2008-05-31 04:24 380 --a------ C:\WINDOWS\vw.ini
2008-05-31 04:23 . 2008-05-31 04:23 <DIR> d-------- C:\LAROUSSE
2008-05-31 04:23 . 2008-05-31 04:23 <DIR> d-------- C:\Documents and Settings\Public\WINDOWS
2008-05-31 04:23 . 1995-12-18 03:02 34,620 --a------ C:\WINDOWS\system\LAIPAREG.TTF
2008-05-31 04:23 . 1994-08-22 22:36 25,808 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2008-05-31 04:23 . 2008-05-31 04:23 1,409 --a------ C:\WINDOWS\system\LAIPAREG.FOT
2008-05-31 04:23 . 2008-05-31 04:24 866 --a------ C:\WINDOWS\LAROUSSE.INI
2008-05-31 04:07 . 2008-05-31 04:07 <DIR> d-------- C:\Documents and Settings\Public\Application Data\Media Player Classic
2008-05-31 04:06 . 2008-05-31 04:06 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 04:05 . 2008-05-31 04:06 <DIR> d-------- C:\Program Files\PDFCreator
2008-05-31 04:05 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-05-31 04:05 . 2004-03-09 01:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-05-31 04:05 . 1998-06-24 01:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-05-31 04:05 . 2001-10-28 17:42 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-05-31 04:05 . 1998-07-06 01:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-05-31 04:03 . 2008-05-31 04:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-30 06:44 . 2008-03-01 06:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-30 06:44 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-30 06:44 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-30 06:44 . 2008-03-01 06:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-30 06:44 . 2008-03-01 06:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-30 06:44 . 2008-03-01 06:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-30 06:44 . 2008-03-01 06:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-30 06:44 . 2008-03-01 06:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-30 06:44 . 2008-02-22 03:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-29 11:40 . 2008-05-29 11:40 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-29 11:06 . 2008-05-29 11:06 <DIR> d-------- C:\Program Files\VoipStunt.com
2008-05-29 11:06 . 2008-05-31 05:35 <DIR> d-------- C:\Documents and Settings\Public\Application Data\VoipStunt
2008-05-29 10:09 . 2008-05-29 10:09 <DIR> d-------- C:\Documents and Settings\Public\Application Data\NSeries
2008-05-29 09:21 . 2008-05-29 09:21 <DIR> d-------- C:\77b71b88c5deaebd98026c86806855bc
2008-05-29 08:42 . 2008-05-29 08:42 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-29 07:04 . 2008-05-31 10:42 <DIR> d-------- C:\Documents and Settings\Public\Application Data\Yahoo!
2008-05-29 07:02 . 2008-06-01 01:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-29 06:50 . 2008-05-31 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-29 06:44 . 2008-05-31 19:11 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-28 20:30 . 2008-05-30 08:21 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-28 20:30 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-28 20:01 . 2008-05-28 20:01 <DIR> d--hs---- C:\Documents and Settings\Public\UserData
2008-05-28 16:48 . 2006-05-17 11:03 44,544 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2008-05-28 16:45 . 2008-05-28 16:45 <DIR> d-------- C:\Program Files\Avira
2008-05-28 16:45 . 2008-05-28 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-28 16:35 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-28 12:14 . 2008-05-31 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-28 11:37 . 2008-05-28 11:37 <DIR> d-------- C:\Documents and Settings\Public\Bluetooth Software
2008-05-28 11:37 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-28 11:37 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-28 11:36 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-28 11:36 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-28 11:35 . 2008-05-28 11:35 <DIR> d-------- C:\Program Files\WIDCOMM
2008-05-28 11:35 . 2007-02-27 11:02 868,042 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2008-05-28 11:35 . 2007-01-24 11:33 530,861 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2008-05-28 11:35 . 2006-10-15 10:01 149,123 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys
2008-05-28 11:35 . 2006-10-15 10:04 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll
2008-05-28 11:35 . 2007-01-24 11:27 67,960 --a------ C:\WINDOWS\system32\drivers\btwusb.sys
2008-05-28 11:35 . 2006-11-28 08:48 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2008-05-28 11:35 . 2006-10-09 18:00 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys
2008-05-28 11:35 . 2006-10-15 09:59 30,285 --a------ C:\WINDOWS\system32\drivers\btwmodem.sys
2008-05-28 11:33 . 2008-05-28 11:33 <DIR> d-------- C:\Program Files\DIFX
2008-05-28 11:33 . 2008-05-28 11:33 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-28 11:33 . 2008-05-28 11:33 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-28 11:33 . 2008-05-28 12:51 <DIR> d-------- C:\Documents and Settings\Public\Application Data\Nokia
2008-05-28 11:33 . 2008-05-28 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-28 11:32 . 2008-05-28 11:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-28 11:32 . 2008-05-28 11:32 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-28 11:32 . 2008-05-28 12:50 <DIR> d-------- C:\Program Files\Nokia
2008-05-28 11:32 . 2008-05-28 11:43 <DIR> d-------- C:\Documents and Settings\Public\Application Data\PC Suite
2008-05-28 11:32 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-05-28 11:32 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-28 11:32 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-28 11:32 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-05-28 11:32 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-05-28 11:32 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-05-28 11:31 . 2008-05-28 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-28 10:39 . 2008-05-28 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-28 10:39 . 2004-08-12 08:44 234,496 --a------ C:\WINDOWS\system32\drivers\iwca.sys
2008-05-28 10:39 . 2008-05-28 10:39 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-28 10:39 . 2004-08-12 08:44 16,384 --a------ C:\WINDOWS\system32\iwca.dll
2008-05-28 10:34 . 2008-05-28 10:40 <DIR> d-------- C:\Documents and Settings\Public\Application Data\Intel
2008-05-28 10:34 . 2008-05-28 10:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-28 10:34 . 2004-08-12 08:43 21,504 --a------ C:\WINDOWS\system32\drivers\iwca2k.sys
2008-05-28 10:34 . 2004-08-11 19:55 3,101 --a------ C:\WINDOWS\system32\drivers\netsiwca.inf
2008-05-28 10:34 . 2004-08-11 19:55 1,960 --a------ C:\WINDOWS\system32\drivers\netiwca.inf
2008-05-28 10:33 . 2005-05-31 22:46 1,671,168 --a------ C:\WINDOWS\system32\W29MLRES.DLL
2008-05-28 10:33 . 2005-06-03 09:20 13 --a------ C:\WINDOWS\system32\drivers\verfile.tic
2008-05-28 09:40 . 2008-05-28 09:40 <DIR> d-------- C:\Program Files\TrueCrypt
2008-05-28 09:40 . 2008-05-28 09:41 <DIR> d-------- C:\Documents and Settings\Public\Application Data\TrueCrypt
2008-05-28 09:40 . 2008-05-28 09:40 223,424 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2008-05-28 09:36 . 2008-05-28 09:36 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-05-28 09:35 . 2008-05-28 09:35 22 --a------ C:\WINDOWS\system32\ati64hl2.stb
2008-05-28 09:15 . 2008-05-28 09:15 <DIR> d-------- C:\WINDOWS\Options
2008-05-28 09:15 . 2008-05-28 09:15 <DIR> d-------- C:\Program Files\ltmoh

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 22:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-03_ 9.30.50.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 16:27:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 13:50:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-04-13 09:19:56 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 08:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-04-13 09:20:04 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 08:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-04-13 10:48:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 09:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 12:26 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"Le Petit Robert Hyperappel"="C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 12:11 22560]
"USBFireWall"="C:\Program Files\Net Studio\USB_FW.exe" [ ]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48 1388544]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 19:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 17:37 184320]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50 356352]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 07:30 3096576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=

R3 wowfilter;WOW XT Filter Driver;C:\WINDOWS\system32\drivers\wowfilter.sys [2005-06-08 16:58]
S3 ADDMEM;ADDMEM;C:\DOCUME~1\Public\LOCALS~1\Temp\__Samsung_Update\ADDMEM.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5005506-2d0e-11dd-bd34-9d59d375d30a}]
\Shell\AutoRun\command - adb.com
\Shell\explore\Command - adb.com
\Shell\open\Command - adb.com

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 06:53:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Le Petit Robert Hyperappel = C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe??????????????????????????????????????????????????????????????????????????????????\???????????hE??????????\??? /??\??????????????????????|? ??\???Q??|x???m??|????????\???n??|Z????????????,K?????!??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-06 6:54:36
ComboFix-quarantined-files.txt 2008-06-06 13:54:33
ComboFix2.txt 2008-06-03 16:31:16
ComboFix3.txt 2008-05-29 13:55:49

Pre-Run: 45,142,802,432 bytes free
Post-Run: 45,218,525,184 bytes free

219 --- E O F --- 2008-06-01 08:31:31


2. HJThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:36, on 2008-06-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [USBFireWall] C:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCB9F5A8-DACC-4E71-8ADD-5716DD651582}: NameServer = 202.56.215.6,202.56.230.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8408 bytes
  • 0

#15
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Looks goods...

Next,

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Then,

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP