Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan? virus alert on bottem right [CLOSED]


  • This topic is locked This topic is locked

#1
Sam_fsa

Sam_fsa

    New Member

  • Member
  • Pip
  • 2 posts
Hi
Well i tried numerous things but the virus alert notification thing will not disappear.. nor will my right side of start menu reappear :). I know I had trojans before but I was able to remove them.

thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06: VIRUS ALERT!, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cox\Applications\app\SysSvcNt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - C:\WINDOWS\system32\byXQIAqr.dll (file missing)
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3E9D3179-5E73-4220-AAF7-EF9120EF48AF} - C:\WINDOWS\system32\vtUmKBSi.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {6D0386B3-FD72-488E-9740-90355AE21735} - C:\WINDOWS\system32\digonyx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {6932D140-ABC4-4073-A44C-D4A541665E35} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: nqgpedlr - {1F98C59B-DB4B-454B-98C8-95D0668B11A6} - C:\WINDOWS\nqgpedlr.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [5cf879f7] rundll32.exe "C:\WINDOWS\system32\jihxrose.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescamp...GamesCampus.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authenti.../bin/wizard.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - http://www.e-games.c...GamesPlugin.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://app.ipop.co.k...web/gogsweb.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {B869F34A-A5AD-47B8-AC46-FF5A614F3D44} (MPIClient Control) - https://mpi.tgcorp.c...l/MPIClient.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F2B10602-013E-43E0-96EC-1D6448F80E48} (DrscanActiveX Control) - http://www.dr-scan.n...gram/drscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: byXQIAqr - byXQIAqr.dll (file missing)
O21 - SSODL: okmdepgb - {03CEA1E2-C9E7-492B-9B8B-0EF4887333B5} - C:\WINDOWS\okmdepgb.dll (file missing)
O21 - SSODL: axrfgvek - {FFB9BC6D-304A-438C-9E8A-5DAF20294EEC} - C:\WINDOWS\axrfgvek.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESP Security System Service (AuthSysSvc) - Authentium, Inc. - C:\Program Files\Cox\Applications\app\SysSvcNt.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10859 bytes

oh and the C: drive shortcut is missing from mycomputer... i was able to make another shortcut though

Edited by Sam_fsa, 02 July 2008 - 09:26 PM.

  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Download combofix from [url="http://subs.geekstogo.com/ComboFix.exe""]here[/url] or here. It is important that you save this file to your desktop.

Please go here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, please don't overlook this!

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log in your next reply.

A quick heads up, if you click on combofix's window when it's running, you may cause it to stall.

Then,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Edited by Mike, 04 July 2008 - 07:51 AM.

  • 0

#3
Sam_fsa

Sam_fsa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi, thanks for your reply :)

ComboFix 08-07-04.1 - Sam Cho 2008-07-04 13:49:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.433 [GMT -4:00]
Running from: C:\Documents and Settings\Sam Cho\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sam Cho\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sam Cho\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\esorxhij.ini
C:\WINDOWS\system32\iSBKmUtv.ini
C:\WINDOWS\system32\iSBKmUtv.ini2
C:\WINDOWS\system32\jihxrose.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.

2008-07-02 23:46 . 2008-07-02 23:58 <DIR> d-------- C:\Documents and Settings\Sam Cho\.gimp-2.4
2008-07-02 22:53 . 2008-07-02 22:54 <DIR> d-------- C:\Program Files\Panda Security
2008-07-02 22:47 . 2008-07-02 22:47 <DIR> d----c--- C:\_OTMoveIt
2008-07-02 22:32 . 2008-07-02 22:32 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-02 22:22 . 2008-07-02 22:40 1,734 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-02 22:21 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-02 22:21 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-02 22:21 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-02 22:21 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-02 22:21 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-02 22:21 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-02 22:21 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-02 22:21 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-02 22:21 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-02 20:17 . 2008-07-04 01:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-02 20:17 . 2008-07-02 20:17 <DIR> d-------- C:\Program Files\AVG
2008-07-02 20:17 . 2008-07-02 20:17 <DIR> d-------- C:\Documents and Settings\Sam Cho\Application Data\AVGTOOLBAR
2008-07-02 20:17 . 2008-07-03 06:39 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-02 20:17 . 2008-07-03 06:40 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-02 20:17 . 2008-07-03 06:39 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-02 16:30 . 2008-07-02 16:30 <DIR> d-------- C:\Program Files\DJ ToneXpress 4
2008-07-02 15:29 . 2008-07-02 15:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-26 15:01 . 2008-06-26 15:01 <DIR> d-------- C:\Program Files\BitPim
2008-06-26 09:45 . 2008-07-01 14:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-26 09:45 . 2008-06-26 09:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-24 20:23 . 2008-06-24 20:23 <DIR> d-------- C:\Program Files\Acon Digital Media
2008-06-24 20:14 . 2008-06-24 20:14 <DIR> d-------- C:\Documents and Settings\Sam Cho\Application Data\DJ ToneXpress
2008-06-23 15:45 . 2008-07-04 10:12 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-06-23 15:06 . 2008-07-02 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-23 10:45 . 2008-06-23 10:45 <DIR> d-------- C:\Program Files\WinCustomize
2008-06-23 10:45 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-06-23 10:45 . 2008-06-15 16:18 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-06-22 13:23 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-06-22 12:46 . 2008-06-22 12:51 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2008-06-20 03:00 . 2008-06-20 03:00 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-19 21:41 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-19 21:41 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-18 11:28 . 2008-06-18 11:28 <DIR> d----c--- C:\ijji
2008-06-17 21:59 . 2008-06-17 21:59 <DIR> d-------- C:\Documents and Settings\Sam Cho\Application Data\TVU Networks
2008-06-17 21:59 . 2008-06-17 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-06-17 21:58 . 2008-06-17 21:58 <DIR> d-------- C:\Program Files\TVUPlayer
2008-06-17 21:58 . 2008-06-17 21:58 <DIR> d-------- C:\Documents and Settings\Sam Cho\LocalLow
2008-06-16 08:54 . 2008-06-16 08:54 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-16 00:10 . 2008-06-16 00:10 <DIR> d-------- C:\Documents and Settings\Sam Cho\Application Data\ATI
2008-06-16 00:10 . 2008-06-16 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-16 00:05 . 2008-06-16 00:05 <DIR> d-------- C:\Program Files\ATI
2008-06-16 00:02 . 2008-06-16 00:04 <DIR> d-------- C:\Program Files\ATI Technologies
2008-06-16 00:01 . 2008-06-16 00:01 <DIR> d----c--- C:\ATI
2008-06-15 23:52 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-06-15 23:52 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-06-15 23:52 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-06-15 23:52 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-06-15 23:52 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-06-15 23:52 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-06-15 23:52 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-06-15 23:51 . 2008-06-15 23:51 <DIR> d-------- C:\WINDOWS\Logs
2008-06-15 16:48 . 2008-06-15 16:52 <DIR> d-------- C:\Program Files\ACW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-03 03:44 --------- d-----w C:\Program Files\GIMP-2.0
2008-07-03 02:54 --------- d-----w C:\Program Files\Trend Micro
2008-07-02 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-02 22:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-02 20:25 --------- d-----w C:\Program Files\Java
2008-07-02 19:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 19:38 --------- d-----w C:\Program Files\Warcraft III
2008-06-26 19:13 --------- d-----w C:\Documents and Settings\Sam Cho\Application Data\LimeWire
2008-06-22 17:16 --------- d-----w C:\Documents and Settings\Sam Cho\Application Data\Uniblue
2008-06-18 15:28 --------- d--h--w C:\Documents and Settings\Sam Cho\Application Data\ijjigame
2008-06-16 04:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 22:22 --------- d-----w C:\Program Files\Softnyx
2008-06-08 18:55 --------- d-----w C:\Program Files\LimeWire
2008-05-23 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-23 19:18 --------- d-----w C:\Documents and Settings\Sam Cho\Application Data\Lavasoft
2008-05-18 18:57 --------- d-----w C:\Program Files\VideoLAN
2008-05-14 20:47 --------- d-----w C:\Program Files\AIM6
2008-05-14 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-14 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-03 20:48 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-04-20 01:13 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-04-20 01:13 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-08-10 19:03 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2007-09-27 00:21 88 -csh--r C:\WINDOWS\system32\E737E3896A.sys
2007-09-01 01:43 88 --sha-r C:\WINDOWS\system32\F9E1786936.sys
2007-09-27 00:21 4,496 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-01 15:39 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 18:38 307200]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 06:40 1232152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"SENTINEL"= snti386.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk
backup=C:\WINDOWS\pss\SmartUI.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sam Cho^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Sam Cho\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-02-09 18:34 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 06:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 05:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DRScan]
--a------ 2007-02-06 20:32 40960 C:\Program Files\DRScan\DRScanMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESP]
--a------ 2007-05-09 13:40 62952 C:\Program Files\Cox\Applications\App\start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\1146272344\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2002-08-12 11:07 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 16:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2002-08-12 10:33 45108 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-09-09 05:16 196608 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-01 15:39 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-11-30 17:31 3461120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2006-02-21 20:05 344064 C:\WINDOWS\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1146272344\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1146272344\\ee\\aim6.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Starcraft\\starcraft.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"J:\\Samuel Cho -=do not touch=-\\Rakion\\Rakion\\Bin\\rakion.bin"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\Program Files\\WC3Banlist\\WC3Banlist.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Radeon Omega Drivers\\v3.8.330\\MultiRes\\multires.exe"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Sam Cho\\Desktop\\New Folder\\pickup.listchecker.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\ijji\\ENGLISH\\u_sf.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"27000:UDP"= 27000:UDP:27000-27020
"27001:UDP"= 27001:UDP:27001
"27002:UDP"= 27002:UDP:27002
"27003:UDP"= 27003:UDP:27003
"27006:UDP"= 27006:UDP:27006
"27005:UDP"= 27005:UDP:27005
"27004:UDP"= 27004:UDP:27004
"27007:UDP"= 27007:UDP:27007
"27009:UDP"= 27009:UDP:27009
"27008:UDP"= 27008:UDP:27008
"27010:UDP"= 27010:UDP:27010
"27011:UDP"= 27011:UDP:27011
"27012:UDP"= 27012:UDP:27012
"27013:UDP"= 27013:UDP:27013
"27014:UDP"= 27014:UDP:27014
"27015:UDP"= 27015:UDP:27015
"27016:TCP"= 27016:TCP:27016
"27017:UDP"= 27017:UDP:27017
"27018:UDP"= 27018:UDP:27018
"27019:UDP"= 27019:UDP:27019
"27020:UDP"= 27020:UDP:27020
"27021:TCP"= 27021:TCP:27020-27050

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 06:39]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-03 06:39]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 06:40]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 06:40]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 13:12]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 13:12]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 13:12]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys []
S3 DADriv1;DADriv1;C:\Documents and Settings\Sam Cho\Desktop\New Folder (2)\DA Engine\DAK32.sys []
S3 Dua1;Dua1;C:\DOCUME~1\SAMCHO~1\LOCALS~1\Temp\Rar$EX00.798\DualEngi.sys []
S3 Dual2;Dual2;C:\Documents and Settings\Sam Cho\Desktop\Sam + Abba\Dual2.sys []
S3 geebers12;geebers12;C:\Documents and Settings\Sam Cho\Desktop\UCE\blorbslayerengine\nvid888.sys []
S3 iCheat1;iCheat1;C:\Documents and Settings\Sam Cho\Desktop\UCE\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Sam Cho\Desktop\New Folder\Akash's v.46 HackPack\IlvMoney1083.sys []
S3 MzBot;MzBot;C:\MzBot.sys []
S3 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe []
S3 Nigga4;Nigga4;C:\DOCUME~1\SAMCHO~1\LOCALS~1\Temp\Rar$EX01.718\Nigga.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
S3 Revolution1;Revolution1;C:\Documents and Settings\Sam Cho\Desktop\UCE\SHAK3.sys []
S3 toBzM;toBzM;C:\toBzM.sys []
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 05:51]
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
S3 xp1;xp1;C:\Documents and Settings\Sam Cho\Desktop\dxwind\UCE\xp.sys []
S3 zenx1;zenx1;C:\DOCUME~1\SAMCHO~1\LOCALS~1\Temp\Rar$EX01.235\zenx.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - O:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4abb4218-e15e-11da-85dc-00038a000015}]
\Shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56647b6c-a419-11db-869b-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-07-02 21:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-27 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-07-01 18:41:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-04 19:41:52 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{28220052-D9A9-44B1-AB98-EDC594D238B6} - C:\WINDOWS\system32\byXQIAqr.dll
BHO-{3E9D3179-5E73-4220-AAF7-EF9120EF48AF} - C:\WINDOWS\system32\vtUmKBSi.dll
BHO-{6D0386B3-FD72-488E-9740-90355AE21735} - C:\WINDOWS\system32\digonyx.dll
Toolbar-{1F98C59B-DB4B-454B-98C8-95D0668B11A6} - C:\WINDOWS\nqgpedlr.dll
HKCU-Run-Aim6 - (no file)
HKLM-Run-5cf879f7 - C:\WINDOWS\system32\jihxrose.dll
ShellExecuteHooks-{28220052-D9A9-44B1-AB98-EDC594D238B6} - C:\WINDOWS\system32\byXQIAqr.dll
SSODL-okmdepgb-{03CEA1E2-C9E7-492B-9B8B-0EF4887333B5} - C:\WINDOWS\okmdepgb.dll
SSODL-axrfgvek-{FFB9BC6D-304A-438C-9E8A-5DAF20294EEC} - C:\WINDOWS\axrfgvek.dll
Notify-byXQIAqr - byXQIAqr.dll
MSConfigStartUp-00PCTFW - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
MSConfigStartUp-PCTAVApp - C:\Program Files\PC Tools AntiVirus\PCTAV.exe
MSConfigStartUp-SDTray - C:\Program Files\Spyware Doctor\SDTrayApp.exe
MSConfigStartUp-Steam - c:\program files\steam\steam.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 13:57:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-04 14:02:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-04 18:02:06

Pre-Run: 44,577,009,664 bytes free
Post-Run: 44,426,289,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

351 --- E O F --- 2008-06-20 07:00:55


THEN


Malwarebytes' Anti-Malware 1.19
Database version: 921
Windows 5.1.2600 Service Pack 2

2:12:32 PM 7/4/2008
mbam-log-7-4-2008 (14-12-32).txt

Scan type: Quick Scan
Objects scanned: 46309
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6d0386b3-fd72-488e-9740-90355ae21735} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d0386b3-fd72-488e-9740-90355ae21735} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.bfmt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Do you recognize this program? C:\Program Files\ACW

Please go to add or remove programs and uninstall:

Netcom3 Cleaner
Viewpoint


Delete these folders:

C:\Program Files\Viewpoint
C:\Program Files\Netcom3 Cleaner
C:\Documents and Settings\Sam Cho\Application Data\Netcom3 Cleaner
C:\Documents and Settings\Sam Cho\Application Data\Viewpoint

Then,
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Post back with the kaspersky log along with a new hijack this log.

Edited by Mike, 05 July 2008 - 03:23 AM.

  • 0

#5
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP