Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus Xp/system defender HELP PLEEEAAASE! [RESOLVED]

Started by Rico300LL , Jul 06 2008 05:28 PM

  • This topic is locked This topic is locked

#1
Rico300LL
Posted 06 July 2008 - 05:28 PM

Rico300LL

    New Member

  • Member
  • Pip
  • 9 posts
Hi somehow i got Antivirus XP and system defender on my Computer yesterday, I have started my computer in safe mode and deleted the program files/folders relating to it, but I still got it popping up and shortcuts plus the windows security center pop up warning and System defender and antivirus xp pop ups are always at the top of my browser, I have tried the steps advised here after i safe moded my CPU, i did'n find it till then.

I ran the antispy and and hijack this, the panda scan i just kept getting errors i tried lots of times! I have the log! i hav tried other methods from other websites none have worked, this is makin me crazy please help, i am not a expert at this either, i just want to get rid of it

im not sure if u shud post the log yet?

Please help

Thanks in advance
  • 0

Advertisements

#2
kahdah
Posted 06 July 2008 - 06:14 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Rico300LL

Welcome to G2Go. :)
Please refrain from using foul language on this site as it is family oriented and it is not needed.
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Rico300LL
Posted 08 July 2008 - 09:41 PM

Rico300LL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Thanks for ur reply, sorry for the delay in replay, i had problems getting the scan done, sorry for the language i was just so frustrated it wont happen again, so heres the logs the 1st one is the Main Text...........

Deckard's System Scanner v20071014.68
Run by jet on 2008-07-09 02:18:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-07-09 01:18:21 UTC - RP1049 - Deckard's System Scanner Restore Point
9: 2008-07-08 23:16:54 UTC - RP1048 - System Checkpoint
8: 2008-07-07 21:30:21 UTC - RP1047 - Deckard's System Scanner Restore Point
7: 2008-07-07 21:04:09 UTC - RP1046 - System Checkpoint
6: 2008-07-06 18:09:59 UTC - RP1045 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-07-05 16:43:33 UTC - RP1040 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-09 02:40:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\APPS\ABOARD\ABOARD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\APPS\ABOARD\AOSD.EXE
C:\Program Files\Common Files\AOL\1135369959\ee\aolsoftware.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\sprof\sprof.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\AOL\1135369959\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1135369959\ee\aolsoftware.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Settings\jet\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\wwtogopd.dll
O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\xxyvutQg.dll (file missing)
O2 - BHO: (no name) - {81CCF3EE-D69E-4741-9E7E-3D6BC490FBAB} - C:\WINDOWS\system32\xxyvsPfc.dll
O2 - BHO: {535879aa-a4e3-fac9-9524-bb3678013e3c} - {c3e31087-63bb-4259-9caf-3e4aaa978535} - C:\WINDOWS\system32\alydwl.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: (no name) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\moffice.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad8.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Four ooze mags pile] C:\Documents and Settings\All Users\Application Data\dog inter pile proxy\FLAP ONCE LOCKS.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Team For.exe
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAnonymous\stm.exe" dm=http://winanonymous.com ad=http://winanonymous.com sd=http://ilp.winanonymous.com
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [sprof] C:\Program Files\sprof\sprof.exe
O4 - HKLM\..\Run: [SMrhc5c8j0e90t] C:\Program Files\rhc5c8j0e90t\rhc5c8j0e90t.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CU1]
O4 - HKCU\..\Run: [CU2]
O4 - HKCU\..\Run: [uoko] C:\PROGRA~1\COMMON~1\uoko\uokom.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = ?
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} () -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{4466EDAF-59C4-4989-A2BB-B829A178C942}: NameServer = 85.255.115.115,85.255.112.152
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.115 85.255.112.152
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.115 85.255.112.152
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O20 - AppInit_DLLs: iSecurity.cpl
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: xxyvutQg - C:\WINDOWS\system32\xxyvutQg.dll (file missing)
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)
O21 - SSODL: PreBootCheck - {6250e1e6-99c3-429a-9067-36653f80438b} - C:\WINDOWS\Resources\DriveRam.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - C:\APPS\HIDSERVICE\HidService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSVC - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: - http://www.hiphop-di...ainer_bg.gifO24 - Desktop Component 1: - http://www.bodybuilding.com/bg.gif

--
End of file - 16864 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 SiSRaid - c:\windows\system32\drivers\sisraid.sys <Not Verified; Silicon Integrated Systems; SiS 180 Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\apps\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\apps\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 CyberLink Media Library Service - "c:\program files\cyberlink\shared files\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
R2 GenericHidService (Generic Service for HID Keyboard Input Collections) - c:\apps\hidservice\hidservice.exe
R2 SAVAdminService (Sophos Anti-Virus status reporter) - "c:\program files\sophos\sophos anti-virus\savadminservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 SAVService (Sophos Anti-Virus) - "c:\program files\sophos\sophos anti-virus\savservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 Sophos AutoUpdate Service - "c:\program files\sophos\autoupdate\alsvc.exe" <Not Verified; Sophos Plc; Sophos AutoUpdate>

S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-09 02:00:00 252 --ah----- C:\WINDOWS\Tasks\AD8B1F7E918C904E.job
2008-07-03 23:27:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-08 22:58:20 91136 --a------ C:\WINDOWS\system32\awyprchv.dll
2008-07-08 22:57:24 92160 --a------ C:\WINDOWS\system32\wwtogopd.dll
2008-07-08 14:25:04 78848 --a------ C:\WINDOWS\system32\nevxkhar.dll
2008-07-08 14:24:46 102912 --a------ C:\WINDOWS\system32\alydwl.dll
2008-07-08 14:24:41 102912 --a------ C:\WINDOWS\system32\erkpghfd.dll
2008-07-08 14:24:18 91136 --a------ C:\WINDOWS\system32\vouptogp.dll
2008-07-08 14:22:18 92160 --a------ C:\WINDOWS\system32\iasxbxxn.dll
2008-07-08 14:09:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-08 14:09:47 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-08 14:09:47 0 dr------- C:\Documents and Settings\Administrator\Desktop
2008-07-08 14:09:47 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-08 14:09:47 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-08 14:09:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-07-08 14:09:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-08 14:09:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-08 14:09:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-08 14:09:47 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-08 14:09:45 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-08 14:09:45 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-08 14:09:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-08 14:09:45 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-08 14:09:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-08 14:09:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-08 14:09:45 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-08 14:09:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-08 14:09:43 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-07 23:07:04 0 d-------- C:\Program Files\Trend Micro
2008-07-07 14:11:11 102912 --a------ C:\WINDOWS\system32\hhwtvf.dll
2008-07-07 14:11:09 102912 --a------ C:\WINDOWS\system32\vlvcsnor.dll
2008-07-07 13:57:23 78848 --a------ C:\WINDOWS\system32\pxcrolsc.dll
2008-07-07 13:55:50 92160 --a------ C:\WINDOWS\system32\fnkhjddt.dll
2008-07-06 20:51:55 78848 --a------ C:\WINDOWS\system32\oyqdkvwf.dll
2008-07-06 20:48:52 102912 --a------ C:\WINDOWS\system32\qobael.dll
2008-07-06 20:48:51 102912 --a------ C:\WINDOWS\system32\nksriech.dll
2008-07-06 20:45:51 92160 --a------ C:\WINDOWS\system32\lvjjxpww.dll
2008-07-06 19:10:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 19:10:05 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 19:10:05 0 d-------- C:\Documents and Settings\jet\Application Data\SUPERAntiSpyware.com
2008-07-06 19:09:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 16:48:57 0 d-------- C:\Program Files\Trojan Remover
2008-07-06 16:48:57 0 d-------- C:\Documents and Settings\jet\Application Data\Simply Super Software
2008-07-06 16:48:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-06 16:25:13 0 d-------- C:\Program Files\Panda Security
2008-07-06 03:30:53 0 d-------- C:\Program Files\Spyware Doctor
2008-07-06 03:30:53 0 d-------- C:\Documents and Settings\jet\Application Data\PC Tools
2008-07-06 02:32:39 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-06 02:32:33 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-06 02:32:32 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-06 02:32:32 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-07-06 00:56:17 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-07-06 00:55:51 17920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe <Not Verified; Sophos Plc; Sophos Anti-Virus>
2008-07-06 00:55:39 0 d-------- C:\Program Files\Sophos
2008-07-06 00:55:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-07-06 00:54:05 0 d-------- C:\savwsa
2008-07-05 22:32:33 94208 --a------ C:\WINDOWS\system32\pphc1c8j0e90t.exe
2008-07-05 21:28:29 0 d-------- C:\Program Files\Enigma Software Group
2008-07-05 21:05:39 0 d-------- C:\Program Files\AVG
2008-07-05 21:05:38 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-05 20:57:55 103424 --a------ C:\WINDOWS\system32\derurn.dll
2008-07-05 20:57:52 103424 --a------ C:\WINDOWS\system32\wraaiydf.dll
2008-07-05 20:52:32 92160 --a------ C:\WINDOWS\system32\wrillfys.dll
2008-07-05 20:42:58 0 d-------- C:\iSecurity
2008-07-05 19:47:02 0 d-------- C:\Documents and Settings\jet\Application Data\rhc5c8j0e90t
2008-07-05 19:42:54 0 d-------- C:\Program Files\IE Extensions
2008-07-05 19:42:51 0 d-------- C:\Program Files\sprof
2008-07-05 19:42:44 0 d-------- C:\WINDOWS\system32\931928
2008-07-05 19:42:44 0 d-------- C:\Program Files\iSecurity
2008-07-05 14:15:03 0 d-------- C:\Documents and Settings\jet\Application Data\WinAnonymous
2008-07-05 14:10:45 0 d-------- C:\Documents and Settings\All Users\Application Data\WinAnonymous
2008-07-05 14:10:44 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-07-05 14:10:31 0 d-------- C:\Program Files\Common Files\WinAnonymous
2008-07-04 22:19:34 0 d-------- C:\Program Files\YouTube Downloader
2008-07-04 21:44:16 0 d-------- C:\Program Files\E-Zsoft
2008-07-04 21:18:33 103424 --a------ C:\WINDOWS\system32\eegyml.dll
2008-07-04 21:18:30 103424 --a------ C:\WINDOWS\system32\trqutghe.dll
2008-07-04 20:58:27 92160 --a------ C:\WINDOWS\system32\nxbclevi.dll
2008-07-04 19:40:21 102912 --a------ C:\WINDOWS\system32\tivxlm.dll
2008-07-04 19:40:20 102912 --a------ C:\WINDOWS\system32\lnveyctv.dll
2008-07-03 15:13:44 102912 --a------ C:\WINDOWS\system32\esnksp.dll
2008-07-03 15:13:42 102912 --a------ C:\WINDOWS\system32\kjpikcqs.dll
2008-07-03 15:11:17 81920 --a------ C:\WINDOWS\system32\eejrnkbn.dll
2008-07-03 14:50:30 92160 --a------ C:\WINDOWS\system32\iojuawmy.dll
2008-07-03 14:01:13 0 d-------- C:\Documents and Settings\jet\Application Data\DivX
2008-07-03 13:57:40 0 d-------- C:\Program Files\DivX
2008-07-03 13:14:33 92160 --a------ C:\WINDOWS\system32\cxqryltx.dll
2008-07-02 13:16:59 102912 --a------ C:\WINDOWS\system32\mncruj.dll
2008-07-02 13:16:58 102912 --a------ C:\WINDOWS\system32\ihkcvsri.dll
2008-07-02 13:14:21 92160 --a------ C:\WINDOWS\system32\ssqdsipd.dll
2008-07-02 13:13:59 90112 --a------ C:\WINDOWS\system32\bkxhdbmw.dll
2008-07-01 13:16:00 103424 --a------ C:\WINDOWS\system32\rszppl.dll
2008-07-01 13:15:59 103424 --a------ C:\WINDOWS\system32\tjyptlov.dll
2008-07-01 13:12:12 92160 --a------ C:\WINDOWS\system32\erghfvui.dll
2008-07-01 13:11:44 90624 --a------ C:\WINDOWS\system32\wcesvqdx.dll
2008-07-01 04:17:15 92160 --a------ C:\WINDOWS\system32\onncclpx.dll
2008-07-01 04:14:25 91136 --a------ C:\WINDOWS\system32\aulppgtt.dll
2008-06-30 04:25:02 103424 --a------ C:\WINDOWS\system32\vqbcfs.dll
2008-06-30 04:25:01 103424 --a------ C:\WINDOWS\system32\njenlvao.dll
2008-06-30 04:15:59 92160 --a------ C:\WINDOWS\system32\brgrufwk.dll
2008-06-30 04:13:01 90624 --a------ C:\WINDOWS\system32\hixqrpvb.dll
2008-06-29 02:53:03 103424 --a------ C:\WINDOWS\system32\sbwgho.dll
2008-06-29 02:53:02 103424 --a------ C:\WINDOWS\system32\jbqpcrqu.dll
2008-06-29 02:28:12 92160 --a------ C:\WINDOWS\system32\rqpkloei.dll
2008-06-29 02:25:31 90624 --a------ C:\WINDOWS\system32\aspxwsto.dll
2008-06-29 01:34:17 103424 --a------ C:\WINDOWS\system32\aorsxg.dll
2008-06-29 01:34:16 103424 --a------ C:\WINDOWS\system32\uoakabhe.dll
2008-06-29 01:28:21 90624 --a------ C:\WINDOWS\system32\ehkagqgc.dll
2008-06-29 01:25:19 92160 --a------ C:\WINDOWS\system32\dxrapyia.dll
2008-06-28 01:31:32 102912 --a------ C:\WINDOWS\system32\mlruun.dll
2008-06-28 01:31:32 102912 --a------ C:\WINDOWS\system32\crvapepc.dll
2008-06-28 01:25:32 90112 --a------ C:\WINDOWS\system32\acblmpmu.dll
2008-06-28 01:22:33 92160 --a------ C:\WINDOWS\system32\qnyuslve.dll
2008-06-28 00:28:43 102912 --a------ C:\WINDOWS\system32\poxmvf.dll
2008-06-28 00:28:42 102912 --a------ C:\WINDOWS\system32\ancelxuo.dll
2008-06-28 00:19:37 90112 --a------ C:\WINDOWS\system32\awetkhif.dll
2008-06-28 00:16:44 92160 --a------ C:\WINDOWS\system32\snbyprhi.dll
2008-06-27 00:27:53 106496 --a------ C:\WINDOWS\system32\syxdgrry.dll
2008-06-27 00:18:55 91648 --a------ C:\WINDOWS\system32\eqgisvgx.dll
2008-06-27 00:15:48 92160 --a------ C:\WINDOWS\system32\ugrxuktg.dll
2008-06-26 21:15:55 106496 --a------ C:\WINDOWS\system32\lujcckje.dll
2008-06-26 21:09:57 91648 --a------ C:\WINDOWS\system32\ylnrhmwa.dll
2008-06-26 21:07:01 92160 --a------ C:\WINDOWS\system32\yydnmkcn.dll
2008-06-25 21:14:15 106496 --a------ C:\WINDOWS\system32\kqqgqqpd.dll
2008-06-25 21:08:17 91136 --a------ C:\WINDOWS\system32\yxjsdysj.dll
2008-06-25 21:05:19 92160 --a------ C:\WINDOWS\system32\oqykkocm.dll
2008-06-25 13:31:19 0 d-------- C:\Program Files\Apple Software Update
2008-06-24 22:29:56 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-24 21:35:13 0 d-------- C:\Documents and Settings\jet\Application Data\Mozilla
2008-06-24 21:08:34 99840 --a------ C:\WINDOWS\system32\rtfrjqss.dll
2008-06-24 21:05:26 92160 --a------ C:\WINDOWS\system32\uelyjmgt.dll
2008-06-24 21:02:58 91136 --a------ C:\WINDOWS\system32\wjjybyff.dll
2008-06-24 00:06:15 105984 --a------ C:\WINDOWS\system32\mqectqis.dll
2008-06-24 00:02:40 92160 --a------ C:\WINDOWS\system32\taiistaj.dll
2008-06-24 00:01:14 91136 --a------ C:\WINDOWS\system32\gpheuxmp.dll
2008-06-22 23:43:02 0 d-------- C:\Program Files\Video Player 2008
2008-06-22 23:04:52 99328 --a------ C:\WINDOWS\system32\stibncuy.dll
2008-06-22 23:02:29 80384 --a------ C:\WINDOWS\system32\fatwypid.dll
2008-06-22 23:01:17 90624 --a------ C:\WINDOWS\system32\laxkjojc.dll
2008-06-22 23:01:04 92160 --a------ C:\WINDOWS\system32\dakcsvwj.dll
2008-06-22 20:51:54 99328 --a------ C:\WINDOWS\system32\chqnvhyp.dll
2008-06-22 20:43:06 92160 --a------ C:\WINDOWS\system32\fpfnyqgd.dll
2008-06-22 20:42:44 90624 --a------ C:\WINDOWS\system32\mxuluhnd.dll
2008-06-22 19:48:42 0 d-------- C:\Documents and Settings\jet\Application Data\Google
2008-06-22 19:37:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-22 19:37:31 0 d-------- C:\Program Files\Google
2008-06-21 20:45:15 99328 --a------ C:\WINDOWS\system32\orxifmsg.dll
2008-06-21 20:42:23 90112 --a------ C:\WINDOWS\system32\jofkgkbx.dll
2008-06-21 20:41:49 92160 --a------ C:\WINDOWS\system32\ppvbmrnp.dll
2008-06-21 04:25:24 99328 --a------ C:\WINDOWS\system32\mkfedbbb.dll
2008-06-21 04:16:19 92160 --a------ C:\WINDOWS\system32\tgllcsis.dll
2008-06-21 04:13:24 90624 --a------ C:\WINDOWS\system32\pqabckoh.dll
2008-06-20 20:18:17 0 d-------- C:\Program Files\itch4
2008-06-20 13:34:49 98816 --a------ C:\WINDOWS\system32\rmgbmgrs.dll
2008-06-20 13:28:42 92160 --a------ C:\WINDOWS\system32\lhpyiinl.dll
2008-06-20 13:25:48 90112 --a------ C:\WINDOWS\system32\xgjiqkrk.dll
2008-06-20 13:23:00 92160 --a------ C:\WINDOWS\system32\tkdmiqsa.dll
2008-06-20 12:15:09 0 d-------- C:\Program Files\WinAVI Video Converter
2008-06-20 11:51:53 98816 --a------ C:\WINDOWS\system32\pyutyssa.dll
2008-06-20 11:49:06 90112 --a------ C:\WINDOWS\system32\mgpbpuiy.dll
2008-06-20 11:48:49 92160 --a------ C:\WINDOWS\system32\qhywjmny.dll
2008-06-20 03:22:25 98816 --a------ C:\WINDOWS\system32\xekfqqbs.dll
2008-06-20 03:19:27 79360 --a------ C:\WINDOWS\system32\bvoepxwf.dll
2008-06-20 03:13:29 90112 --a------ C:\WINDOWS\system32\fsnlsmse.dll
2008-06-20 03:10:25 92160 --a------ C:\WINDOWS\system32\winbbdgu.dll
2008-06-19 15:07:13 455 --ahs---- C:\WINDOWS\system32\cfPsvyxx.ini2
2008-06-19 15:07:08 322560 --a------ C:\WINDOWS\system32\xxyvsPfc.dll
2008-06-18 22:33:16 0 d-------- C:\Documents and Settings\jet\Application Data\Yahoo!
2008-06-18 22:33:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-11 01:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Find3M Report ---------------------------------------------------------------

2008-07-09 02:40:26 0 d-------- C:\Documents and Settings\jet\Application Data\DNA
2008-07-08 02:03:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-06 19:09:00 0 d-------- C:\Program Files\Common Files
2008-07-06 16:55:42 0 d-------- C:\Documents and Settings\jet\Application Data\BitTorrent
2008-07-06 02:26:33 0 d-------- C:\Program Files\XoloX
2008-07-06 02:26:28 0 d-------- C:\Program Files\Badder Adder
2008-07-05 14:17:16 1551 --a------ C:\Documents and Settings\jet\Application Data\update.log
2008-07-03 19:47:58 0 d-------- C:\Program Files\Propellerhead
2008-07-01 23:21:59 0 d-------- C:\Documents and Settings\jet\Application Data\Adobe
2008-06-29 15:30:50 0 d-------- C:\Program Files\Windows Live
2008-06-22 19:35:51 0 d-------- C:\Program Files\Java
2008-06-21 17:13:31 0 d-------- C:\Documents and Settings\jet\Application Data\AdobeUM
2008-06-18 22:33:02 0 d-------- C:\Program Files\Yahoo!
2008-06-18 20:19:05 0 d-------- C:\Program Files\LimeWire
2008-06-18 20:18:13 0 d-------- C:\Program Files\BearShare Applications
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
08/07/2008 22:57 92160 --a------ C:\WINDOWS\system32\wwtogopd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A52E74-004C-464B-96CC-4DFE5366EA02}]
C:\WINDOWS\system32\xxyvutQg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81CCF3EE-D69E-4741-9E7E-3D6BC490FBAB}]
19/06/2008 15:07 322560 --a------ C:\WINDOWS\system32\xxyvsPfc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c3e31087-63bb-4259-9caf-3e4aaa978535}]
08/07/2008 14:24 102912 --a------ C:\WINDOWS\system32\alydwl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 14:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 14:00]
"SoundMan"="SOUNDMAN.EXE" [20/01/2005 20:04 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/08/2004 21:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [27/08/2004 22:22]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [28/01/2005 11:10]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [02/05/2003 11:31]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [07/12/2007 16:30]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\moffice.exe" [13/06/2005 23:30]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [31/05/2005 14:37]
"HostManager"="C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe" [17/11/2006 14:21]
"mousepad"="C:\windows\mousepad8.exe" []
"BearShare"="C:\Program Files\BearShare\BearShare.exe" []
"P2P Networking"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" [11/12/2005 00:25]
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" []
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [01/11/2005 01:00]
"Four ooze mags pile"="C:\Documents and Settings\All Users\Application Data\dog inter pile proxy\FLAP ONCE LOCKS.exe" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [28/03/2007 02:07]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [10/01/2008 17:41]
"CHIN PING PHONE PILE"="C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Team For.exe" [09/07/2008 01:09]
"SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" []
"Salestart"="C:\Program Files\Common Files\WinAnonymous\stm.exe" [10/04/2008 14:23]
"iSecurity applet"="iSecurity.cpl" [05/07/2008 19:42 C:\WINDOWS\system32\iSecurity.cpl]
"sprof"="C:\Program Files\sprof\sprof.exe" [05/07/2008 19:42]
"SMrhc5c8j0e90t"="C:\Program Files\rhc5c8j0e90t\rhc5c8j0e90t.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"CU1"=" " []
"CU2"=" " []
"uoko"="C:\PROGRA~1\COMMON~1\uoko\uokom.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 14:00]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [19/06/2008 20:49]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [10/01/2008 17:41]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/02/2007 11:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=

C:\Documents and Settings\jet\Start Menu\Programs\Startup\
.protected [05/07/2008 19:46:16]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
.protected [05/07/2008 19:46:16]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [25/05/2006 12:30:37]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0b\aoltray.exe [11/06/2005 03:01:57]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [31/05/2005 14:32:01]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [21/06/2007 10:18:00]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [04/05/2006 02:41:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57A52E74-004C-464B-96CC-4DFE5366EA02}"= C:\WINDOWS\system32\xxyvutQg.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PreBootCheck"= {6250e1e6-99c3-429a-9067-36653f80438b} - C:\WINDOWS\Resources\DriveRam.dll [05/07/2008 19:42 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kddez.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\App Paths]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SharedDlls]
C:\WINDOWS\system32\guard.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvutQg]
xxyvutQg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=iSecurity.cpl

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyvsPfc

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab524165-fb2a-11da-a5c5-00038a000015}]
AutoRun\command- I:\setupSNK.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-09 02:43:08 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.93GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 510.73 MiB / 106.35 MiB
Pagefile Memory (total/avail): 1244.09 MiB / 537.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.17 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 143.03 GiB total, 78.64 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 6.01 GiB
\PARTITION1 (bootable) - Installable File System - 143.03 GiB - C:

\\.\PHYSICALDRIVE2 - GENERIC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE4 - GENERIC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE3 - GENERIC USB Storage-SDC USB Device

\\.\PHYSICALDRIVE1 - GENERIC USB Storage-SMC USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AntivirusOverride is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Sophos Anti-Virus v () Outdated
AV: Norton Internet Security v2005 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0b\\waol.exe"="C:\\Program Files\\AOL 9.0b\\waol.exe:*:Enabled:AOL 9.0b"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares p2p for windows"
"C:\\Program Files\\BearFlix\\bearflix.exe"="C:\\Program Files\\BearFlix\\bearflix.exe:*:Disabled:BearFlix"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Disabled:AOL"
"C:\\Program Files\\AOL 9.0\\aol.exe"="C:\\Program Files\\AOL 9.0\\aol.exe:*:Disabled:AOL"
"C:\\Program Files\\AOL 9.0b\\waol.exe"="C:\\Program Files\\AOL 9.0b\\waol.exe:*:Disabled:AOL 9.0b"
"C:\\Program Files\\Common Files\\AOL\\1135369959\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1135369959\\ee\\aolsoftware.exe:*:Disabled:AOL Shared Components"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Disabled:PANDORA"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA"
"C:\\Program Files\\Warez\\Warez.exe"="C:\\Program Files\\Warez\\Warez.exe:*:Disabled:Warez3"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:
  • 0

#4
kahdah
Posted 09 July 2008 - 03:15 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
PLease uninstall Norton and SOphos antivirus because they are both outdated.
I will need you to do is to Download ONE of these anti-virus programs and install it.
These are free.
Avast
or
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.
or
Antivir

as long as you only install one.
==========================
Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt)
================================================
Then::
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.
  • 0

#5
Rico300LL
Posted 09 July 2008 - 07:20 AM

Rico300LL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Thanks for your reply, Ok this might seem like a stupid question! but in the add/remove programs Norton and sophos don't have a uninstall option and there is no uninstall in the program files folder either, and no option in the start menu/sidebar either, sophos folder itself is just a exe. file, could you advise me please!

i really appreciate your help
  • 0

#6
kahdah
Posted 09 July 2008 - 09:41 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please just delete the C:\Program Files\Norton and Symantec folders.
Then go here > http://service1.syma...n...&view=docid
and download and run that removal tool that shopuld take care of Norton.

Also delete the C:\Program Files\Sophos folder then proceed.
  • 0

#7
Rico300LL
Posted 09 July 2008 - 09:23 PM

Rico300LL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
yeah so i did all the steps advised and here are the logs. starting with the report.txt

Username "jet" - 10/07/2008 2:20:13 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kddez.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.115 85.255.112.152" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4466EDAF-59C4-4989-A2BB-B829A178C942}
"nameserver"="85.255.115.115,85.255.112.152" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F305A1A6-0AEB-422D-9930-343105C412FB}
"DhcpNameServer"="85.255.115.115,85.255.112.152" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kddez.ren 63475 04/08/2004


C:\Program Files\Key Generator < Found
Additional tools are recommended.

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"ACTIVBOARD"="c:\\apps\\ABoard\\ABoard.exe"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Labtec\\moffice.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1135369959\\ee\\AOLSoftware.exe"
"mousepad"="C:\\windows\\mousepad8.exe"
"BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"P2P Networking"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"BearFlix"="\"C:\\Program Files\\BearFlix\\BearFlix.exe\" /pause"
"H2O"="C:\\Program Files\\SyncroSoft\\Pos\\H2O\\cledx.exe"
"Four ooze mags pile"="C:\\Documents and Settings\\All Users\\Application Data\\dog inter pile proxy\\FLAP ONCE LOCKS.exe"
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"YSearchProtection"="\"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\""
"CHIN PING PHONE PILE"="C:\\Documents and Settings\\All Users\\Application Data\\Proxy Long Chin Ping\\Team For.exe"
"Salestart"="\"C:\\Program Files\\Common Files\\WinAnonymous\\stm.exe\" dm=http://winanonymous.com ad=http://winanonymous.com sd=http://ilp.winanonymous.com"
"iSecurity applet"="rundll32.exe iSecurity.cpl,SecurityMonitor"
"sprof"="C:\\Program Files\\sprof\\sprof.exe"
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"3894ce6e"="rundll32.exe \"C:\\WINDOWS\\system32\\omonylby.dll\",b"
"BM3ba7fdf2"="Rundll32.exe \"C:\\WINDOWS\\system32\\xyqawvba.dll\",s"
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"CU1"=" "
"CU2"=" "
"BitTorrent DNA"="\"C:\\Program Files\\DNA\\btdna.exe\""
"YSearchProtection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_1_0"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
~~~~~ End report ~~~~~
================================================================================
=================

ComboFix 08-07-09.2 - jet 2008-07-10 3:33:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.218 [GMT 1:00]
Running from: C:\Documents and Settings\jet\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\Documents and Settings\jet\Application Data\rhc5c8j0e90t
C:\iSecurity
C:\Program Files\Common Files\download
C:\Program Files\Common Files\inetget
C:\Program Files\Common Files\vcclient
C:\Program Files\Common Files\vcclient\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\vcclient\Version.txt
C:\Program Files\IE Extensions
C:\Program Files\iSecurity
C:\Program Files\iSecurity\Antivirus XP 2008\install.exe
C:\Program Files\iSecurity\antivirusxp.bmp
C:\Program Files\iSecurity\antivirusxp.ico
C:\Program Files\iSecurity\antivirusxpi.bmp
C:\Program Files\iSecurity\iSecurity.dat
C:\Program Files\iSecurity\iSecurity.html
C:\Program Files\iSecurity\systemdefender.bmp
C:\Program Files\iSecurity\systemdefender.ico
C:\Program Files\iSecurity\SystemDefender\install.exe
C:\Program Files\iSecurity\systemdefenderi.bmp
C:\Program Files\key generator
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\sk02.exe
C:\WINDOWS\.protected
C:\WINDOWS\BM3ba7fdf2.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\931928
C:\WINDOWS\system32\931928\931928.dll
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\aausveyu.ini
C:\WINDOWS\system32\acblmpmu.dll
C:\WINDOWS\system32\agcqhejd.ini
C:\WINDOWS\system32\alydwl.dll
C:\WINDOWS\system32\ancelxuo.dll
C:\WINDOWS\system32\aorsxg.dll
C:\WINDOWS\system32\aspxwsto.dll
C:\WINDOWS\system32\aulppgtt.dll
C:\WINDOWS\system32\awetkhif.dll
C:\WINDOWS\system32\awyprchv.dll
C:\WINDOWS\system32\axjgmoxa.ini
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\bkxhdbmw.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\bvoepxwf.dll
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\cfPsvyxx.ini
C:\WINDOWS\system32\cfPsvyxx.ini2
C:\WINDOWS\system32\chqnvhyp.dll
C:\WINDOWS\system32\cmtuoblg.ini
C:\WINDOWS\system32\coqorrph.ini
C:\WINDOWS\system32\crvapepc.dll
C:\WINDOWS\system32\cslorcxp.ini
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\derurn.dll
C:\WINDOWS\system32\dimuojas.ini
C:\WINDOWS\system32\dipycjdi.ini
C:\WINDOWS\system32\dipywtaf.ini
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\system32\eegyml.dll
C:\WINDOWS\system32\eejrnkbn.dll
C:\WINDOWS\system32\ehkagqgc.dll
C:\WINDOWS\system32\eqgisvgx.dll
C:\WINDOWS\system32\erkpghfd.dll
C:\WINDOWS\system32\esnksp.dll
C:\WINDOWS\system32\F.tmp
C:\WINDOWS\system32\fatwypid.dll
C:\WINDOWS\system32\fqkjkpcq.ini
C:\WINDOWS\system32\fsnlsmse.dll
C:\WINDOWS\system32\fwvkdqyo.ini
C:\WINDOWS\system32\fwxpeovb.ini
C:\WINDOWS\system32\gmudeejh.dll
C:\WINDOWS\system32\gpheuxmp.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\haraekkn.ini
C:\WINDOWS\system32\hhwtvf.dll
C:\WINDOWS\system32\hixqrpvb.dll
C:\WINDOWS\system32\hvjjknwe.ini
C:\WINDOWS\system32\ierbincy.ini
C:\WINDOWS\system32\ihkcvsri.dll
C:\WINDOWS\system32\jbqpcrqu.dll
C:\WINDOWS\system32\jofkgkbx.dll
C:\WINDOWS\system32\jwrvgdcl.ini
C:\WINDOWS\system32\kjpikcqs.dll
C:\WINDOWS\system32\kqqgqqpd.dll
C:\WINDOWS\system32\krmqdbbb.ini
C:\WINDOWS\system32\laxkjojc.dll
C:\WINDOWS\system32\lnveyctv.dll
C:\WINDOWS\system32\lsdqgfyo.ini
C:\WINDOWS\system32\lujcckje.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgpbpuiy.dll
C:\WINDOWS\system32\mkfedbbb.dll
C:\WINDOWS\system32\mlruun.dll
C:\WINDOWS\system32\mncruj.dll
C:\WINDOWS\system32\mqectqis.dll
C:\WINDOWS\system32\mrsldyti.ini
C:\WINDOWS\system32\mxuluhnd.dll
C:\WINDOWS\system32\nbknrjee.ini
C:\WINDOWS\system32\nevxkhar.dll
C:\WINDOWS\system32\njenlvao.dll
C:\WINDOWS\system32\nksriech.dll
C:\WINDOWS\system32\odtytgoj.ini
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\orxifmsg.dll
C:\WINDOWS\system32\oyqdkvwf.dll
C:\WINDOWS\system32\pfgoihwg.dll
C:\WINDOWS\system32\poxmvf.dll
C:\WINDOWS\system32\pqabckoh.dll
C:\WINDOWS\system32\psxrfcfk.ini
C:\WINDOWS\system32\pxcrolsc.dll
C:\WINDOWS\system32\pyutyssa.dll
C:\WINDOWS\system32\qobael.dll
C:\WINDOWS\system32\rabvahvh.ini
C:\WINDOWS\system32\rahkxven.ini
C:\WINDOWS\system32\rhfemcrb.ini
C:\WINDOWS\system32\rmgbmgrs.dll
C:\WINDOWS\system32\rszppl.dll
C:\WINDOWS\system32\rtfrjqss.dll
C:\WINDOWS\system32\sbwgho.dll
C:\WINDOWS\system32\stibncuy.dll
C:\WINDOWS\system32\syxdgrry.dll
C:\WINDOWS\system32\thkupcsa.ini
C:\WINDOWS\system32\tivxlm.dll
C:\WINDOWS\system32\tjyptlov.dll
C:\WINDOWS\system32\trqutghe.dll
C:\WINDOWS\system32\uoakabhe.dll
C:\WINDOWS\system32\ushnfwsj.ini
C:\WINDOWS\system32\vlvcsnor.dll
C:\WINDOWS\system32\vouptogp.dll
C:\WINDOWS\system32\vqbcfs.dll
C:\WINDOWS\system32\wcesvqdx.dll
C:\WINDOWS\system32\wjjybyff.dll
C:\WINDOWS\system32\wraaiydf.dll
C:\WINDOWS\system32\xekfqqbs.dll
C:\WINDOWS\system32\xgjiqkrk.dll
C:\WINDOWS\system32\xmbyaogd.ini
C:\WINDOWS\system32\yblynomo.ini
C:\WINDOWS\system32\ylnrhmwa.dll
C:\WINDOWS\system32\yxjsdysj.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-10 02:19 . 2008-07-10 02:26 <DIR> d-------- C:\fixwareout
2008-07-10 02:07 . 2008-07-10 02:14 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-10 02:05 . 2008-07-10 02:07 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-10 02:05 . 2008-07-10 02:05 <DIR> d-------- C:\Documents and Settings\jet\Application Data\AVGTOOLBAR
2008-07-10 02:05 . 2008-07-10 02:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-10 02:05 . 2008-07-10 02:05 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-10 02:05 . 2008-07-10 02:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-09 20:54 . 2008-07-09 22:55 <DIR> d-------- C:\Program Files\Unlocker
2008-07-09 20:54 . 2008-07-09 20:54 <DIR> d-------- C:\Documents and Settings\jet\Application Data\Desktopicon
2008-07-09 20:16 . 2008-07-10 02:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-09 20:16 . 2008-07-09 20:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-08 22:57 . 2008-07-08 22:57 92,160 --a------ C:\WINDOWS\system32\wwtogopd.dll
2008-07-08 14:22 . 2008-07-08 14:22 92,160 --a------ C:\WINDOWS\system32\iasxbxxn.dll
2008-07-08 14:09 . 2005-05-31 14:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-07-08 14:09 . 2005-05-31 14:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-08 14:09 . 2008-07-10 02:05 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 02:22 . 2008-07-08 02:42 161,308 --a------ C:\6150.tmp
2008-07-07 23:07 . 2008-07-07 23:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-07 21:35 . 2008-07-07 21:35 <DIR> d-------- C:\Deckard
2008-07-07 14:23 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-07 13:55 . 2008-07-07 13:55 92,160 --a------ C:\WINDOWS\system32\fnkhjddt.dll
2008-07-06 20:45 . 2008-07-06 20:45 92,160 --a------ C:\WINDOWS\system32\lvjjxpww.dll
2008-07-06 19:10 . 2008-07-06 19:10 <DIR> d-------- C:\Documents and Settings\jet\Application Data\SUPERAntiSpyware.com
2008-07-06 19:10 . 2008-07-06 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 19:09 . 2008-07-06 19:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 16:48 . 2008-07-07 00:50 <DIR> d-------- C:\Program Files\Trojan Remover
2008-07-06 16:48 . 2008-07-06 16:48 <DIR> d-------- C:\Documents and Settings\jet\Application Data\Simply Super Software
2008-07-06 16:48 . 2008-07-06 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-06 16:25 . 2008-07-06 16:25 <DIR> d-------- C:\Program Files\Panda Security
2008-07-06 03:30 . 2008-07-06 03:30 <DIR> d-------- C:\Documents and Settings\jet\Application Data\PC Tools
2008-07-06 00:56 . 2008-07-06 00:56 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-07-06 00:55 . 2008-07-06 01:00 <DIR> d-------- C:\Program Files\Sophos
2008-07-06 00:55 . 2008-07-06 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-07-06 00:55 . 2007-03-09 09:56 17,920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe
2008-07-06 00:54 . 2008-07-06 00:54 <DIR> d-------- C:\savwsa
2008-07-06 00:54 . 2007-09-10 11:09 101,120 --a------ C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
2008-07-06 00:54 . 2007-09-10 11:08 33,408 --a------ C:\WINDOWS\system32\drivers\savonaccessfilter.sys
2008-07-05 22:32 . 2008-07-05 23:19 94,208 --a------ C:\WINDOWS\system32\pphc1c8j0e90t.exe
2008-07-05 22:32 . 2008-07-05 23:18 94,208 --a------ C:\WINDOWS\system32\18.tmp
2008-07-05 22:32 . 2008-07-05 23:18 94,208 --a------ C:\WINDOWS\system32\17.tmp
2008-07-05 22:32 . 2008-07-05 23:18 94,208 --a------ C:\WINDOWS\system32\16.tmp
2008-07-05 22:32 . 2008-07-05 23:18 94,208 --a------ C:\WINDOWS\system32\15.tmp
2008-07-05 22:32 . 2008-07-05 23:18 94,208 --a------ C:\WINDOWS\system32\14.tmp
2008-07-05 22:32 . 2008-07-05 23:18 94,208 --a------ C:\WINDOWS\system32\13.tmp
2008-07-05 22:32 . 2008-07-05 23:18 94,208 --a------ C:\WINDOWS\system32\12.tmp
2008-07-05 22:32 . 2008-07-05 23:17 94,208 --a------ C:\WINDOWS\system32\11.tmp
2008-07-05 22:32 . 2008-07-05 23:16 94,208 --a------ C:\WINDOWS\system32\10.tmp
2008-07-05 21:28 . 2008-07-05 23:54 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-05 21:05 . 2008-07-05 21:05 <DIR> d-------- C:\Program Files\AVG
2008-07-05 21:05 . 2008-07-10 02:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-05 20:52 . 2008-07-05 20:52 92,160 --a------ C:\WINDOWS\system32\wrillfys.dll
2008-07-05 19:42 . 2008-07-05 19:42 <DIR> d-------- C:\Program Files\sprof
2008-07-05 14:15 . 2008-07-05 14:15 <DIR> d-------- C:\Documents and Settings\jet\Application Data\WinAnonymous
2008-07-05 14:10 . 2008-07-05 14:10 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
2008-07-05 14:10 . 2008-07-05 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinAnonymous
2008-07-05 14:10 . 2008-07-05 14:10 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-07-04 22:19 . 2008-07-04 22:19 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-07-04 21:44 . 2008-07-04 21:44 <DIR> d-------- C:\Program Files\E-Zsoft
2008-07-04 20:58 . 2008-07-04 20:58 92,160 --a------ C:\WINDOWS\system32\nxbclevi.dll
2008-07-04 19:54 . 2008-07-04 20:55 534 --ahs---- C:\WINDOWS\system32\jxhwghof.ini
2008-07-03 14:50 . 2008-07-03 14:50 92,160 --a------ C:\WINDOWS\system32\iojuawmy.dll
2008-07-03 14:01 . 2008-07-03 17:46 <DIR> d-------- C:\Documents and Settings\jet\Application Data\DivX
2008-07-03 13:59 . 2008-06-11 01:07 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-07-03 13:59 . 2008-06-11 01:07 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-07-03 13:59 . 2008-06-11 01:07 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-07-03 13:59 . 2008-06-11 01:07 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-03 13:59 . 2008-06-11 01:07 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-03 13:57 . 2008-07-03 13:59 <DIR> d-------- C:\Program Files\DivX
2008-07-03 13:14 . 2008-07-03 13:14 92,160 --a------ C:\WINDOWS\system32\cxqryltx.dll
2008-07-02 13:14 . 2008-07-02 13:14 92,160 --a------ C:\WINDOWS\system32\ssqdsipd.dll
2008-07-01 13:12 . 2008-07-01 13:12 92,160 --a------ C:\WINDOWS\system32\erghfvui.dll
2008-07-01 04:17 . 2008-07-01 04:17 92,160 --a------ C:\WINDOWS\system32\onncclpx.dll
2008-06-30 04:15 . 2008-06-30 04:16 92,160 --a------ C:\WINDOWS\system32\brgrufwk.dll
2008-06-29 02:28 . 2008-06-29 02:28 92,160 --a------ C:\WINDOWS\system32\rqpkloei.dll
2008-06-29 01:25 . 2008-06-29 01:25 92,160 --a------ C:\WINDOWS\system32\dxrapyia.dll
2008-06-28 01:22 . 2008-06-28 01:22 92,160 --a------ C:\WINDOWS\system32\qnyuslve.dll
2008-06-28 00:16 . 2008-06-28 00:16 92,160 --a------ C:\WINDOWS\system32\snbyprhi.dll
2008-06-27 00:15 . 2008-06-27 00:15 92,160 --a------ C:\WINDOWS\system32\ugrxuktg.dll
2008-06-26 21:07 . 2008-06-26 21:07 92,160 --a------ C:\WINDOWS\system32\yydnmkcn.dll
2008-06-25 21:05 . 2008-06-25 21:05 92,160 --a------ C:\WINDOWS\system32\oqykkocm.dll
2008-06-25 13:31 . 2008-06-25 13:31 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-24 22:29 . 2008-06-24 22:29 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-24 21:05 . 2008-06-24 21:05 92,160 --a------ C:\WINDOWS\system32\uelyjmgt.dll
2008-06-24 00:02 . 2008-06-24 00:02 92,160 --a------ C:\WINDOWS\system32\taiistaj.dll
2008-06-22 23:43 . 2008-07-05 14:57 <DIR> d-------- C:\Program Files\Video Player 2008
2008-06-22 23:01 . 2008-06-22 23:01 92,160 --a------ C:\WINDOWS\system32\dakcsvwj.dll
2008-06-22 20:43 . 2008-06-22 20:43 92,160 --a------ C:\WINDOWS\system32\fpfnyqgd.dll
2008-06-22 19:37 . 2008-06-22 22:52 <DIR> d-------- C:\Program Files\Google
2008-06-22 19:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-21 20:41 . 2008-06-21 20:41 92,160 --a------ C:\WINDOWS\system32\ppvbmrnp.dll
2008-06-21 04:16 . 2008-06-21 04:16 92,160 --a------ C:\WINDOWS\system32\tgllcsis.dll
2008-06-20 20:18 . 2008-06-20 20:18 <DIR> d-------- C:\Program Files\itch4
2008-06-20 13:28 . 2008-06-20 13:28 92,160 --a------ C:\WINDOWS\system32\lhpyiinl.dll
2008-06-20 13:23 . 2008-06-20 13:23 92,160 --a------ C:\WINDOWS\system32\tkdmiqsa.dll
2008-06-20 12:15 . 2008-06-20 12:15 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-06-20 11:48 . 2008-06-20 11:48 92,160 --a------ C:\WINDOWS\system32\qhywjmny.dll
2008-06-20 03:13 . 2008-07-10 01:40 110,475 --a------ C:\WINDOWS\BM3ba7fdf2.xml
2008-06-20 03:10 . 2008-06-20 03:10 92,160 --a------ C:\WINDOWS\system32\winbbdgu.dll
2008-06-18 22:33 . 2008-06-18 22:33 <DIR> d-------- C:\Documents and Settings\jet\Application Data\Yahoo!
2008-06-18 22:33 . 2008-06-18 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-18 18:52 . 2008-06-18 18:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 01:07 . 2008-06-11 01:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:07 . 2008-06-11 01:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-06-11 01:07 . 2008-06-11 01:07 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-06-11 01:04 . 2008-06-11 01:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-11 01:04 . 2008-06-11 01:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 02:41 --------- d-----w C:\Documents and Settings\jet\Application Data\DNA
2008-07-09 19:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-06 15:55 --------- d-----w C:\Documents and Settings\jet\Application Data\BitTorrent
2008-07-06 01:26 --------- d-----w C:\Program Files\XoloX
2008-07-06 01:26 --------- d-----w C:\Program Files\Badder Adder
2008-07-03 18:47 --------- d-----w C:\Program Files\Propellerhead
2008-06-29 14:30 --------- d-----w C:\Program Files\Windows Live
2008-06-29 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-22 18:35 --------- d-----w C:\Program Files\Java
2008-06-21 16:13 --------- d-----w C:\Documents and Settings\jet\Application Data\AdobeUM
2008-06-20 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2008-06-18 21:33 --------- d-----w C:\Program Files\Yahoo!
2008-06-18 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-18 19:19 --------- d-----w C:\Program Files\LimeWire
2008-06-18 19:18 --------- d-----w C:\Program Files\BearShare Applications
2008-06-11 00:07 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-04-15 22:59 220 ----a-w C:\Documents and Settings\jet\n.bat
2006-04-03 21:38 128 ----a-w C:\Documents and Settings\jet\yes.exe
2006-04-03 21:38 127,332 ----a-w C:\Documents and Settings\jet\rar.exe
2006-03-09 01:17 0 ----a-w C:\Documents and Settings\jet\a.exe
2006-02-02 20:53 251,904 ----a-w C:\Program Files\WarezP2P.exe
2005-09-01 11:34 1,312,392 ----a-w C:\Program Files\NPSWF32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-19 20:49 289088]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 17:41 223984]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 14:00 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 11:10 110740]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\moffice.exe" [2005-06-13 23:30 806912]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-31 14:37 180269]
"HostManager"="C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe" [2006-11-17 14:21 50736]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-11-01 01:00 307200]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 02:07 593920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 17:41 223984]
"CHIN PING PHONE PILE"="C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Team For.exe" [2008-07-10 03:49 3522048]
"sprof"="C:\Program Files\sprof\sprof.exe" [2008-07-05 19:42 6148]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 05:15 15872]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-10 02:04 1232152]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 20:04 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\jet\Start Menu\Programs\Startup\
.protected [2008-07-05 19:46:16 0]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
.protected [2008-07-05 19:46:16 0]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-25 12:30:37 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 10:18:00 245760]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2006-05-04 02:41:34 634880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PreBootCheck"= {6250e1e6-99c3-429a-9067-36653f80438b} - C:\WINDOWS\Resources\DriveRam.dll [2008-07-05 19:42 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\AOL 9.0\\aol.exe"=
"C:\\Program Files\\AOL 9.0b\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\1135369959\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Warez\\Warez.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 09:22]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-10 02:05]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-10 02:04]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-10 02:04]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-10 02:05]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 21:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 21:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 21:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 21:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 21:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 21:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 21:06]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab524165-fb2a-11da-a5c5-00038a000015}]
\Shell\AutoRun\command - I:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-10 03:00:01 C:\WINDOWS\Tasks\AD8B1F7E918C904E.job"
- c:\docume~1\jet\applic~1\itch4\Inter File Copy.exe
"2008-07-03 22:27:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{a75c009f-dd1e-49dd-a468-12d877cb6407} - C:\WINDOWS\system32\xrmadm.dll
BHO-{E4C684B1-72C4-4500-B231-D98999F30C64} - C:\WINDOWS\system32\xxyvsPfc.dll
HKLM-Run-BearShare - C:\Program Files\BearShare\BearShare.exe
HKLM-Run-P2P Networking - C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKLM-Run-BearFlix - C:\Program Files\BearFlix\BearFlix.exe
HKLM-Run-Four ooze mags pile - C:\Documents and Settings\All Users\Application Data\dog inter pile proxy\FLAP ONCE LOCKS.exe
HKLM-Run-3894ce6e - C:\WINDOWS\system32\omonylby.dll
HKLM-Run-BM3ba7fdf2 - C:\WINDOWS\system32\xyqawvba.dll
HKU-Default-RunOnce-RunNarrator - (no file)
Notify-xxyvutQg - xxyvutQg.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 03:44:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\APPS\ABOARD\AOSD.EXE
C:\Program Files\Labtec\mouse32a.dat
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1135369959\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\AOL\1135369959\ee\anotify.exe
.
**************************************************************************
.
Completion time: 2008-07-10 4:07:31 - machine was rebooted [jet]
ComboFix-quarantined-files.txt 2008-07-10 03:07:03

Pre-Run: 83,333,185,536 bytes free
Post-Run: 83,134,787,584 bytes free

449 --- E O F --- 2008-05-07 02:01:29
================================================================================
================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:20, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Labtec\moffice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Labtec\MOUSE32A.DAT
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\common files\aol\1135369959\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1135369959\ee\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\common files\aol\1135369959\ee\anotify.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\moffice.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Team For.exe
O4 - HKLM\..\Run: [sprof] C:\Program Files\sprof\sprof.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O21 - SSODL: PreBootCheck - {6250e1e6-99c3-429a-9067-36653f80438b} - C:\WINDOWS\Resources\DriveRam.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.hiphop-di...ontainer_bg.gif
O24 - Desktop Component 1: (no name) - http://www.bodybuilding.com/bg.gif

--
End of file - 11610 bytes


Ok will it seems to be gone, no more pop ups and the windows security center is gone, evrything is working fine.....do i need to do anything else?

Thanks for your Help, I'm in love wit u right now lol,
Thanks again
Peace and Unity to you Homie :)
  • 0

#8
kahdah
Posted 10 July 2008 - 10:45 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome and a bit more to go. :)

I recommend uninstalling Warez and Morpheus as both can lead to getting infected again because of the material that you can download with those programs.
But it is up to you.
================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\Temp\kddez.ren 
C:\WINDOWS\system32\wwtogopd.dll
C:\WINDOWS\system32\iasxbxxn.dll
C:\6150.tmp
C:\WINDOWS\system32\fnkhjddt.dll
C:\WINDOWS\system32\lvjjxpww.dll
C:\WINDOWS\system32\pphc1c8j0e90t.exe
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\16.tmp
C:\WINDOWS\system32\15.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\12.tmp
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\10.tmp
C:\WINDOWS\system32\wrillfys.dll
C:\WINDOWS\system32\nxbclevi.dll
C:\WINDOWS\system32\jxhwghof.ini
C:\WINDOWS\system32\iojuawmy.dll
C:\WINDOWS\system32\cxqryltx.dll
C:\WINDOWS\system32\ssqdsipd.dll
C:\WINDOWS\system32\erghfvui.dll
C:\WINDOWS\system32\onncclpx.dll
C:\WINDOWS\system32\brgrufwk.dll
C:\WINDOWS\system32\rqpkloei.dll
C:\WINDOWS\system32\dxrapyia.dll
C:\WINDOWS\system32\qnyuslve.dll
C:\WINDOWS\system32\snbyprhi.dll
C:\WINDOWS\system32\ugrxuktg.dll
C:\WINDOWS\system32\yydnmkcn.dll
C:\WINDOWS\system32\oqykkocm.dll
C:\WINDOWS\system32\dakcsvwj.dll
C:\WINDOWS\system32\fpfnyqgd.dll
C:\WINDOWS\system32\ppvbmrnp.dll
C:\WINDOWS\system32\tgllcsis.dll
C:\WINDOWS\system32\lhpyiinl.dll
C:\WINDOWS\system32\tkdmiqsa.dll
C:\WINDOWS\system32\qhywjmny.dll
C:\WINDOWS\BM3ba7fdf2.xml
C:\WINDOWS\system32\winbbdgu.dll
C:\Documents and Settings\jet\n.bat
C:\Documents and Settings\jet\yes.exe
C:\Documents and Settings\jet\rar.exe
C:\Documents and Settings\jet\a.exe
C:\Documents and Settings\jet\Start Menu\Programs\Startup\.protected 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
C:\WINDOWS\Resources\DriveRam.dll 
C:\WINDOWS\Tasks\AD8B1F7E918C904E.job
Folder::
C:\Program Files\Key Generator 
C:\Program Files\sprof
C:\Documents and Settings\jet\Application Data\WinAnonymous
C:\Program Files\Common Files\WinAnonymous
C:\Documents and Settings\All Users\Application Data\WinAnonymous
C:\Documents and Settings\All Users\Application Data\SalesMon
c:\docume~1\jet\applic~1\itch4
C:\Program Files\itch4
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PreBootCheck"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#9
Rico300LL
Posted 10 July 2008 - 01:58 PM

Rico300LL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok heres the logs

ComboFix 08-07-09.2 - jet 2008-07-10 20:34:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.212 [GMT 1:00]
Running from: C:\Documents and Settings\jet\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jet\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\6150.tmp
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\jet\a.exe
C:\Documents and Settings\jet\n.bat
C:\Documents and Settings\jet\rar.exe
C:\Documents and Settings\jet\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\jet\yes.exe
C:\WINDOWS\BM3ba7fdf2.xml
C:\WINDOWS\Resources\DriveRam.dll
C:\WINDOWS\system32\10.tmp
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\12.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\15.tmp
C:\WINDOWS\system32\16.tmp
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\brgrufwk.dll
C:\WINDOWS\system32\cxqryltx.dll
C:\WINDOWS\system32\dakcsvwj.dll
C:\WINDOWS\system32\dxrapyia.dll
C:\WINDOWS\system32\erghfvui.dll
C:\WINDOWS\system32\fnkhjddt.dll
C:\WINDOWS\system32\fpfnyqgd.dll
C:\WINDOWS\system32\iasxbxxn.dll
C:\WINDOWS\system32\iojuawmy.dll
C:\WINDOWS\system32\jxhwghof.ini
C:\WINDOWS\system32\lhpyiinl.dll
C:\WINDOWS\system32\lvjjxpww.dll
C:\WINDOWS\system32\nxbclevi.dll
C:\WINDOWS\system32\onncclpx.dll
C:\WINDOWS\system32\oqykkocm.dll
C:\WINDOWS\system32\pphc1c8j0e90t.exe
C:\WINDOWS\system32\ppvbmrnp.dll
C:\WINDOWS\system32\qhywjmny.dll
C:\WINDOWS\system32\qnyuslve.dll
C:\WINDOWS\system32\rqpkloei.dll
C:\WINDOWS\system32\snbyprhi.dll
C:\WINDOWS\system32\ssqdsipd.dll
C:\WINDOWS\system32\tgllcsis.dll
C:\WINDOWS\system32\tkdmiqsa.dll
C:\WINDOWS\system32\ugrxuktg.dll
C:\WINDOWS\system32\winbbdgu.dll
C:\WINDOWS\system32\wrillfys.dll
C:\WINDOWS\system32\wwtogopd.dll
C:\WINDOWS\system32\yydnmkcn.dll
C:\WINDOWS\Tasks\AD8B1F7E918C904E.job
C:\WINDOWS\Temp\kddez.ren
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\6150.tmp
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Documents and Settings\All Users\Application Data\WinAnonymous
C:\Documents and Settings\All Users\Application Data\WinAnonymous\Abbr
C:\Documents and Settings\All Users\Application Data\WinAnonymous\prod_code
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\jet\a.exe
C:\Documents and Settings\jet\Application Data\WinAnonymous
C:\Documents and Settings\jet\Application Data\WinAnonymous\Logs\update.log
C:\Documents and Settings\jet\n.bat
C:\Documents and Settings\jet\rar.exe
C:\Documents and Settings\jet\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\jet\yes.exe
C:\Documents and Settings\LocalService\Desktop\SystemDefender.lnk
C:\Program Files\Common Files\WinAnonymous
C:\Program Files\Common Files\WinAnonymous\stm.exe
C:\Program Files\itch4
C:\Program Files\sprof
C:\Program Files\sprof\sprof.exe
C:\WINDOWS\BM3ba7fdf2.xml
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\Resources\DriveRam.dll
C:\WINDOWS\system32\10.tmp
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\12.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\15.tmp
C:\WINDOWS\system32\16.tmp
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\brgrufwk.dll
C:\WINDOWS\system32\cxqryltx.dll
C:\WINDOWS\system32\dakcsvwj.dll
C:\WINDOWS\system32\dxrapyia.dll
C:\WINDOWS\system32\erghfvui.dll
C:\WINDOWS\system32\fnkhjddt.dll
C:\WINDOWS\system32\fpfnyqgd.dll
C:\WINDOWS\system32\iasxbxxn.dll
C:\WINDOWS\system32\iojuawmy.dll
C:\WINDOWS\system32\jxhwghof.ini
C:\WINDOWS\system32\lhpyiinl.dll
C:\WINDOWS\system32\lvjjxpww.dll
C:\WINDOWS\system32\mc-110-12-0000137.exe
C:\WINDOWS\system32\nxbclevi.dll
C:\WINDOWS\system32\onncclpx.dll
C:\WINDOWS\system32\oqykkocm.dll
C:\WINDOWS\system32\pphc1c8j0e90t.exe
C:\WINDOWS\system32\ppvbmrnp.dll
C:\WINDOWS\system32\qhywjmny.dll
C:\WINDOWS\system32\qnyuslve.dll
C:\WINDOWS\system32\rqpkloei.dll
C:\WINDOWS\system32\snbyprhi.dll
C:\WINDOWS\system32\ssqdsipd.dll
C:\WINDOWS\system32\tgllcsis.dll
C:\WINDOWS\system32\tkdmiqsa.dll
C:\WINDOWS\system32\ugrxuktg.dll
C:\WINDOWS\system32\winbbdgu.dll
C:\WINDOWS\system32\wrillfys.dll
C:\WINDOWS\system32\wwtogopd.dll
C:\WINDOWS\system32\yydnmkcn.dll
C:\WINDOWS\Tasks\AD8B1F7E918C904E.job

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-10 02:19 . 2008-07-10 02:26 <DIR> d-------- C:\fixwareout
2008-07-10 02:07 . 2008-07-10 18:48 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-10 02:05 . 2008-07-10 14:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-10 02:05 . 2008-07-10 02:05 <DIR> d-------- C:\Documents and Settings\jet\Application Data\AVGTOOLBAR
2008-07-10 02:05 . 2008-07-10 02:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-10 02:05 . 2008-07-10 02:05 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-10 02:05 . 2008-07-10 02:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-09 20:54 . 2008-07-09 22:55 <DIR> d-------- C:\Program Files\Unlocker
2008-07-09 20:54 . 2008-07-09 20:54 <DIR> d-------- C:\Documents and Settings\jet\Application Data\Desktopicon
2008-07-09 20:16 . 2008-07-10 12:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-09 20:16 . 2008-07-09 20:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-08 14:09 . 2005-05-31 14:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-07-08 14:09 . 2005-05-31 14:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-08 14:09 . 2008-07-10 02:05 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-07 23:07 . 2008-07-07 23:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-07 21:35 . 2008-07-07 21:35 <DIR> d-------- C:\Deckard
2008-07-07 14:23 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-06 19:10 . 2008-07-06 19:10 <DIR> d-------- C:\Documents and Settings\jet\Application Data\SUPERAntiSpyware.com
2008-07-06 19:10 . 2008-07-06 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 19:09 . 2008-07-06 19:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 16:48 . 2008-07-07 00:50 <DIR> d-------- C:\Program Files\Trojan Remover
2008-07-06 16:48 . 2008-07-06 16:48 <DIR> d-------- C:\Documents and Settings\jet\Application Data\Simply Super Software
2008-07-06 16:48 . 2008-07-06 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-06 16:25 . 2008-07-06 16:25 <DIR> d-------- C:\Program Files\Panda Security
2008-07-06 03:30 . 2008-07-06 03:30 <DIR> d-------- C:\Documents and Settings\jet\Application Data\PC Tools
2008-07-06 00:56 . 2008-07-06 00:56 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-07-06 00:55 . 2008-07-06 01:00 <DIR> d-------- C:\Program Files\Sophos
2008-07-06 00:55 . 2008-07-06 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-07-06 00:55 . 2007-03-09 09:56 17,920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe
2008-07-06 00:54 . 2008-07-06 00:54 <DIR> d-------- C:\savwsa
2008-07-06 00:54 . 2007-09-10 11:09 101,120 --a------ C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
2008-07-06 00:54 . 2007-09-10 11:08 33,408 --a------ C:\WINDOWS\system32\drivers\savonaccessfilter.sys
2008-07-05 21:28 . 2008-07-05 23:54 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-05 21:05 . 2008-07-05 21:05 <DIR> d-------- C:\Program Files\AVG
2008-07-05 21:05 . 2008-07-10 02:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-04 22:19 . 2008-07-04 22:19 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-07-04 21:44 . 2008-07-04 21:44 <DIR> d-------- C:\Program Files\E-Zsoft
2008-07-03 14:01 . 2008-07-03 17:46 <DIR> d-------- C:\Documents and Settings\jet\Application Data\DivX
2008-07-03 13:59 . 2008-06-11 01:07 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-07-03 13:59 . 2008-06-11 01:07 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-07-03 13:59 . 2008-06-11 01:07 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-07-03 13:59 . 2008-06-11 01:07 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-03 13:59 . 2008-06-11 01:07 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-03 13:57 . 2008-07-03 13:59 <DIR> d-------- C:\Program Files\DivX
2008-06-25 13:31 . 2008-06-25 13:31 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-24 22:29 . 2008-06-24 22:29 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-24 21:05 . 2008-06-24 21:05 92,160 --a------ C:\WINDOWS\system32\uelyjmgt.dll
2008-06-24 00:02 . 2008-06-24 00:02 92,160 --a------ C:\WINDOWS\system32\taiistaj.dll
2008-06-22 23:43 . 2008-07-05 14:57 <DIR> d-------- C:\Program Files\Video Player 2008
2008-06-22 19:37 . 2008-06-22 22:52 <DIR> d-------- C:\Program Files\Google
2008-06-22 19:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-20 18:41 . 2008-06-20 18:41 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:15 . 2008-06-20 12:15 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-06-20 11:44 . 2008-06-20 11:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-18 22:33 . 2008-06-18 22:33 <DIR> d-------- C:\Documents and Settings\jet\Application Data\Yahoo!
2008-06-18 22:33 . 2008-06-18 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-18 18:52 . 2008-06-18 18:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 01:07 . 2008-06-11 01:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:07 . 2008-06-11 01:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-06-11 01:07 . 2008-06-11 01:07 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-06-11 01:04 . 2008-06-11 01:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-11 01:04 . 2008-06-11 01:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 19:35 --------- d-----w C:\Documents and Settings\jet\Application Data\DNA
2008-07-10 19:32 --------- d-----w C:\Documents and Settings\jet\Application Data\BitTorrent
2008-07-09 19:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-06 01:26 --------- d-----w C:\Program Files\XoloX
2008-07-06 01:26 --------- d-----w C:\Program Files\Badder Adder
2008-07-03 18:47 --------- d-----w C:\Program Files\Propellerhead
2008-06-29 14:30 --------- d-----w C:\Program Files\Windows Live
2008-06-29 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-22 18:35 --------- d-----w C:\Program Files\Java
2008-06-21 16:13 --------- d-----w C:\Documents and Settings\jet\Application Data\AdobeUM
2008-06-20 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 21:33 --------- d-----w C:\Program Files\Yahoo!
2008-06-18 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-18 19:19 --------- d-----w C:\Program Files\LimeWire
2008-06-18 19:18 --------- d-----w C:\Program Files\BearShare Applications
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 00:07 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 21:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-02-02 20:53 251,904 ----a-w C:\Program Files\WarezP2P.exe
2005-09-01 11:34 1,312,392 ----a-w C:\Program Files\NPSWF32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-10_ 4.05.41.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-10 02:43:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 11:42:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2007-08-13 18:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-13 18:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-13 18:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-13 18:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-13 18:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2007-08-13 18:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-13 18:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-13 18:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-13 17:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-02-12 16:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dat
+ 2007-07-11 12:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2007-08-13 18:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-13 18:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2007-08-13 18:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-13 18:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-08-13 18:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-13 18:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-13 18:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2007-08-13 18:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2007-08-13 18:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-13 18:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-13 18:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-13 18:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-13 18:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-13 18:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2007-08-13 18:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-13 18:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-13 18:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-13 18:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2007-08-13 18:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-13 18:39:00 123,904 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll
- 2007-08-13 18:35:46 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-13 18:35:38 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 18:54:10 131,584 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-08-13 18:39:26 152,064 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-13 18:39:54 229,376 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-04-17 09:32:38 2,455,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-08-13 18:39:50 382,976 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-13 18:39:10 43,008 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-13 18:54:10 27,136 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-13 18:54:10 475,648 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-27 08:12:54 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2007-08-13 18:44:26 192,000 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2007-08-13 18:54:10 670,720 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2007-08-13 18:44:06 101,376 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-13 18:36:12 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-08-13 18:44:30 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-13 18:54:10 1,162,240 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 18:54:10 231,424 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-13 18:54:10 818,688 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2007-08-13 18:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-13 18:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-13 18:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-13 18:36:26 61,952 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-13 18:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-13 18:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-13 18:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-13 17:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-02-12 16:10:12 2,451,312 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 12:27:48 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-13 18:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 18:54:10 6,049,280 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-13 18:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-13 18:34:04 266,752 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-13 17:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-13 18:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 13:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2004-08-04 13:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 13:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2007-08-13 18:54:10 458,752 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-13 18:54:10 50,688 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 18:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 21:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-13 18:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 13:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-04 13:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 13:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 13:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 13:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 13:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 13:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2007-08-13 18:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 13:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 13:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 13:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 13:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2007-08-13 18:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 13:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 13:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 13:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2007-08-13 18:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-08-13 18:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-09-25 17:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-08-13 18:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-13 18:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-13 18:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-13 18:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-19 20:49 289088]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 17:41 223984]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 14:00 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 11:10 110740]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\moffice.exe" [2005-06-13 23:30 806912]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-31 14:37 180269]
"HostManager"="C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe" [2006-11-17 14:21 50736]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-11-01 01:00 307200]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 02:07 593920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 17:41 223984]
"CHIN PING PHONE PILE"="C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Team For.exe" [2008-07-10 20:04 3528192]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 05:15 15872]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-10 02:04 1232152]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 20:04 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-25 12:30:37 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 10:18:00 245760]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2006-05-04 02:41:34 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\AOL 9.0\\aol.exe"=
"C:\\Program Files\\AOL 9.0b\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\1135369959\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Warez\\Warez.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 09:22]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-10 02:05]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-10 02:04]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-10 02:04]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-10 02:05]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 21:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 21:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 21:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 21:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 21:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 21:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 21:06]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab524165-fb2a-11da-a5c5-00038a000015}]
\Shell\AutoRun\command - I:\setupSNK.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-03 22:27:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-sprof - C:\Program Files\sprof\sprof.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 20:39:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-10 20:46:28
ComboFix-quarantined-files.txt 2008-07-10 19:46:10
ComboFix2.txt 2008-07-10 03:07:37

Pre-Run: 82,294,308,864 bytes free
Post-Run: 82,275,098,624 bytes free

539 --- E O F --- 2008-07-10 03:27:13


--------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:11, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Labtec\moffice.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe
C:\Program Files\Labtec\MOUSE32A.DAT
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\common files\aol\1135369959\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1135369959\ee\aolsoftware.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\APPS\RecordNow\RecordNow.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\moffice.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Team For.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.hiphop-di...ontainer_bg.gif
O24 - Desktop Component 1: (no name) - http://www.bodybuilding.com/bg.gif

--
End of file - 11185 bytes
  • 0

#10
kahdah
Posted 10 July 2008 - 05:58 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\uelyjmgt.dll
C:\WINDOWS\system32\taiistaj.dll
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CHIN PING PHONE PILE
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
===================
Please post back with these logs::
OT Move it log
MalwareBytes Antimalware log
New Dss log
  • 0

Advertisements

#11
Rico300LL
Posted 10 July 2008 - 06:46 PM

Rico300LL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Aight heres the 3 logs starting in order requested!

File/Folder C:\WINDOWS\system32\uelyjmgt.dll not found.
File/Folder C:\WINDOWS\system32\taiistaj.dll not found.
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CHIN PING PHONE PILE >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CHIN PING PHONE PILE deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07112008_012724

================================================================================
=========

Malwarebytes' Anti-Malware 1.20
Database version: 938
Windows 5.1.2600 Service Pack 2

01:41:11 11/07/2008
mbam-log-7-11-2008 (01-41-11).txt

Scan type: Quick Scan
Objects scanned: 42251
Time elapsed: 8 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{a3b4ff8a-d3e7-4692-a9b6-971f62802310} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2b7763c3-642b-4934-902c-72a63a95127a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Secure Delete (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Desktop\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\jet\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

================================================================================
=================

Deckard's System Scanner v20071014.68
Run by jet on 2008-07-11 01:42:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as jet.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:42:56, on 11/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Labtec\moffice.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe
C:\Program Files\Labtec\MOUSE32A.DAT
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\common files\aol\1135369959\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1135369959\ee\aolsoftware.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\APPS\RecordNow\RecordNow.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\jet\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jet.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\moffice.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.hiphop-di...ontainer_bg.gif
O24 - Desktop Component 1: (no name) - http://www.bodybuilding.com/bg.gif

--
End of file - 11131 bytes

-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 01:30:26 0 d-------- C:\Documents and Settings\jet\Application Data\Malwarebytes
2008-07-11 01:30:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 01:30:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-10 03:27:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-10 03:27:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-10 03:27:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-10 03:27:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-10 03:27:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-10 03:27:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-10 03:27:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-10 03:27:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-10 02:07:21 0 d--h----- C:\$AVG8.VAULT$
2008-07-10 02:05:08 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-10 02:05:07 0 d-------- C:\Documents and Settings\jet\Application Data\AVGTOOLBAR
2008-07-09 20:54:12 0 d-------- C:\Documents and Settings\jet\Application Data\Desktopicon
2008-07-08 14:09:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-08 14:09:47 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-08 14:09:47 0 dr------- C:\Documents and Settings\Administrator\Desktop
2008-07-08 14:09:47 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-08 14:09:47 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-08 14:09:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-07-08 14:09:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-08 14:09:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-08 14:09:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-08 14:09:47 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-08 14:09:45 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-08 14:09:45 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-08 14:09:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-08 14:09:45 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-08 14:09:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-08 14:09:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-08 14:09:45 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-08 14:09:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-08 14:09:43 585728 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-07 23:07:04 0 d-------- C:\Program Files\Trend Micro
2008-07-06 19:10:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 19:10:05 0 d-------- C:\Documents and Settings\jet\Application Data\SUPERAntiSpyware.com
2008-07-06 19:09:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 16:48:57 0 d-------- C:\Program Files\Trojan Remover
2008-07-06 16:48:57 0 d-------- C:\Documents and Settings\jet\Application Data\Simply Super Software
2008-07-06 16:48:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-06 16:25:13 0 d-------- C:\Program Files\Panda Security
2008-07-06 03:30:53 0 d-------- C:\Documents and Settings\jet\Application Data\PC Tools
2008-07-06 02:32:39 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-06 02:32:33 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-06 02:32:32 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-06 02:32:32 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-07-06 00:56:17 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-07-06 00:55:51 17920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe <Not Verified; Sophos Plc; Sophos Anti-Virus>
2008-07-06 00:55:39 0 d-------- C:\Program Files\Sophos
2008-07-06 00:55:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-07-06 00:54:05 0 d-------- C:\savwsa
2008-07-05 21:28:29 0 d-------- C:\Program Files\Enigma Software Group
2008-07-05 21:05:39 0 d-------- C:\Program Files\AVG
2008-07-05 21:05:38 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-04 22:19:34 0 d-------- C:\Program Files\YouTube Downloader
2008-07-04 21:44:16 0 d-------- C:\Program Files\E-Zsoft
2008-07-03 14:01:13 0 d-------- C:\Documents and Settings\jet\Application Data\DivX
2008-07-03 13:57:40 0 d-------- C:\Program Files\DivX
2008-06-25 13:31:19 0 d-------- C:\Program Files\Apple Software Update
2008-06-24 22:29:56 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-24 21:35:13 0 d-------- C:\Documents and Settings\jet\Application Data\Mozilla
2008-06-22 23:43:02 0 d-------- C:\Program Files\Video Player 2008
2008-06-22 19:48:42 0 d-------- C:\Documents and Settings\jet\Application Data\Google
2008-06-22 19:37:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-22 19:37:31 0 d-------- C:\Program Files\Google
2008-06-20 12:15:09 0 d-------- C:\Program Files\WinAVI Video Converter
2008-06-18 22:33:16 0 d-------- C:\Documents and Settings\jet\Application Data\Yahoo!
2008-06-18 22:33:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-11 01:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Find3M Report ---------------------------------------------------------------

2008-07-11 01:43:42 0 d-------- C:\Documents and Settings\jet\Application Data\BitTorrent
2008-07-11 01:36:03 0 d-------- C:\Documents and Settings\jet\Application Data\DNA
2008-07-10 20:35:26 0 d-------- C:\Program Files\Common Files
2008-07-09 20:12:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-06 02:26:33 0 d-------- C:\Program Files\XoloX
2008-07-06 02:26:28 0 d-------- C:\Program Files\Badder Adder
2008-07-05 14:17:16 1551 --a------ C:\Documents and Settings\jet\Application Data\update.log
2008-07-03 19:47:58 0 d-------- C:\Program Files\Propellerhead
2008-07-01 23:21:59 0 d-------- C:\Documents and Settings\jet\Application Data\Adobe
2008-06-29 15:30:50 0 d-------- C:\Program Files\Windows Live
2008-06-22 19:35:51 0 d-------- C:\Program Files\Java
2008-06-21 17:13:31 0 d-------- C:\Documents and Settings\jet\Application Data\AdobeUM
2008-06-18 22:33:02 0 d-------- C:\Program Files\Yahoo!
2008-06-18 20:19:05 0 d-------- C:\Program Files\LimeWire
2008-06-18 20:18:13 0 d-------- C:\Program Files\BearShare Applications
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
10/07/2008 02:05 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 14:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 14:00]
"SoundMan"="SOUNDMAN.EXE" [20/01/2005 20:04 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/08/2004 21:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [28/01/2005 11:10]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [02/05/2003 11:31]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\moffice.exe" [13/06/2005 23:30]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [31/05/2005 14:37]
"HostManager"="C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe" [17/11/2006 14:21]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [01/11/2005 01:00]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [28/03/2007 02:07]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [10/01/2008 17:41]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [02/05/2008 05:15]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [10/07/2008 02:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [19/06/2008 20:49]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [10/01/2008 17:41]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 14:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [25/05/2006 12:30:37]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [21/06/2007 10:18:00]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [04/05/2006 02:41:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab524165-fb2a-11da-a5c5-00038a000015}]
AutoRun\command- I:\setupSNK.exe

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-07-11 01:44:26 ------------
  • 0

#12
kahdah
Posted 10 July 2008 - 07:05 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
=================
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#13
Rico300LL
Posted 11 July 2008 - 06:07 AM

Rico300LL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi i did the scan heres the info

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 11, 2008 00:27:25
Records in database: 937938
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 80205
Threat name: 6
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 02:00:52


File name / Threat name / Threats count
C:\Documents and Settings\jet\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-6a634a40 Infected: Trojan-Downloader.Java.OpenConnection.ao 1
C:\Documents and Settings\jet\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-6a634a40 Infected: Trojan.Java.ClassLoader.au 1
C:\Documents and Settings\jet\Desktop\Music Producing INFO\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao 1
C:\Program Files\MorpheusBar\bar\1.bin\M0PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as 1
C:\Program Files\MorpheusBar\bar\1.bin\M0POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an 1
C:\Program Files\MorpheusBar\bar\1.bin\NPMORPBR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as 1

The selected area was scanned.
  • 0

#14
kahdah
Posted 11 July 2008 - 08:32 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\MorpheusBar
C:\Documents and Settings\jet\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-6a634a40
C:\Documents and Settings\jet\Desktop\Music Producing INFO\BSINSTALL.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================
PLease post that log and a new Hijackthis log and we will wrap it up. :)
  • 0

#15
Rico300LL
Posted 11 July 2008 - 01:33 PM

Rico300LL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
aight man heres the logs

C:\Program Files\MorpheusBar\SrchAstt\1.bin moved successfully.
C:\Program Files\MorpheusBar\SrchAstt moved successfully.
C:\Program Files\MorpheusBar\PopSwatr\History moved successfully.
C:\Program Files\MorpheusBar\PopSwatr moved successfully.
C:\Program Files\MorpheusBar\bar\Settings moved successfully.
C:\Program Files\MorpheusBar\bar\History moved successfully.
C:\Program Files\MorpheusBar\bar\Cache moved successfully.
C:\Program Files\MorpheusBar\bar\1.bin moved successfully.
C:\Program Files\MorpheusBar\bar moved successfully.
C:\Program Files\MorpheusBar moved successfully.
C:\Documents and Settings\jet\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-6a634a40 moved successfully.
C:\Documents and Settings\jet\Desktop\Music Producing INFO\BSINSTALL.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07112008_202756

================================================================================
========

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:46, on 11/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Labtec\moffice.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Labtec\MOUSE32A.DAT
C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\common files\aol\1135369959\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1135369959\ee\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\moffice.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135369959\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.hiphop-di...ontainer_bg.gif
O24 - Desktop Component 1: (no name) - http://www.bodybuilding.com/bg.gif

--
End of file - 11163 bytes


Will yeah i can't say how much you Helped me! Thanks I really appreciate it
Peace and Unity 2 u
:)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP