Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

imapi.exe being a butt [RESOLVED]

Started by Hamze , Jun 01 2008 09:15 AM

  • This topic is locked This topic is locked

#1
Hamze
Posted 01 June 2008 - 09:15 AM

Hamze

    Member

  • Member
  • PipPipPip
  • 103 posts
Lately, I've noticed explorer.exe going on and off. I opened Task Manager and noticed that whenever explorer.exe is running in the background, imapi.exe would appear. I've also noticed that when imapi.exe closes, so does explorer.exe. This happens within seconds. I could be setting up how Search will search, and before it starts searching, it would close. This happens with everything that explorer.exe controls.

I've got both Spydot, Avira AntiVir Personal Edition(I think that's what it's called) and Ad-Aware.

Here is the logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:24 AM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF
968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotDeletingA2640] command /c del "C:\WINDOWS\system32\awvvv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1974] cmd /c del "C:\WINDOWS\system32\awvvv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7997] command /c del "C:\WINDOWS\system32\awvvw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8974] cmd /c del "C:\WINDOWS\system32\awvvw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4176] command /c del "C:\WINDOWS\system32\ddaby.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3802] cmd /c del "C:\WINDOWS\system32\ddaby.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6287] command /c del "C:\WINDOWS\system32\ddayv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4459] cmd /c del "C:\WINDOWS\system32\ddayv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\MOE\Application Data\Microsoft\Windows\swyhbv.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\MOE\Application Data\SpeedRunner\SpeedRunner.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MOE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4...._1071_em_XP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsy.html
O24 - Desktop Component 1: (no name) - http://65.54.175.250...be371b58d41cd0c

--
End of file - 9981 bytes
  • 0

Advertisements

#2
BHowett
Posted 05 June 2008 - 08:11 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

The fixes may take several attempts and my replies may take some time but stick with it, and we will be sure to get you sorted.

I am looking over you log now, and I will post your first set of instructions shortly. :)
  • 0

#3
BHowett
Posted 05 June 2008 - 10:08 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Hamze,

Looks like we have some infections trying to hide from us, but don’t worry we will get it… :)


Disable Teatimer

Please disable Teatimer as it may interfere with the fix.

First:
*Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
*Choose Exit Spybot S&D Resident

Second:
*Open Spybot S&D
*Click Mode, check Advanced Mode
*Go To Left Panel, Click Tools, then also in left panel, click Resident
*If your firewall raises a question, say OK
*Uncheck the box labeled Resident Tea-Timer and OK any prompts.
*Use File, Exit to terminate Spybot
*Reboot your machine for the changes to take effect.

Once your log is clean you can re-enable those settings.

===============================================

ComboFix

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


===============================================


Deckard's System Scanner

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


===============================================


Needed in your next reply:

"C:\ComboFix.txt"

Deckard's System Scanner main.txt and extra.txt

*NOTE* The logs will be long, so you may have to post them in more then one reply.
  • 0

#4
Hamze
Posted 05 June 2008 - 04:03 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Thanks for replying.

There was an error somewhere. I got a prompt that said something like this:
"Please help us improve HijackThis by reporting this error

Click "Yes" to submit

Error details:
An unexpected error occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)
Error #5 - Invalid procedure call or argument

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.11
HijackThis version: 2.0.2

I went ahead and clicked Yes.

Here's the report from Combofix:

ComboFix 08-06-05.3 - MOE 2008-06-05 16:20:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.293 [GMT -4:00]
Running from: C:\Documents and Settings\MOE\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\52B0~1\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\Tem6E3.tmp
C:\Documents and Settings\All Users\Application Data\Starware337
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware337\images\clear.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\cloudy.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\foggy.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\haze.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\mcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\na.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\nclear.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\ncloudy.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\nfoggy.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\nmcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\npcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\nrain.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\nsnow.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\pcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\rain.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\snow.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\walert.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\Tem1C78.tmp
C:\Documents and Settings\All Users\Application Data\Starware337\Tem406.tmp
C:\Documents and Settings\All Users\Application Data\Starware337\Tem4EA.tmp
C:\Documents and Settings\All Users\Application Data\Starware337\Tem55B.tmp
C:\Documents and Settings\All Users\Application Data\Starware337\Tem61F.tmp
C:\Documents and Settings\All Users\Application Data\Starware337\Tem8D6.tmp
C:\Documents and Settings\All Users\Application Data\Starware337\Tem96D.tmp
C:\Documents and Settings\All Users\Application Data\Starware337\TemA27.tmp
C:\Documents and Settings\All Users\Application Data\Starware337\TemA43.tmp
C:\Documents and Settings\All Users\Application Data\Starware337\TemC4.tmp
C:\Documents and Settings\All Users\Application Data\Starware337\TemC6.tmp
C:\Documents and Settings\All Users\Application Data\Starware337\TemF8B.tmp
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
C:\Documents and Settings\HAMDA & HASSAN\Application Data\ICROSO~1
C:\Documents and Settings\HAMDA & HASSAN\Application Data\MCROSO~1
C:\Documents and Settings\HAMDA & HASSAN\Application Data\RACLE~1
C:\Documents and Settings\HAMDA & HASSAN\Application Data\ShoppingReport
C:\Documents and Settings\HAMDA & HASSAN\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\HAMDA & HASSAN\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\HAMDA & HASSAN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\HAMDA & HASSAN\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Layouts\PreferencesLayout.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Layouts\WeatherLayout.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Layouts\WeatherLayout.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Tem30D.tmp
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\Games\GamesOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\Games\GamesOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\Games\images\active\Games0.bmp
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\Movies\images\active\Movies0.bmp
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\Movies\MoviesOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\Recipes\RecipesOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\Tem18.tmp
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Starware337\TemB1.tmp
C:\Documents and Settings\HAMDA & HASSAN\Application Data\SystemDoctor Free
C:\Documents and Settings\HAMDA & HASSAN\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\HAMDA & HASSAN\Application Data\WinTouch
C:\Documents and Settings\HAMDA & HASSAN\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\HAMDA & HASSAN\Application Data\WNSXS~1
C:\Documents and Settings\HAMDA & HASSAN\Application Data\WNSXS~1\W?nSxS\
C:\Documents and Settings\HAMDA & HASSAN\Application Data\YSTEM~1
C:\Documents and Settings\HAMDA & HASSAN\err.log
C:\Documents and Settings\HAMDA & HASSAN\ResErrors.log
C:\Documents and Settings\HASSAN\Application Data\ShoppingReport
C:\Documents and Settings\HASSAN\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\HASSAN\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\HASSAN\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\HASSAN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\HASSAN\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\HASSAN\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\HASSAN\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\HASSAN\Application Data\Starware316
C:\Documents and Settings\HASSAN\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\HASSAN\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\HASSAN\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\HASSAN\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware337
C:\Documents and Settings\HASSAN\Application Data\Starware337\Games\GamesOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware337\Games\GamesOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware337\Games\images\active\Games0.bmp
C:\Documents and Settings\HASSAN\Application Data\Starware337\Movies\images\active\Movies0.bmp
C:\Documents and Settings\HASSAN\Application Data\Starware337\Movies\MoviesOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware337\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware337\Recipes\RecipesOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\HASSAN\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\HASSAN\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\HASSAN\Application Data\SystemDoctor Free
C:\Documents and Settings\HASSAN\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\HASSAN\Application Data\WinTouch
C:\Documents and Settings\HASSAN\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\HASSAN\err.log
C:\Documents and Settings\HASSAN\ResErrors.log
C:\Documents and Settings\MOE\Application Data\PPATCH~1
C:\Documents and Settings\MOE\Application Data\ShoppingReport
C:\Documents and Settings\MOE\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\MOE\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\MOE\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\MOE\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\MOE\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\MOE\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\MOE\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\MOE\Application Data\SpeedRunner
C:\Documents and Settings\MOE\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\MOE\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\MOE\Application Data\Starware316
C:\Documents and Settings\MOE\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\MOE\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\MOE\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\MOE\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\MOE\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\MOE\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\Tem2FE.tmp
C:\Documents and Settings\MOE\Application Data\Starware316\Tem8D.tmp
C:\Documents and Settings\MOE\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\MOE\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware337
C:\Documents and Settings\MOE\Application Data\Starware337\Games\GamesOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware337\Games\GamesOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware337\Games\images\active\Games0.bmp
C:\Documents and Settings\MOE\Application Data\Starware337\Movies\images\active\Movies0.bmp
C:\Documents and Settings\MOE\Application Data\Starware337\Movies\MoviesOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware337\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware337\Recipes\RecipesOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\MOE\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\MOE\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\MOE\Application Data\Starware337\Tem1439.tmp
C:\Documents and Settings\MOE\Application Data\Starware337\Tem3DD.tmp
C:\Documents and Settings\MOE\Application Data\Starware337\Tem484.tmp
C:\Documents and Settings\MOE\Application Data\Starware337\Tem722.tmp
C:\Documents and Settings\MOE\Application Data\SystemDoctor Free
C:\Documents and Settings\MOE\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\MOE\Application Data\WinAntiSpyware 2006
C:\Documents and Settings\MOE\Application Data\WinAntiSpyware 2006\Logs\update.log
C:\Documents and Settings\MOE\Application Data\WinTouch
C:\Documents and Settings\MOE\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\MOE\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\MOE\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\MOE\lsass.exe
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\fnts~1\nopdb.exe
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\SystemDoctor
C:\Program Files\Common Files\SystemDoctor\err.log
C:\Program Files\Common Files\ymbols~1
C:\Program Files\dobe~1
C:\Program Files\MSN Gaming Zone\lavu917.dll
C:\Program Files\MSN Gaming Zone\profsy.html
C:\Program Files\video activex object
C:\Program Files\video activex object\ot.ico
C:\Program Files\video activex object\ts.ico
C:\WA6P
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\b157.exe
C:\WINDOWS\b999.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\mantec~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\racle~1
C:\WINDOWS\sembly~1
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adqjqgin.ini
C:\WINDOWS\system32\ahbfwtvb.ini
C:\WINDOWS\system32\ajduumsx.ini
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\atagweov.ini
C:\WINDOWS\system32\awttqppm.dll
C:\WINDOWS\system32\awtUnNDw.dll
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.bak2
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\chyexmmg.ini
C:\WINDOWS\system32\ckcxongw.ini
C:\WINDOWS\system32\csivmqip.ini
C:\WINDOWS\system32\cskwchaq.ini
C:\WINDOWS\system32\dgyeyosq.ini
C:\WINDOWS\system32\djxqqyej.ini
C:\WINDOWS\system32\dkfjeaqk.ini
C:\WINDOWS\system32\dpbjcyyn.ini
C:\WINDOWS\system32\efcYoNGy.dll
C:\WINDOWS\system32\epjnevxa.ini
C:\WINDOWS\system32\epjxboxs.ini
C:\WINDOWS\system32\fdjhedkt.ini
C:\WINDOWS\system32\felpohif.ini
C:\WINDOWS\system32\ffjnkuuc.ini
C:\WINDOWS\system32\fjvpmpvi.ini
C:\WINDOWS\system32\fncwojgu.ini
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\foiamfyp.ini
C:\WINDOWS\system32\ftknjiqt.ini
C:\WINDOWS\system32\fvwtyaal.ini
C:\WINDOWS\system32\gcmrvcxo.ini
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\gphtpivq.ini
C:\WINDOWS\system32\gtrfahxm.ini
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hpoatdsk.ini
C:\WINDOWS\system32\ihhkj.bak1
C:\WINDOWS\system32\ihhkj.bak2
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\iiffgfd.dll
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ikusiwnb.ini
C:\WINDOWS\system32\ilkkj.bak1
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilrujxkn.ini
C:\WINDOWS\system32\jebokqdu.ini
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkkife.dll
C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\joauvshb.ini
C:\WINDOWS\system32\jqyowagu.ini
C:\WINDOWS\system32\kcrugihi.ini
C:\WINDOWS\system32\kgxgxhhj.ini
C:\WINDOWS\system32\khrfnyre.ini
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\klnmp.tmp
C:\WINDOWS\system32\kpkfosdd.ini
C:\WINDOWS\system32\ksbwgjck.ini
C:\WINDOWS\system32\ksdmdsyd.ini
C:\WINDOWS\system32\kxwfmifx.ini
C:\WINDOWS\system32\lcyqpbnv.ini
C:\WINDOWS\system32\lingxaqw.ini
C:\WINDOWS\system32\lnaccess.exe
C:\WINDOWS\system32\luxckjbx.ini
C:\WINDOWS\system32\magwlkdh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfwntiss.ini
C:\WINDOWS\system32\mlJBQKCU.dll
C:\WINDOWS\system32\mlJBSmKD.dll
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\mqojrslp.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ndumroff.ini
C:\WINDOWS\system32\ngflpieu.ini
C:\WINDOWS\system32\nmllm.bak1
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nnnoOffe.dll
C:\WINDOWS\system32\nsfgimor.ini
C:\WINDOWS\system32\nsinet.exe
C:\WINDOWS\system32\ofrdcojr.dll
C:\WINDOWS\system32\oguiqpje.ini
C:\WINDOWS\system32\opdphofl.ini
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\payphdoe.ini
C:\WINDOWS\system32\phjmbdvn.ini
C:\WINDOWS\system32\pmmmewog.ini
C:\WINDOWS\system32\psafvome.ini
C:\WINDOWS\system32\pstwa.bak1
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\qdizfmbvqm.dat
C:\WINDOWS\system32\qdizfmbvqm.exe
C:\WINDOWS\system32\qdizfmbvqm_nav.dat
C:\WINDOWS\system32\qdizfmbvqm_navps.dat
C:\WINDOWS\system32\qhehwxfo.ini
C:\WINDOWS\system32\qmvdfbfn.ini
C:\WINDOWS\system32\qnsoadsr.dll
C:\WINDOWS\system32\qpqss.bak1
C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\qpqss.tmp
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\rdyqchle.ini
C:\WINDOWS\system32\rgiaewod.ini
C:\WINDOWS\system32\rhybvnug.ini
C:\WINDOWS\system32\rlvtbbpm.ini
C:\WINDOWS\system32\romigfsn.dll
C:\WINDOWS\system32\rsdaosnq.ini
C:\WINDOWS\system32\rwryrdam.ini
C:\WINDOWS\system32\rynslpnl.ini
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\sfbeswtu.dll
C:\WINDOWS\system32\soygsprx.dll
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\ssitnwfm.dll
C:\WINDOWS\system32\ssqnmki.dll
C:\WINDOWS\system32\ssqqpop.dll
C:\WINDOWS\system32\ssyujfyv.ini
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\stmstdxk.ini
C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\svFeNXyb.ini
C:\WINDOWS\system32\svFeNXyb.ini2
C:\WINDOWS\system32\thswbqex.ini
C:\WINDOWS\system32\tjeguvqm.ini
C:\WINDOWS\system32\tqjhwhun.ini
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ugkrngnw.ini
C:\WINDOWS\system32\urqnopq.dll
C:\WINDOWS\system32\utwsebfs.ini
C:\WINDOWS\system32\vinntyeh.ini
C:\WINDOWS\system32\vtustqp.dll
C:\WINDOWS\system32\vtuvsrp.dll
C:\WINDOWS\system32\vvvwa.bak1
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\wbrpniwq.ini
C:\WINDOWS\system32\wfqdmahn.ini
C:\WINDOWS\system32\winlogo.exe
C:\WINDOWS\system32\wnsinticomsv.exe
C:\WINDOWS\system32\wvUnnoMg.dll
C:\WINDOWS\system32\wvuvvvu.dll
C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\xbeeg.bak1
C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xkcnbxlp.ini
C:\WINDOWS\system32\xrpsgyos.ini
C:\WINDOWS\system32\xxywwxu.dll
C:\WINDOWS\system32\yayaWPJc.dll
C:\WINDOWS\system32\yayyAspQ.dll
C:\WINDOWS\system32\yayyyay.dll
C:\WINDOWS\system32\ytpochql.ini
C:\WINDOWS\system32\yxbulvlq.ini
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\ystem~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_DOMAINSERVICE
-------\Legacy_FOPN
-------\Legacy_NETWORK_MONITOR
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_vspf
-------\Service_vspf_hk


((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-01 20:27 . 2008-06-01 20:27 <DIR> d-------- C:\Program Files\Aspose
2008-06-01 11:15 . 2008-06-01 11:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 23:01 . 2008-05-28 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 21:07 . 2008-05-28 23:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 20:56 . 2008-05-28 20:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 20:56 . 2008-05-28 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 20:14 . 2008-05-28 20:14 <DIR> d-------- C:\!KillBox
2008-05-28 19:47 . 2008-05-28 19:47 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\Uniblue
2008-05-28 19:26 . 2008-05-28 19:32 <DIR> d-------- C:\Program Files\Security Task Manager
2008-05-28 19:26 . 2008-05-28 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-22 15:41 . 2008-05-22 15:41 <DIR> d-------- C:\WINDOWS\system32\vntiho18
2008-05-21 17:45 . 2008-05-21 17:45 <DIR> d-------- C:\WINDOWS\system32\logXv18
2008-05-21 17:39 . 2008-05-21 17:39 376,832 --a------ C:\WINDOWS\system32\byXNeFvs.dll
2008-05-21 17:34 . 2008-05-21 17:34 <DIR> d-------- C:\WINDOWS\system32\logXv05
2008-05-21 16:01 . 2008-05-21 16:01 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-05-21 16:00 . 2008-05-21 16:01 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\U3
2008-05-20 17:13 . 2008-05-20 17:13 32,768 --a------ C:\WINDOWS\system32\vntiho18\vntiho182328.exe
2008-05-18 17:44 . 2008-05-18 17:50 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-05-18 17:18 . 2008-05-18 17:19 <DIR> d-------- C:\Program Files\CachemanXP
2008-05-18 16:21 . 2008-05-18 16:21 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 15:20 --------- d-----w C:\Program Files\mIRC
2008-05-30 19:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 03:01 --------- d-----w C:\Program Files\Lavasoft
2008-05-25 17:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 21:51 --------- d-----w C:\Documents and Settings\MOE\Application Data\LimeWire
2008-05-18 20:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 20:10 --------- d-----w C:\Program Files\ChessBase
2008-05-18 20:10 --------- d-----w C:\Documents and Settings\MOE\Application Data\ChessBase
2008-05-17 15:34 --------- d-----w C:\Documents and Settings\HAMDA & HASSAN\Application Data\MEGAUPLOADTOOLBAR
2008-05-15 20:49 --------- d-----w C:\Program Files\ShredderChess
2008-05-12 19:55 --------- d-----w C:\Documents and Settings\HAMDA & HASSAN\Application Data\LimeWire
2008-05-09 23:05 --------- d-----w C:\Documents and Settings\MOE\Application Data\Yahoo!
2008-05-09 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-03 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-03 19:46 --------- d-----w C:\Program Files\Yahoo!
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-26 14:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-24 13:03 20,240 ----a-w C:\Documents and Settings\HASSAN\Application Data\GDIPFONTCACHEV1.DAT
2008-04-22 23:25 --------- d-----w C:\Documents and Settings\HAMDA & HASSAN\Application Data\Hamachi
2008-04-22 20:01 --------- d-----w C:\Documents and Settings\MOE\Application Data\Hamachi
2008-04-21 14:26 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-19 20:50 --------- d-----w C:\Program Files\Bookup
2008-04-17 01:03 --------- d-----w C:\Program Files\Arena
2008-04-14 11:48 19,456 -c--a-w C:\Documents and Settings\MOE\Application Data\GDIPFONTCACHEV1.DAT
2008-04-09 11:41 --------- d-----w C:\Documents and Settings\MOE\Application Data\Internet Chess Club
2008-01-06 16:30 77 ----a-w C:\Documents and Settings\MOE\3289.bat
2008-01-05 21:17 77 ----a-w C:\Documents and Settings\MOE\2091.bat
2008-01-05 10:46 77 ----a-w C:\Documents and Settings\MOE\4743.bat
2008-01-05 04:26 77 ----a-w C:\Documents and Settings\MOE\8540.bat
2008-01-04 21:17 77 ----a-w C:\Documents and Settings\MOE\5392.bat
2008-01-04 16:10 77 ----a-w C:\Documents and Settings\MOE\3685.bat
2008-01-04 02:17 77 ----a-w C:\Documents and Settings\MOE\3004.bat
2008-01-03 23:20 77 ----a-w C:\Documents and Settings\MOE\2485.bat
2008-01-03 19:38 77 ----a-w C:\Documents and Settings\MOE\3090.bat
2008-01-03 01:00 77 ----a-w C:\Documents and Settings\MOE\6339.bat
2008-01-02 15:31 77 ----a-w C:\Documents and Settings\MOE\2779.bat
2008-01-02 04:22 249 ----a-w C:\Documents and Settings\MOE\4299.bat
2008-01-01 16:22 77 ----a-w C:\Documents and Settings\MOE\8192.bat
2008-01-01 04:53 249 ----a-w C:\Documents and Settings\MOE\6407.bat
2008-01-01 03:03 77 ----a-w C:\Documents and Settings\MOE\9181.bat
2008-01-01 03:02 249 ----a-w C:\Documents and Settings\MOE\2240.bat
2007-12-31 23:32 77 ----a-w C:\Documents and Settings\MOE\7081.bat
2007-12-31 23:31 249 ----a-w C:\Documents and Settings\MOE\4334.bat
2007-12-31 18:48 77 ----a-w C:\Documents and Settings\MOE\8717.bat
2007-12-31 15:31 77 ----a-w C:\Documents and Settings\MOE\2391.bat
2007-12-31 15:30 249 ----a-w C:\Documents and Settings\MOE\8664.bat
2007-12-30 22:41 77 ----a-w C:\Documents and Settings\MOE\6444.bat
2007-12-30 22:40 249 ----a-w C:\Documents and Settings\MOE\5502.bat
2007-12-30 19:53 77 ----a-w C:\Documents and Settings\MOE\3536.bat
2007-12-30 19:53 249 ----a-w C:\Documents and Settings\MOE\9136.bat
2007-12-30 19:09 77 ----a-w C:\Documents and Settings\MOE\5050.bat
2007-12-30 19:09 249 ----a-w C:\Documents and Settings\MOE\6435.bat
2007-12-30 15:25 77 ----a-w C:\Documents and Settings\MOE\4543.bat
2007-12-30 15:24 249 ----a-w C:\Documents and Settings\MOE\7344.bat
2007-12-30 04:49 77 ----a-w C:\Documents and Settings\MOE\2766.bat
2007-12-30 04:49 249 ----a-w C:\Documents and Settings\MOE\7934.bat
2007-12-30 04:43 77 ----a-w C:\Documents and Settings\MOE\6463.bat
2007-12-30 04:43 249 ----a-w C:\Documents and Settings\MOE\3097.bat
2007-12-30 03:39 249 ----a-w C:\Documents and Settings\MOE\4425.bat
2007-12-30 01:45 249 ----a-w C:\Documents and Settings\MOE\4170.bat
2007-12-29 13:44 77 ----a-w C:\Documents and Settings\MOE\8442.bat
2007-10-25 22:17 78,184 -c--a-w C:\Documents and Settings\HAMDA & HASSAN\Application Data\GDIPFONTCACHEV1.DAT
2007-01-27 22:33 524,300 -c--a-w C:\Documents and Settings\MOE\Application Data\position.bin
2005-05-12 01:10 66,576 -c--a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2005-03-11 00:06 66,576 -c--a-w C:\Documents and Settings\ANYONE ELSE\Application Data\GDIPFONTCACHEV1.DAT
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2007-05-19 23:30 168 --sh--r C:\WINDOWS\system32\8A66670798.sys
2007-03-31 18:20 56 --sh--r C:\WINDOWS\system32\980767668A.sys
2007-06-12 03:07 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 21:24 472 --sha-r C:\WINDOWS\TU9FIA\no6IKE.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
C:\WINDOWS\system32\pmnlmnn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53868C89-8BA4-425E-930B-DA2E604C0D30}]
C:\WINDOWS\system32\pmnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6714CEB3-0276-0B8A-0415-2E00CBC6DDBD}]
C:\WINDOWS\system32\hwyqi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75276DD7-D110-4853-A4E4-C34F449933F1}]
2008-05-21 17:39 376832 --a------ C:\WINDOWS\system32\byXNeFvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AF6A6DC-51A2-4B99-A2E5-BD3FCCFD49C2}]
C:\WINDOWS\system32\ssqpq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E36D7CBB-02FE-4869-13B4-83D04CE95275}]
C:\Program Files\MSN Gaming Zone\lavu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Free Registry Fix"="C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" [ ]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-02 20:58 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\pmnlmnn.dll [ ]

  • 0

#5
Hamze
Posted 05 June 2008 - 04:25 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's main.txt: Deckard's System Scanner v20071014.68
Run by MOE on 2008-06-05 17:12:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-06-05 21:12:16 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-06-05 20:20:06 UTC - RP2 - ComboFix created restore point
1: 2008-06-05 20:19:46 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as MOE.exe) -------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-05 17:16:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\MOE\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\MOE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\pmnlmnn.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53868C89-8BA4-425E-930B-DA2E604C0D30} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6714CEB3-0276-0B8A-0415-2E00CBC6DDBD} - C:\WINDOWS\system32\hwyqi.dll (file missing)
O2 - BHO: (no name) - {75276DD7-D110-4853-A4E4-C34F449933F1} - C:\WINDOWS\system32\byXNeFvs.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AF6A6DC-51A2-4B99-A2E5-BD3FCCFD49C2} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: 0 - {E36D7CBB-02FE-4869-13B4-83D04CE95275} - C:\Program Files\MSN Gaming Zone\lavu.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MOE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.micr.../OGAControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} () - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: pmnlmnn - C:\WINDOWS\system32\pmnlmnn.dll (file missing)
O20 - Winlogon Notify: ssqpq - C:\WINDOWS\system32\ssqpq.dll (file missing)
O20 - Winlogon Notify: tuvvusr - C:\WINDOWS\system32\tuvvusr.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O24 - Desktop Component 1: - http://65.54.175.250...be371b58d41cd0c

--
End of file - 12210 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 avgio - c:\program files\antivir personaledition classic\avgio.sys <Not Verified; AVIRA GmbH; AntiVir>

S2 LMIInfo (LogMeIn Kernel Information Provider) - d:\x86\rainfo.sys (file missing)
S3 JL2005 (JL2005A Toy Camera) - c:\windows\system32\drivers\toywdm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 CachemanXPService (CachemanXP) - c:\progra~1\cachem~1\cachemanxp.exe <Not Verified; Outertech; >
S4 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Scheduler>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-04 18:00:00 404 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-05-30 16:13:13 266 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-05-29 20:03:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-28 19:47:54 388 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-05 16:19:34 68096 --a------ C:\WINDOWS\zip.exe
2008-06-05 16:19:34 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-05 16:19:34 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-05 16:19:34 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-05 16:19:34 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-05 16:19:34 98816 --a------ C:\WINDOWS\sed.exe
2008-06-05 16:19:34 80412 --a------ C:\WINDOWS\grep.exe
2008-06-05 16:19:34 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-01 20:27:04 0 d-------- C:\Program Files\Aspose
2008-06-01 11:15:08 0 d-------- C:\Program Files\Trend Micro
2008-05-28 23:01:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 21:07:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 20:56:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 20:14:52 0 d-------- C:\!KillBox
2008-05-28 19:47:58 0 d-------- C:\Documents and Settings\MOE\Application Data\Uniblue
2008-05-28 19:26:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-28 19:26:05 0 d-------- C:\Program Files\Security Task Manager
2008-05-26 15:49:43 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-05-22 15:41:45 0 d-------- C:\WINDOWS\system32\vntiho18
2008-05-21 17:45:19 0 d-------- C:\WINDOWS\system32\logXv18
2008-05-21 17:39:11 376832 --a------ C:\WINDOWS\system32\byXNeFvs.dll
2008-05-21 17:34:10 0 d-------- C:\WINDOWS\system32\logXv05
2008-05-21 16:01:19 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-21 16:00:51 0 d-------- C:\Documents and Settings\MOE\Application Data\U3
2008-05-19 17:15:48 0 d-------- C:\Documents and Settings\HASSAN\Application Data\Help
2008-05-18 17:44:07 0 d-------- C:\Program Files\Microsoft Bootvis
2008-05-18 17:18:55 0 d-------- C:\Program Files\CachemanXP
2008-05-18 16:21:55 0 d-------- C:\WINDOWS\system32\IOSUBSYS


-- Find3M Report ---------------------------------------------------------------

2008-06-05 16:54:52 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-05 16:20:59 0 d-------- C:\Program Files\Common Files
2008-06-01 11:20:03 0 d-------- C:\Program Files\mIRC
2008-05-30 16:03:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-28 23:01:24 0 d-------- C:\Program Files\Lavasoft
2008-05-25 13:26:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-21 17:51:08 0 d-------- C:\Documents and Settings\MOE\Application Data\LimeWire
2008-05-18 16:10:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-18 16:10:48 0 d-------- C:\Program Files\ChessBase
2008-05-18 16:10:48 0 d-------- C:\Documents and Settings\MOE\Application Data\ChessBase
2008-05-15 16:49:55 0 d-------- C:\Program Files\ShredderChess
2008-05-09 19:05:14 0 d-------- C:\Documents and Settings\MOE\Application Data\Yahoo!
2008-05-03 15:46:47 0 d-------- C:\Program Files\Yahoo!
2008-04-26 10:53:25 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-22 16:01:34 0 d-------- C:\Documents and Settings\MOE\Application Data\Hamachi
2008-04-19 16:50:31 0 d-------- C:\Program Files\Bookup
2008-04-16 21:03:11 0 d-------- C:\Program Files\Arena
2008-04-14 07:48:07 19456 --a----c- C:\Documents and Settings\MOE\Application Data\GDIPFONTCACHEV1.DAT
2008-04-09 07:41:48 0 d-------- C:\Documents and Settings\MOE\Application Data\Internet Chess Club


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
C:\WINDOWS\system32\pmnlmnn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53868C89-8BA4-425E-930B-DA2E604C0D30}]
C:\WINDOWS\system32\pmnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6714CEB3-0276-0B8A-0415-2E00CBC6DDBD}]
C:\WINDOWS\system32\hwyqi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75276DD7-D110-4853-A4E4-C34F449933F1}]
05/21/2008 05:39 PM 376832 --a------ C:\WINDOWS\system32\byXNeFvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AF6A6DC-51A2-4B99-A2E5-BD3FCCFD49C2}]
C:\WINDOWS\system32\ssqpq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E36D7CBB-02FE-4869-13B4-83D04CE95275}]
C:\Program Files\MSN Gaming Zone\lavu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/02/2007 08:58 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"Free Registry Fix"="C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" []
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\pmnlmnn.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlmnn]
pmnlmnn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpq]
C:\WINDOWS\system32\ssqpq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvusr]
tuvvusr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fantastic Flame Agent.lnk
backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
backup=C:\WINDOWS\pss\palstart.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MOE^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\MOE\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MOE^Start Menu^Programs^Startup^PalNetaware.lnk]
path=C:\Documents and Settings\MOE\Start Menu\Programs\Startup\PalNetaware.lnk
backup=C:\WINDOWS\pss\PalNetaware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\44409]
C:\WINDOWS/44409.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aguhynn]
c:\windows\system32\aguhynn.exe aguhynn

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alpejc]
C:\WINDOWS\system32\exknhl.exe r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b4d3355b]
rundll32.exe "C:\WINDOWS\system32\ssitnwfm.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_check]
"C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dinst]
C:\WINDOWS\dinst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNSE]
"C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorGuard]
C:\Program Files\ErrorGuard\ErrorGuard.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_check]
"C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freedom]
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\system32\nuhwhjqt.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbTools]
C:\Program Files\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hljchf]
c:\windows\system32\jevppzb.exe r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
"C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
C:\WINDOWS\system32\nsinet.exe /res

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jsogzcry]
C:\Program Files\Pvqti\Piakfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldncyhh]
C:\WINDOWS\system32\muvtmh.exe r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ljamhy]
C:\WINDOWS\system32\kteuaj.exe r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\luiugg]
c:\windows\system32\lvvrsd.exe r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niqqjyl]
C:\WINDOWS\system32\cyxbcj.exe r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nsbmlvv]
c:\windows\system32\iafwff.exe r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\obtbit]
c:\windows\system32\nzrcum.exe r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympic]
c:\programmi\sgrunt\IE4321.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSS]
C:\windows\system32\rlvknlg.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qdizfmbvqm]
c:\windows\system32\qdizfmbvqm.exe qdizfmbvqm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qnqaao]
C:\Program Files\Gjoaoj\Sssq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH]
C:\WINDOWS\exqss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\bdubyd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1ev5]
C:\WINDOWS\bdubyd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\MOE\Application Data\Microsoft\Windows\rayiou.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpleology 1.0]
C:\Program Files\Simpleology\Wimiki\wimiki.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
C:\Program Files\SurfAccuracy\SAcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDoctor Free]
C:\Program Files\SystemDoctor Free\sdmain.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
C:\Program Files\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows ControlAd]
C:\Program Files\Windows ControlAd\WinCtlAd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\MOE\Application Data\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yuzfztcu]
C:\WINDOWS\system32\nxjnvxaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.0.328.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
"C:\Program Files\Zango\bin\10.0.328.0\ZangoSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# K"h'þ9Óœ÷3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# K"h'þ9Óœ÷3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\bdubyd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcProc"=2 (0x2)
"MDM"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"AOL ACS"=2 (0x2)
"gusvc"=3 (0x3)
"SDhelper"=2 (0x2)
"usnjsvc"=3 (0x3)
"NetSvc"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"DomainService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LogMeIn GUI"="D:\x86\LogMeInSystray.exe"
"LSA Shellu"=C:\Documents and Settings\MOE\lsass.exe




-- End of Deckard's System Scanner: finished at 2008-06-05 17:17:22 ------------

Here's extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.60GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 509.8 MiB / 248.1 MiB
Pagefile Memory (total/avail): 1248.89 MiB / 1087.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.42 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.78 GiB total, 49.38 GiB free.
D: is Fixed (FAT32) - 2.74 GiB total, 2.74 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-00HEA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 71.78 GiB - C:
\PARTITION1 - Unknown - 2.75 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Arena\\Timeseal.exe"="C:\\Program Files\\Arena\\Timeseal.exe:*:Enabled:Timeseal"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msrr.exe"="C:\\Program Files\\MSN Messenger\\msrr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\MOE\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HAMZE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\MOE
LOGONSERVER=\\HAMZE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Support Tools;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MOE\LOCALS~1\Temp
TMP=C:\DOCUME~1\MOE\LOCALS~1\Temp
USERDOMAIN=HAMZE
USERNAME=MOE
USERPROFILE=C:\Documents and Settings\MOE
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

MOE (admin)
HAMDA & HASSAN (admin)
HASSAN (admin)
?s?.??? ??? (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Aspose.Slides --> MsiExec.exe /I{A081E34C-1AD8-4E68-9167-AC88715AF2C2}
Bookup 2000 Express build 30 --> "C:\Program Files\Bookup\Bookup 2000 Express\unins000.exe"
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\Spcron\Spcron.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\Spcron\"" /f
Dasher --> C:\Program Files\Internet Chess Club\Dasher\Dasher-uninstall.exe
finlcnt10s.exe --> C:\PROGRA~1\FILESU~1\FINLCN~1.EXE\UNWISE.EXE C:\PROGRA~1\FILESU~1\FINLCN~1.EXE\INSTALL.LOG
flupScript 1.5 --> C:\Program Files\flupScript\Uninstal.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Scientific-Atlanta WebSTAR 2000 series Cable Modem --> UNDPX2A.EXE
Security Task Manager 1.7f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Shredder Classic 1.3 --> "C:\Program Files\ShredderChess\Shredder Classic\unins000.exe"
Shredder Classic 2 --> "C:\Program Files\ShredderChess\Shredder Classic 2\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{D1B11537-EA51-4DD8-BF1E-098BEE48868D}\setup.exe -runfromtemp -l0x0409
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨ã¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type1058 / Error
Event Submitted/Written: 06/05/2008 04:42:24 PM
Event ID/Source: 4118 / Ci
Event Description:
A content scan could not be completed on c:\.

Event Record #/Type1054 / Error
Event Submitted/Written: 06/05/2008 04:15:44 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application taskmgr.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x42c2dded.
Processing media-specific event for [taskmgr.exe!ws!]

Event Record #/Type1044 / Warning
Event Submitted/Written: 06/05/2008 04:00:48 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'HandWritingFiles' failed during request for component '{E6BFD503-3A35-4B78-BAB5-9570EDDEF81C}'

Event Record #/Type1043 / Warning
Event Submitted/Written: 06/05/2008 04:00:48 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'HandWritingFiles', component '{9C1249C6-4DDB-4A48-BC9F-4AF8D1291AE1}' failed. The resource 'C:\Program Files\Microsoft ActiveSync\RICHINK.DLL' does not exist.

Event Record #/Type1041 /
  • 0

#6
BHowett
Posted 06 June 2008 - 02:11 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Hamze,

Looks like that run took out a lot bad stuff but we still have a bit more to do.


P2P Warning!
I see you are using LimeWire, please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur . Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

===============================================



Combofix Script.txt
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\byXNeFvs.dll
C:\WINDOWS\exqss.exe
C:\WINDOWS\system32\vntiho18\vntiho182328.exe
C:\WINDOWS\bdubyd.exe
C:\WINDOWS\system32\d3d9caps.dat
C:\Documents and Settings\MOE\Application Data\Microsoft\Windows\rayiou.exe
C:\WINDOWS\system32\nxjnvxaj.exe
c:\windows\system32\lvvrsd.exe 
C:\WINDOWS\system32\cyxbcj.exe 
c:\windows\system32\iafwff.exe 
c:\windows\system32\nzrcum.exe 
c:\programmi\sgrunt\IE4321.exe
C:\windows\system32\rlvknlg.exe 
c:\windows\system32\qdizfmbvqm.exe 
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\pmnlmnn.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\hwyqi.dll
C:\WINDOWS\system32\byXNeFvs.dll
C:\WINDOWS\system32\ssqpq.dll
C:\Program Files\MSN Gaming Zone\lavu.dll
C:\WINDOWS\system32\ssqpq.dll 
C:\WINDOWS/44409.exe
c:\windows\system32\aguhynn.exe 
C:\WINDOWS\system32\exknhl.exe 
C:\WINDOWS\system32\ssitnwfm.dll
C:\WINDOWS\dinst.exe
C:\WINDOWS\system32\nuhwhjqt.dll
c:\windows\system32\jevppzb.exe 
C:\WINDOWS\system32\nsinet.exe 
C:\WINDOWS\system32\muvtmh.exe 
C:\WINDOWS\system32\kteuaj.exe
Folder::
C:\Program Files\ErrorGuard
C:\Program Files\BullsEye Network
C:\Program Files\ShoppingReport
C:\Program Files\Gjoaoj
C:\Documents and Settings\MOE\Application Data\WinTouch
C:\Program Files\Words
C:\Program Files\Zango
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\logXv18
C:\WINDOWS\system32\logXv05
C:\Program Files\ShoppingReport
C:\Program Files\Windows ControlAd
C:\Program Files\HbTools
C:\Program Files\SystemDoctor Free
C:\Program Files\SurfAccuracy
C:\Program Files\Internet Optimizer
C:\Program Files\HbTools
C:\Program Files\Common Files\WinAntiVirus Pro 2006
C:\Program Files\ISTsvc
C:\Program Files\Pvqti
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53868C89-8BA4-425E-930B-DA2E604C0D30}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6714CEB3-0276-0B8A-0415-2E00CBC6DDBD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75276DD7-D110-4853-A4E4-C34F449933F1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AF6A6DC-51A2-4B99-A2E5-BD3FCCFD49C2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E36D7CBB-02FE-4869-13B4-83D04CE95275}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlmnn] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpq] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvusr] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\44409]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aguhynn]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alpejc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b4d3355b]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_check]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dinst]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNSE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorGuard]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_check]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbTools]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hljchf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jsogzcry]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldncyhh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ljamhy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\luiugg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niqqjyl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nsbmlvv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\obtbit]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympic]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qdizfmbvqm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qnqaao]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1ev ùõš/‚²‘Æ ßfÏNC:]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1ev ùõš/‚²‘Æ ßfÏNC:\Program Files]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1ev ùõš/‚²‘Æ ßfÏNC:\Program Files\ISTsvc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1ev ùõš/‚²‘Æ ßfÏNC:\Program Files\ISTsvc\istsvc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1ev5]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDoctor Free]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows ControlAd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yuzfztcu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á ³# K"h'þ9Óœ÷3rÅ WC:]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á ³# K"h'þ9Óœ÷3rÅ WC:\Program Files]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á ³# K"h'þ9Óœ÷3rÅ WC:\Program Files\ISTsvc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á ³# K"h'þ9Óœ÷3rÅ WC:\Program Files\ISTsvc\istsvc.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

===============================================

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

===============================================

Needed in your next reply:

C:\ComboFix.txt
Malwarebytes report
New HijackThis log

Also please let me know how things are running now :)
  • 0

#7
Hamze
Posted 06 June 2008 - 04:11 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's combofix.text:
ComboFix 08-06-05.3 - MOE 2008-06-06 17:49:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.241 [GMT -4:00]
Running from: C:\Documents and Settings\MOE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MOE\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\MOE\Application Data\Microsoft\Windows\rayiou.exe
C:\Program Files\MSN Gaming Zone\lavu.dll
c:\programmi\sgrunt\IE4321.exe
C:\WINDOWS/44409.exe
C:\WINDOWS\bdubyd.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\exqss.exe
c:\windows\system32\aguhynn.exe
C:\WINDOWS\system32\byXNeFvs.dll
C:\WINDOWS\system32\cyxbcj.exe
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\exknhl.exe
C:\WINDOWS\system32\hwyqi.dll
c:\windows\system32\iafwff.exe
c:\windows\system32\jevppzb.exe
C:\WINDOWS\system32\kteuaj.exe
c:\windows\system32\lvvrsd.exe
C:\WINDOWS\system32\muvtmh.exe
C:\WINDOWS\system32\nsinet.exe
C:\WINDOWS\system32\nuhwhjqt.dll
C:\WINDOWS\system32\nxjnvxaj.exe
c:\windows\system32\nzrcum.exe
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pmnlmnn.dll
c:\windows\system32\qdizfmbvqm.exe
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\ssitnwfm.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\vntiho18\vntiho182328.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byXNeFvs.dll
C:\WINDOWS\system32\logXv05
C:\WINDOWS\system32\logXv05\logXv051080.exe
C:\WINDOWS\system32\logXv18
C:\WINDOWS\system32\logXv18\logXv182328.exe
C:\WINDOWS\system32\opnlijh.dll
C:\WINDOWS\system32\qommnom.dll
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\vntiho18\vntiho182328.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-06 17:47 . 2008-06-06 17:47 <DIR> d-------- C:\Documents and Settings\MOE\New Folder
2008-06-06 17:37 . 2008-06-06 17:37 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\LimeWire
2008-06-06 17:37 . 2008-06-06 17:37 <DIR> d-------- C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg
2008-06-06 17:37 . 2008-06-06 17:37 <DIR> d-------- C:\Documents and Settings\HAMDA & HASSAN\Application Data\LimeWire
2008-06-06 17:37 . 2008-06-06 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VideoEgg
2008-06-06 16:59 . 2008-06-06 17:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 16:59 . 2008-06-06 16:59 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\Malwarebytes
2008-06-06 16:59 . 2008-06-06 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 07:37 . 2008-06-06 07:37 <DIR> d-------- C:\industry_files
2008-06-06 07:37 . 2008-06-06 07:37 45,111 --a------ C:\industry.htm
2008-06-06 07:36 . 2008-06-06 07:36 <DIR> d-------- C:\reasons_files
2008-06-06 07:36 . 2008-06-06 07:36 20,358 --a------ C:\reasons.htm
2008-06-06 07:35 . 2008-06-06 07:35 <DIR> d-------- C:\population_files
2008-06-06 07:35 . 2008-06-06 07:35 <DIR> d-------- C:\invest_files
2008-06-06 07:35 . 2008-06-06 07:35 41,502 --a------ C:\population.htm
2008-06-06 07:35 . 2008-06-06 07:35 23,334 --a------ C:\invest.htm
2008-06-06 07:33 . 2008-06-06 07:33 <DIR> d-------- C:\Age_distribution_files
2008-06-06 07:33 . 2008-06-06 07:33 42,072 --a------ C:\Age_distribution.htm
2008-06-05 18:23 . 2008-06-05 18:23 347 --ahs---- C:\WINDOWS\system32\svFeNXyb.ini
2008-06-05 17:11 . 2008-06-05 17:11 <DIR> d-------- C:\Deckard
2008-06-01 20:27 . 2008-06-01 20:27 <DIR> d-------- C:\Program Files\Aspose
2008-06-01 11:15 . 2008-06-01 11:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 23:01 . 2008-05-28 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 21:07 . 2008-05-28 23:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 20:56 . 2008-05-28 20:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 20:56 . 2008-05-28 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 20:14 . 2008-05-28 20:14 <DIR> d-------- C:\!KillBox
2008-05-28 19:47 . 2008-05-28 19:47 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\Uniblue
2008-05-28 19:26 . 2008-05-28 19:32 <DIR> d-------- C:\Program Files\Security Task Manager
2008-05-28 19:26 . 2008-05-28 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-21 16:01 . 2008-05-21 16:01 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-05-21 16:00 . 2008-05-21 16:01 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\U3
2008-05-18 17:44 . 2008-05-18 17:50 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-05-18 17:18 . 2008-05-18 17:19 <DIR> d-------- C:\Program Files\CachemanXP
2008-05-18 16:21 . 2008-05-18 16:21 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 15:20 --------- d-----w C:\Program Files\mIRC
2008-05-30 19:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 03:01 --------- d-----w C:\Program Files\Lavasoft
2008-05-25 17:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-18 20:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 20:10 --------- d-----w C:\Program Files\ChessBase
2008-05-18 20:10 --------- d-----w C:\Documents and Settings\MOE\Application Data\ChessBase
2008-05-17 15:34 --------- d-----w C:\Documents and Settings\HAMDA & HASSAN\Application Data\MEGAUPLOADTOOLBAR
2008-05-15 20:49 --------- d-----w C:\Program Files\ShredderChess
2008-05-09 23:05 --------- d-----w C:\Documents and Settings\MOE\Application Data\Yahoo!
2008-05-09 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-03 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-03 19:46 --------- d-----w C:\Program Files\Yahoo!
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-26 14:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-24 13:03 20,240 ----a-w C:\Documents and Settings\HASSAN\Application Data\GDIPFONTCACHEV1.DAT
2008-04-22 23:25 --------- d-----w C:\Documents and Settings\HAMDA & HASSAN\Application Data\Hamachi
2008-04-22 20:01 --------- d-----w C:\Documents and Settings\MOE\Application Data\Hamachi
2008-04-21 14:26 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-19 20:50 --------- d-----w C:\Program Files\Bookup
2008-04-17 01:03 --------- d-----w C:\Program Files\Arena
2008-04-14 11:48 19,456 -c--a-w C:\Documents and Settings\MOE\Application Data\GDIPFONTCACHEV1.DAT
2008-04-09 11:41 --------- d-----w C:\Documents and Settings\MOE\Application Data\Internet Chess Club
2008-01-06 16:30 77 ----a-w C:\Documents and Settings\MOE\3289.bat
2008-01-05 21:17 77 ----a-w C:\Documents and Settings\MOE\2091.bat
2008-01-05 10:46 77 ----a-w C:\Documents and Settings\MOE\4743.bat
2008-01-05 04:26 77 ----a-w C:\Documents and Settings\MOE\8540.bat
2008-01-04 21:17 77 ----a-w C:\Documents and Settings\MOE\5392.bat
2008-01-04 16:10 77 ----a-w C:\Documents and Settings\MOE\3685.bat
2008-01-04 02:17 77 ----a-w C:\Documents and Settings\MOE\3004.bat
2008-01-03 23:20 77 ----a-w C:\Documents and Settings\MOE\2485.bat
2008-01-03 19:38 77 ----a-w C:\Documents and Settings\MOE\3090.bat
2008-01-03 01:00 77 ----a-w C:\Documents and Settings\MOE\6339.bat
2008-01-02 15:31 77 ----a-w C:\Documents and Settings\MOE\2779.bat
2008-01-02 04:22 249 ----a-w C:\Documents and Settings\MOE\4299.bat
2008-01-01 16:22 77 ----a-w C:\Documents and Settings\MOE\8192.bat
2008-01-01 04:53 249 ----a-w C:\Documents and Settings\MOE\6407.bat
2008-01-01 03:03 77 ----a-w C:\Documents and Settings\MOE\9181.bat
2008-01-01 03:02 249 ----a-w C:\Documents and Settings\MOE\2240.bat
2007-12-31 23:32 77 ----a-w C:\Documents and Settings\MOE\7081.bat
2007-12-31 23:31 249 ----a-w C:\Documents and Settings\MOE\4334.bat
2007-12-31 18:48 77 ----a-w C:\Documents and Settings\MOE\8717.bat
2007-12-31 15:31 77 ----a-w C:\Documents and Settings\MOE\2391.bat
2007-12-31 15:30 249 ----a-w C:\Documents and Settings\MOE\8664.bat
2007-12-30 22:41 77 ----a-w C:\Documents and Settings\MOE\6444.bat
2007-12-30 22:40 249 ----a-w C:\Documents and Settings\MOE\5502.bat
2007-12-30 19:53 77 ----a-w C:\Documents and Settings\MOE\3536.bat
2007-12-30 19:53 249 ----a-w C:\Documents and Settings\MOE\9136.bat
2007-12-30 19:09 77 ----a-w C:\Documents and Settings\MOE\5050.bat
2007-12-30 19:09 249 ----a-w C:\Documents and Settings\MOE\6435.bat
2007-12-30 15:25 77 ----a-w C:\Documents and Settings\MOE\4543.bat
2007-12-30 15:24 249 ----a-w C:\Documents and Settings\MOE\7344.bat
2007-12-30 04:49 77 ----a-w C:\Documents and Settings\MOE\2766.bat
2007-12-30 04:49 249 ----a-w C:\Documents and Settings\MOE\7934.bat
2007-12-30 04:43 77 ----a-w C:\Documents and Settings\MOE\6463.bat
2007-12-30 04:43 249 ----a-w C:\Documents and Settings\MOE\3097.bat
2007-12-30 03:39 249 ----a-w C:\Documents and Settings\MOE\4425.bat
2007-12-30 01:45 249 ----a-w C:\Documents and Settings\MOE\4170.bat
2007-12-29 13:44 77 ----a-w C:\Documents and Settings\MOE\8442.bat
2007-10-25 22:17 78,184 -c--a-w C:\Documents and Settings\HAMDA & HASSAN\Application Data\GDIPFONTCACHEV1.DAT
2007-01-27 22:33 524,300 -c--a-w C:\Documents and Settings\MOE\Application Data\position.bin
2005-05-12 01:10 66,576 -c--a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2005-03-11 00:06 66,576 -c--a-w C:\Documents and Settings\ANYONE ELSE\Application Data\GDIPFONTCACHEV1.DAT
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2007-05-19 23:30 168 --sh--r C:\WINDOWS\system32\8A66670798.sys
2007-03-31 18:20 56 --sh--r C:\WINDOWS\system32\980767668A.sys
2007-06-12 03:07 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 21:24 472 --sha-r C:\WINDOWS\TU9FIA\no6IKE.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_17.07.48.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 20:55:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 21:53:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-08 20:38:23 407,004 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-06-06 21:38:11 213,488 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-06-06 21:54:55 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_90.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Free Registry Fix"="C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" [ ]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-02 20:58 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fantastic Flame Agent.lnk
backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
backup=C:\WINDOWS\pss\palstart.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MOE^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\MOE\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MOE^Start Menu^Programs^Startup^PalNetaware.lnk]
path=C:\Documents and Settings\MOE\Start Menu\Programs\Startup\PalNetaware.lnk
backup=C:\WINDOWS\pss\PalNetaware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-04-08 10:56 496752 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2007-02-27 17:04 262184 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freedom]
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2002-10-16 02:05 114688 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
--a------ 2006-10-27 21:34 65536 C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2002-10-16 02:18 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-07 16:55 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-03-09 20:10 11776 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-03-09 20:10 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 06:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2002-10-23 13:15 86016 c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\bdubyd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpleology 1.0]
C:\Program Files\Simpleology\Wimiki\wimiki.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-04-24 16:53 54784 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-02-02 20:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\bdubyd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcProc"=2 (0x2)
"MDM"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"AOL ACS"=2 (0x2)
"gusvc"=3 (0x3)
"SDhelper"=2 (0x2)
"usnjsvc"=3 (0x3)
"NetSvc"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"DomainService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LogMeIn GUI"="D:\x86\LogMeInSystray.exe"
"LSA Shellu"=C:\Documents and Settings\MOE\lsass.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Arena\\Timeseal.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msrr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21847:TCP"= 21847:TCP:BitComet 21847 TCP
"21847:UDP"= 21847:UDP:BitComet 21847 UDP
"56979:TCP"= 56979:TCP:AresChatServer

R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2008-04-30 19:54]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R3 iANSMiniport;Intel® Advanced Network Services Virtual Adapter;C:\WINDOWS\system32\DRIVERS\ianswxp.sys [2002-10-09 23:21]
S2 LMIInfo;LogMeIn Kernel Information Provider;D:\x86\RaInfo.sys []
S3 iANSProtocol;Intel® Advanced Network Services Protocol;C:\WINDOWS\system32\DRIVERS\ianswxp.sys [2002-10-09 23:21]
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-06-04 14:21]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-10-16 03:11]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-05-01 14:56]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-05-01 14:57]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-05-01 14:57]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-05-01 14:58]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-05-01 07:56]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-05-01 14:59]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-05-01 14:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 00:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-06 22:00:08 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-30 20:13:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-28 23:47:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 17:57:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-06-06 18:10:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 22:10:45
ComboFix2.txt 2008-06-06 20:53:58

Pre-Run: 52,972,994,560 bytes free
Post-Run: 52,918,898,688 bytes free

386 --- E O F --- 2008-05-28 03:38:03
  • 0

#8
Hamze
Posted 06 June 2008 - 04:13 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's a new Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:12 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MOE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O24 - Desktop Component 1: (no name) - http://65.54.175.250...be371b58d41cd0c

--
End of file - 8734 bytes
  • 0

#9
Hamze
Posted 06 June 2008 - 04:23 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here is the Malwarebytes report.
Malwarebytes' Anti-Malware 1.15
Database version: 836

6:23:41 PM 6/6/2008
mbam-log-6-6-2008 (18-23-41).txt

Scan type: Quick Scan
Objects scanned: 46217
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 72
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{90c61707-c8f8-43db-a25c-c1f4b18ee41e} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\kernelexe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\ANYONE ELSE\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Updater\2663 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Publisher\3461\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Updater\2663\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HAMDA & HASSAN\Application Data\VideoEgg\Updater\2663\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\srff.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gjkkj.ini (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#10
Hamze
Posted 06 June 2008 - 04:39 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's another combofix:
ComboFix 08-06-05.3 - MOE 2008-06-06 18:25:30.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.203 [GMT -4:00]
Running from: C:\Documents and Settings\MOE\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-06 18:16 . 2008-06-06 18:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 18:16 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 18:16 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 17:47 . 2008-06-06 17:47 <DIR> d-------- C:\Documents and Settings\MOE\New Folder
2008-06-06 17:37 . 2008-06-06 17:37 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\LimeWire
2008-06-06 17:37 . 2008-06-06 17:37 <DIR> d-------- C:\Documents and Settings\HAMDA & HASSAN\Application Data\LimeWire
2008-06-06 16:59 . 2008-06-06 16:59 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\Malwarebytes
2008-06-06 16:59 . 2008-06-06 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 07:37 . 2008-06-06 07:37 <DIR> d-------- C:\industry_files
2008-06-06 07:37 . 2008-06-06 07:37 45,111 --a------ C:\industry.htm
2008-06-06 07:36 . 2008-06-06 07:36 <DIR> d-------- C:\reasons_files
2008-06-06 07:36 . 2008-06-06 07:36 20,358 --a------ C:\reasons.htm
2008-06-06 07:35 . 2008-06-06 07:35 <DIR> d-------- C:\population_files
2008-06-06 07:35 . 2008-06-06 07:35 <DIR> d-------- C:\invest_files
2008-06-06 07:35 . 2008-06-06 07:35 41,502 --a------ C:\population.htm
2008-06-06 07:35 . 2008-06-06 07:35 23,334 --a------ C:\invest.htm
2008-06-06 07:33 . 2008-06-06 07:33 <DIR> d-------- C:\Age_distribution_files
2008-06-06 07:33 . 2008-06-06 07:33 42,072 --a------ C:\Age_distribution.htm
2008-06-05 18:23 . 2008-06-05 18:23 347 --ahs---- C:\WINDOWS\system32\svFeNXyb.ini
2008-06-05 17:11 . 2008-06-05 17:11 <DIR> d-------- C:\Deckard
2008-06-01 20:27 . 2008-06-01 20:27 <DIR> d-------- C:\Program Files\Aspose
2008-06-01 11:15 . 2008-06-01 11:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 23:01 . 2008-05-28 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 21:07 . 2008-05-28 23:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 20:56 . 2008-05-28 20:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 20:56 . 2008-05-28 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 20:14 . 2008-05-28 20:14 <DIR> d-------- C:\!KillBox
2008-05-28 19:47 . 2008-05-28 19:47 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\Uniblue
2008-05-28 19:26 . 2008-05-28 19:32 <DIR> d-------- C:\Program Files\Security Task Manager
2008-05-28 19:26 . 2008-05-28 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-21 16:01 . 2008-05-21 16:01 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-05-21 16:00 . 2008-05-21 16:01 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\U3
2008-05-18 17:44 . 2008-05-18 17:50 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-05-18 17:18 . 2008-05-18 17:19 <DIR> d-------- C:\Program Files\CachemanXP
2008-05-18 16:21 . 2008-05-18 16:21 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 15:20 --------- d-----w C:\Program Files\mIRC
2008-05-30 19:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 03:01 --------- d-----w C:\Program Files\Lavasoft
2008-05-25 17:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-18 20:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 20:10 --------- d-----w C:\Program Files\ChessBase
2008-05-18 20:10 --------- d-----w C:\Documents and Settings\MOE\Application Data\ChessBase
2008-05-17 15:34 --------- d-----w C:\Documents and Settings\HAMDA & HASSAN\Application Data\MEGAUPLOADTOOLBAR
2008-05-15 20:49 --------- d-----w C:\Program Files\ShredderChess
2008-05-09 23:05 --------- d-----w C:\Documents and Settings\MOE\Application Data\Yahoo!
2008-05-09 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-03 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-03 19:46 --------- d-----w C:\Program Files\Yahoo!
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-26 14:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-24 13:03 20,240 ----a-w C:\Documents and Settings\HASSAN\Application Data\GDIPFONTCACHEV1.DAT
2008-04-22 23:25 --------- d-----w C:\Documents and Settings\HAMDA & HASSAN\Application Data\Hamachi
2008-04-22 20:01 --------- d-----w C:\Documents and Settings\MOE\Application Data\Hamachi
2008-04-21 14:26 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-19 20:50 --------- d-----w C:\Program Files\Bookup
2008-04-17 01:03 --------- d-----w C:\Program Files\Arena
2008-04-14 11:48 19,456 -c--a-w C:\Documents and Settings\MOE\Application Data\GDIPFONTCACHEV1.DAT
2008-04-09 11:41 --------- d-----w C:\Documents and Settings\MOE\Application Data\Internet Chess Club
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-06 16:30 77 ----a-w C:\Documents and Settings\MOE\3289.bat
2008-01-05 21:17 77 ----a-w C:\Documents and Settings\MOE\2091.bat
2008-01-05 10:46 77 ----a-w C:\Documents and Settings\MOE\4743.bat
2008-01-05 04:26 77 ----a-w C:\Documents and Settings\MOE\8540.bat
2008-01-04 21:17 77 ----a-w C:\Documents and Settings\MOE\5392.bat
2008-01-04 16:10 77 ----a-w C:\Documents and Settings\MOE\3685.bat
2008-01-04 02:17 77 ----a-w C:\Documents and Settings\MOE\3004.bat
2008-01-03 23:20 77 ----a-w C:\Documents and Settings\MOE\2485.bat
2008-01-03 19:38 77 ----a-w C:\Documents and Settings\MOE\3090.bat
2008-01-03 01:00 77 ----a-w C:\Documents and Settings\MOE\6339.bat
2008-01-02 15:31 77 ----a-w C:\Documents and Settings\MOE\2779.bat
2008-01-02 04:22 249 ----a-w C:\Documents and Settings\MOE\4299.bat
2008-01-01 16:22 77 ----a-w C:\Documents and Settings\MOE\8192.bat
2008-01-01 04:53 249 ----a-w C:\Documents and Settings\MOE\6407.bat
2008-01-01 03:03 77 ----a-w C:\Documents and Settings\MOE\9181.bat
2008-01-01 03:02 249 ----a-w C:\Documents and Settings\MOE\2240.bat
2007-12-31 23:32 77 ----a-w C:\Documents and Settings\MOE\7081.bat
2007-12-31 23:31 249 ----a-w C:\Documents and Settings\MOE\4334.bat
2007-12-31 18:48 77 ----a-w C:\Documents and Settings\MOE\8717.bat
2007-12-31 15:31 77 ----a-w C:\Documents and Settings\MOE\2391.bat
2007-12-31 15:30 249 ----a-w C:\Documents and Settings\MOE\8664.bat
2007-12-30 22:41 77 ----a-w C:\Documents and Settings\MOE\6444.bat
2007-12-30 22:40 249 ----a-w C:\Documents and Settings\MOE\5502.bat
2007-12-30 19:53 77 ----a-w C:\Documents and Settings\MOE\3536.bat
2007-12-30 19:53 249 ----a-w C:\Documents and Settings\MOE\9136.bat
2007-12-30 19:09 77 ----a-w C:\Documents and Settings\MOE\5050.bat
2007-12-30 19:09 249 ----a-w C:\Documents and Settings\MOE\6435.bat
2007-12-30 15:25 77 ----a-w C:\Documents and Settings\MOE\4543.bat
2007-12-30 15:24 249 ----a-w C:\Documents and Settings\MOE\7344.bat
2007-12-30 04:49 77 ----a-w C:\Documents and Settings\MOE\2766.bat
2007-12-30 04:49 249 ----a-w C:\Documents and Settings\MOE\7934.bat
2007-12-30 04:43 77 ----a-w C:\Documents and Settings\MOE\6463.bat
2007-12-30 04:43 249 ----a-w C:\Documents and Settings\MOE\3097.bat
2007-12-30 03:39 249 ----a-w C:\Documents and Settings\MOE\4425.bat
2007-12-30 01:45 249 ----a-w C:\Documents and Settings\MOE\4170.bat
2007-12-29 13:44 77 ----a-w C:\Documents and Settings\MOE\8442.bat
2007-10-25 22:17 78,184 -c--a-w C:\Documents and Settings\HAMDA & HASSAN\Application Data\GDIPFONTCACHEV1.DAT
2007-01-27 22:33 524,300 -c--a-w C:\Documents and Settings\MOE\Application Data\position.bin
2005-05-12 01:10 66,576 -c--a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2005-03-11 00:06 66,576 -c--a-w C:\Documents and Settings\ANYONE ELSE\Application Data\GDIPFONTCACHEV1.DAT
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2007-05-19 23:30 168 --sh--r C:\WINDOWS\system32\8A66670798.sys
2007-03-31 18:20 56 --sh--r C:\WINDOWS\system32\980767668A.sys
2007-06-12 03:07 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 21:24 472 --sha-r C:\WINDOWS\TU9FIA\no6IKE.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_17.07.48.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 20:55:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 21:53:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-08 20:38:23 407,004 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-06-06 21:38:11 213,488 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-06-06 21:54:55 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_90.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Free Registry Fix"="C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" [ ]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-02 20:58 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fantastic Flame Agent.lnk
backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
backup=C:\WINDOWS\pss\palstart.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MOE^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\MOE\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MOE^Start Menu^Programs^Startup^PalNetaware.lnk]
path=C:\Documents and Settings\MOE\Start Menu\Programs\Startup\PalNetaware.lnk
backup=C:\WINDOWS\pss\PalNetaware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-04-08 10:56 496752 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2007-02-27 17:04 262184 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freedom]
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2002-10-16 02:05 114688 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
--a------ 2006-10-27 21:34 65536 C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2002-10-16 02:18 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-07 16:55 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-03-09 20:10 11776 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-03-09 20:10 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 06:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2002-10-23 13:15 86016 c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\bdubyd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpleology 1.0]
C:\Program Files\Simpleology\Wimiki\wimiki.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-04-24 16:53 54784 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-02-02 20:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\bdubyd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcProc"=2 (0x2)
"MDM"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"AOL ACS"=2 (0x2)
"gusvc"=3 (0x3)
"SDhelper"=2 (0x2)
"usnjsvc"=3 (0x3)
"NetSvc"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"DomainService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LogMeIn GUI"="D:\x86\LogMeInSystray.exe"
"LSA Shellu"=C:\Documents and Settings\MOE\lsass.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Arena\\Timeseal.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msrr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21847:TCP"= 21847:TCP:BitComet 21847 TCP
"21847:UDP"= 21847:UDP:BitComet 21847 UDP
"56979:TCP"= 56979:TCP:AresChatServer

R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2008-04-30 19:54]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R3 iANSMiniport;Intel® Advanced Network Services Virtual Adapter;C:\WINDOWS\system32\DRIVERS\ianswxp.sys [2002-10-09 23:21]
S2 LMIInfo;LogMeIn Kernel Information Provider;D:\x86\RaInfo.sys []
S3 iANSProtocol;Intel® Advanced Network Services Protocol;C:\WINDOWS\system32\DRIVERS\ianswxp.sys [2002-10-09 23:21]
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-06-04 14:21]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-10-16 03:11]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-05-01 14:56]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-05-01 14:57]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-05-01 14:57]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-05-01 14:58]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-05-01 07:56]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-05-01 14:59]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-05-01 14:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 00:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-06 22:00:08 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-30 20:13:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-28 23:47:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 18:28:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-06 18:37:25
ComboFix-quarantined-files.txt 2008-06-06 22:37:10
ComboFix2.txt 2008-06-06 22:10:53
ComboFix3.txt 2008-06-06 20:53:58

Pre-Run: 52,917,342,208 bytes free
Post-Run: 52,905,308,160 bytes free

334 --- E O F --- 2008-05-28 03:38:03
  • 0

Advertisements

#11
Hamze
Posted 06 June 2008 - 04:41 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's another Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:13 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MOE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O24 - Desktop Component 1: (no name) - http://65.54.175.250...be371b58d41cd0c

--
End of file - 8606 bytes


imapi.exe appears a lot less often now. I can comfortably expect explorer.exe to last more than 10 minutes now. :)
  • 0

#12
BHowett
Posted 07 June 2008 - 10:17 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Hamze,

imapi.exe appears to be a legitimate file it is a part of the Microsoft Windows operating system, more specifically the Image Mastering Applications Programming Interface, which is used for CD recording. This program is important for the stable and secure running of your computer and should not be terminated.

This unfortunately is not my area of expertise, so what I am thinking is we will continue on until your system is clean, and also verify that imapi.exe is clean. Once I give you the all clear, if your still having problems with imapi.exe we might have to send you over to the techs.

Fix with HijackThis

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O8 - Extra context menu item: &Search - ?p=ZJfox000
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O24 - Desktop Component 1: (no name) - http://65.54.175.250...be371b58d41cd0c



Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

After that, Reboot, and post a new HijackThis log here in your reply, and let me know how your system is running.

===============================================


Istbar

Istbar is an IE toolbar, homepage and search hijacker. It can also be the cause of pronographic pop ups
Please download and run FxIstbar.exe from Here

===============================================

uninstall list

Please make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
===============================================

FileFind

Download FileFind.zip and unzip it to your Desktop.
  • Double click FileFind.exe to run it
  • Directory should read C:\
  • In File: Type imapi.exe (Wildcards supported)
  • Click the Search button and allow it to run. Not much will appear to be happening, so be patient
  • When the search is complete, click Export
  • A Notepad file will open, with the details of files found
  • Please post the details in your next reply.

===============================================

ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================

Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
===============================================

Needed in your next reply:

uninstall list
FileFind results
Kaspersky WebScanner results
New HijackThis log


*Note* you may have to post the results in more then one reply. Also let me know how things are running :)
  • 0

#13
Hamze
Posted 07 June 2008 - 11:27 AM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
A hijackthislog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:05 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MOE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

--
End of file - 7634 bytes
  • 0

#14
Hamze
Posted 07 June 2008 - 12:18 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's the uninstall list:
Ad-Aware
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Aspose.Slides
Bookup 2000 Express build 30
Dasher
finlcnt10s.exe
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
iTunes
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Bootvis
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
mIRC
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
Norton Security Scan
QuickTime
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Task Manager 1.7f
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Shredder Classic 1.3
Shredder Classic 2
Spybot - Search & Destroy
Uniblue SpeedUpMyPC 3
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VeohTV BETA
Windows Imaging Component
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Vista Upgrade Advisor
WinRAR archiver
WinZip 11.1
Yahoo! ¤u¨ã¦C
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
  • 0

#15
BHowett
Posted 07 June 2008 - 01:06 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
I also need the FileFind results, and Kaspersky WebScanner results :)

How are things running?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP