[balmoral123]

hi, recently i've noticed that my process has been going very slow.
In the process there's always a : iexplore.exe that is usually taking up about 99 % of the CPU
And when i try to delete it, it automatically comes back.
I've scanned my whole computer with AVG scanner and it's still coming.

Please help me out on this.







-------------------------------------------------------------------------------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:28 PM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\PROGRA~1\AVG\AVG8\avgfws8.exe
G:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
G:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\ibmtools\aptezbtn\aptezbp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\ibmtools\aptezbtn\rakusb.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\MSN Messenger\msnmsgr.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\MSN Messenger\livecall.exe
H:\Vishal\Work\HijackThis_v2_by_www.ultimate-caffe.org\www.ultimate-caffe.org\HiJackThis_v2.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =

http://go.microsoft....k/?LinkId=54843
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
F3 - REG:win.ini: load= G:\TCWIN45\PIPELINE\remind.exe G:\TCWIN45\PIPELINE\\remind.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: FlashFetcher - {16E8A050-74CE-43D5-8DC0-BADD7347B2DD} - G:\Program

Files\GeoVid\FlashFetcher\FlashFetcher.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - G:\Program

Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -

C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - G:\Program

Files\Best_Security_Tips\tbBest.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] G:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [YOP] G:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Ping upload extra road] G:\Documents and Settings\All Users\Application Data\burn spam ping

upload\Bolt rdr.exe
O4 - HKLM\..\Run: [AVG8_TRAY] G:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Manager Hold] C:\DOCUME~1\user1\APPLIC~1\32MOVE~1\SignPlatform.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1482476501-1202660629-1060284298-1003\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1482476501-1202660629-1060284298-1003\..\Run: [Manager Hold]

C:\DOCUME~1\user1\APPLIC~1\32MOVE~1\SignPlatform.exe (User '?')
O4 - HKUS\S-1-5-21-1482476501-1202660629-1060284298-1003\..\Run: [SUPERAntiSpyware] G:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O9 - Extra button: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - G:\Program

Files\GeoVid\FlashFetcher\FlashFetcher.dll
O9 - Extra 'Tools' menuitem: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - G:\Program

Files\GeoVid\FlashFetcher\FlashFetcher.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - SHDOCVW.DLL (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program

Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program

Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com

(file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} -

http://messenger.ipfox.com (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program

Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) -

http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) -

http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BC5E698E-77CF-45EF-80A3-090A4B6AAF83} (HGPlugin8USA Class) -

http://gamedownload....GPlugin8USA.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -

http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) -

http://imagelab.best...ulcontrolxp.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - G:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

G:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - G:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 9602 bytes

[Advertisements]

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download NoLop.exe to your desktop from one of the following mirrors:
http://www.greyknigh...m/spy/NoLop.exe

Close any other programs you have running as this will require a reboot.
Double-click NoLop.exe to run it.
Now click the button labeled Search and Destroy.
When scanning is finished you will be prompted to reboot only if infected. Click OK.
Now click the Reboot button. A message should pop up from NoLop. If not, double-click the program again and it will finish.
Post the contents of C:\NoLop.log here.

If you receive an error mscomctl.ocx or one of its dependencies are not correctly registered, then download the mscomctl.ocx file from http://www.boletrice...ds/mscomctl.ocx to your system32 folder and then rerun the NoLop.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

Best_Security_Tips

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - G:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - G:\Program Files\Best_Security_Tips\tbBest.dll
O4 - HKLM\..\Run: [Ping upload extra road] G:\Documents and Settings\All Users\Application Data\burn spam ping upload\Bolt rdr.exe
O4 - HKCU\..\Run: [Manager Hold] C:\DOCUME~1\user1\APPLIC~1\32MOVE~1\SignPlatform.exe
O4 - HKUS\S-1-5-21-1482476501-1202660629-1060284298-1003\..\Run: [Manager Hold] C:\DOCUME~1\user1\APPLIC~1\32MOVE~1\SignPlatform.exe (User '?')
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

G:\Program Files\Best_Security_Tips\
G:\Documents and Settings\All Users\Application Data\burn spam ping upload\
C:\DOCUME~1\user1\APPLIC~1\32MOVE~1\

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

[greyknight17]

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download NoLop.exe to your desktop from one of the following mirrors:
http://www.greyknigh...m/spy/NoLop.exe

Close any other programs you have running as this will require a reboot.
Double-click NoLop.exe to run it.
Now click the button labeled Search and Destroy.
When scanning is finished you will be prompted to reboot only if infected. Click OK.
Now click the Reboot button. A message should pop up from NoLop. If not, double-click the program again and it will finish.
Post the contents of C:\NoLop.log here.

If you receive an error mscomctl.ocx or one of its dependencies are not correctly registered, then download the mscomctl.ocx file from http://www.boletrice...ds/mscomctl.ocx to your system32 folder and then rerun the NoLop.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

Best_Security_Tips

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - G:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - G:\Program Files\Best_Security_Tips\tbBest.dll
O4 - HKLM\..\Run: [Ping upload extra road] G:\Documents and Settings\All Users\Application Data\burn spam ping upload\Bolt rdr.exe
O4 - HKCU\..\Run: [Manager Hold] C:\DOCUME~1\user1\APPLIC~1\32MOVE~1\SignPlatform.exe
O4 - HKUS\S-1-5-21-1482476501-1202660629-1060284298-1003\..\Run: [Manager Hold] C:\DOCUME~1\user1\APPLIC~1\32MOVE~1\SignPlatform.exe (User '?')
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

G:\Program Files\Best_Security_Tips\
G:\Documents and Settings\All Users\Application Data\burn spam ping upload\
C:\DOCUME~1\user1\APPLIC~1\32MOVE~1\

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

[balmoral123]

sorry i took so long to respond
but here is my NoLop.log


NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\user1\Desktop
[7/17/2008]
[12:27:34 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Muvee Technologies
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Smartsound Software Inc
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Gtek
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Espionserverdata
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Sony
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\User1\Application Data\Microsoft
C:\Documents and Settings\User1\Application Data\.bittorrent
C:\Documents and Settings\User1\Application Data\Identities
C:\Documents and Settings\User1\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\User1\Application Data\Winamp
C:\Documents and Settings\User1\Application Data\Kazaa Lite
C:\Documents and Settings\User1\Application Data\Gtk-2.0
C:\Documents and Settings\User1\Application Data\Help
C:\Documents and Settings\User1\Application Data\Real
C:\Documents and Settings\User1\Application Data\Msn6
C:\Documents and Settings\User1\Application Data\Macromedia
C:\Documents and Settings\User1\Application Data\School Zone Preferences
C:\Documents and Settings\User1\Application Data\Sony
C:\Documents and Settings\User1\Application Data\Yahoo! Messenger
C:\Documents and Settings\User1\Application Data\Intertrust
C:\Documents and Settings\User1\Application Data\Adobe
C:\Documents and Settings\User1\Application Data\Apple Computer
C:\Documents and Settings\User1\Application Data\Publish Providers
C:\Documents and Settings\User1\Application Data\Netmedia Providers -- EMPTY Directory
C:\Documents and Settings\User1\Application Data\Tuneup Software
C:\Documents and Settings\User1\Application Data\{12ee7a5e-0674-42f9-a76b-000000004d00} -- EMPTY Directory
C:\Documents and Settings\User1\Application Data\Utnr -- EMPTY Directory
C:\Documents and Settings\User1\Application Data\Acccore
C:\Documents and Settings\User1\Application Data\Mozilla
C:\Documents and Settings\User1\Application Data\Nikon
C:\Documents and Settings\User1\Application Data\Muvee Technologies
C:\Documents and Settings\User1\Application Data\Gtek
C:\Documents and Settings\User1\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\User1\Application Data\Mixmeister Technology
C:\Documents and Settings\User1\Application Data\Creative
C:\Documents and Settings\User1\Application Data\Azureus
C:\Documents and Settings\User1\Application Data\Ijjigame
C:\Documents and Settings\User1\Application Data\Sun
C:\Documents and Settings\User1\Application Data\Trend Micro
C:\Documents and Settings\User1\Application Data\Google
C:\Documents and Settings\User1\Application Data\Leadertech
C:\Documents and Settings\User1\Application Data\Xara
C:\Documents and Settings\User1\Application Data\Divx
C:\Documents and Settings\User1\Application Data\Utorrent
C:\Documents and Settings\User1\Application Data\Talkback
C:\Documents and Settings\User1\Application Data\Arcsoft
C:\Documents and Settings\User1\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\User1\Application Data\Screenshot Sender
C:\Documents and Settings\User1\Application Data\Yahoo!
C:\Documents and Settings\User1\Application Data\Gtunnel -- EMPTY Directory
C:\Documents and Settings\User1\Application Data\Dev-cpp -- EMPTY Directory
C:\Documents and Settings\User1\Application Data\Installshield
C:\Documents and Settings\User1\Application Data\Brother
C:\Documents and Settings\User1\Application Data\Propellerhead Software
C:\Documents and Settings\User1\Application Data\Search Settings
C:\Documents and Settings\User1\Application Data\Filemaker
C:\Documents and Settings\User1\Application Data\Thinstall
C:\Documents and Settings\User1\Application Data\Systemrequirementslab
C:\Documents and Settings\User1\Application Data\Teamviewer
C:\Documents and Settings\User1\Application Data\Limewireturbo
C:\Documents and Settings\User1\Application Data\32 Move
C:\Documents and Settings\User1\Application Data\Uniblue
C:\Documents and Settings\User1\Application Data\Malwarebytes
C:\Documents and Settings\User1\Application Data\Superantispyware.com
C:\Documents and Settings\User1\Application Data\Pc Tools
C:\Documents and Settings\User1\Application Data\Ulead Systems
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Intermute
C:\Documents and Settings\Guest\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Identities
C:\Documents and Settings\Guest\Application Data\Real

[balmoral123]

hey i was in the middle of deleting the files right
so i got the first and second one right
and then the last one i couldnt locate through the files and i searched it in the search files thing.
but i'm thinking that it was already deleted. Because that hijackthis log was from yesterday so yah.

[balmoral123]

so right now im doin Malwarebytes' Anti malware

[balmoral123]

this is my MBAM log

Malwarebytes' Anti-Malware 1.20
Database version: 961
Windows 5.1.2600 Service Pack 2

1:52:26 PM 7/17/2008
mbam-log-7-17-2008 (13-52-26).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 143786
Time elapsed: 36 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[balmoral123]

This is my Combofix log:





ComboFix 08-07-15.4 - user1 2008-07-17 13:54:48.2 - FAT32x86

Running from: H:\Vishal\Work\fix\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-17 13:03 . 2008-07-17 13:03 <DIR> d-------- G:\Program Files\Malwarebytes' Anti-Malware
2008-07-17 13:03 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-07-17 13:03 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-07-17 12:27 . 2008-07-17 12:27 106 --a------ C:\delete.bat
2008-07-17 11:54 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-07-17 11:54 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-07-17 11:54 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-07-17 11:54 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-07-17 11:53 . 2008-07-17 11:57 <DIR> d-------- G:\Program Files\Spyware Doctor
2008-07-17 11:53 . 2008-07-17 11:53 <DIR> d-------- C:\Documents and Settings\user1\Application Data\PC Tools
2008-07-17 09:12 . 2008-07-17 09:12 <DIR> d-------- G:\Program Files\SpywareBlaster
2008-07-17 08:36 . 2008-07-17 08:36 <DIR> d-------- C:\NoLopBackups
2008-07-16 17:05 . 2008-07-16 17:05 <DIR> d-------- C:\WINDOWS\0E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2008-07-16 13:03 . 2008-07-16 13:03 <DIR> d-------- C:\VundoFix Backups
2008-07-16 12:10 . 2008-07-16 12:10 <DIR> d-------- G:\Program Files\Trend Micro
2008-07-16 11:09 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
2008-07-16 11:06 . 2008-07-16 11:06 <DIR> d-------- G:\Program Files\Panda Security
2008-07-16 09:47 . 2008-07-16 09:47 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-16 09:46 . 2008-07-17 11:53 <DIR> d-------- G:\Program Files\SUPERAntiSpyware
2008-07-16 09:46 . 2008-07-16 09:46 <DIR> d-------- C:\Documents and Settings\user1\Application Data\SUPERAntiSpyware.com
2008-07-16 09:25 . 2008-07-16 09:25 <DIR> d-------- C:\Documents and Settings\user1\Application Data\Malwarebytes
2008-07-16 09:24 . 2008-07-16 09:24 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-15 18:41 . 2008-07-16 13:26 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 18:20 . 2008-07-15 18:20 <DIR> d-------- G:\Program Files\Lavasoft
2008-07-15 18:20 . 2008-07-15 18:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-15 13:53 . 2008-07-15 13:53 <DIR> d-------- C:\Documents and Settings\user1\Application Data\Uniblue
2008-07-15 12:53 . 2008-07-15 20:37 <DIR> d-------- G:\Program Files\Circle Developement
2008-07-15 12:53 . 2008-07-15 12:53 <DIR> d-------- G:\Program Files\32 MOVE
2008-07-15 12:53 . 2008-07-15 12:53 <DIR> d-------- C:\Documents and Settings\user1\Application Data\32 MOVE
2008-07-15 12:49 . 2008-07-15 12:53 <DIR> d-------- G:\Program Files\MSN Messenger
2008-07-11 13:24 . 2008-07-11 13:24 <DIR> d-------- C:\Documents and Settings\user1\Application Data\LimeWireTurbo
2008-07-11 11:51 . 2008-07-17 12:26 <DIR> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 10:15 . 2008-07-11 10:15 <DIR> d-------- G:\Program Files\AVG
2008-07-10 21:26 . 2008-07-10 21:26 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
2008-07-10 21:26 . 2008-07-10 21:26 <DIR> d-------- C:\aidualc3
2008-07-08 11:42 . 2008-07-08 11:47 <DIR> d-------- G:\Program Files\Common Files\Nero
2008-07-08 11:33 . 2006-03-26 13:30 105 --a------ C:\WININF.DAT
2008-07-08 11:21 . 2008-07-08 11:41 <DIR> d-------- G:\Program Files\Dachshund Software
2008-07-08 11:21 . 2006-03-26 13:30 105 --ah----- C:\WINDOWS\wininf.dat
2008-07-07 13:24 . 2008-07-07 13:24 5,632 --ahs---- C:\Thumbs.db
2008-07-07 13:24 . 2008-07-07 13:27 167 --a------ C:\WINDOWS\CorelDrw.ini
2008-07-05 20:25 . 2008-07-05 20:25 <DIR> d-------- G:\Program Files\TI Education
2008-07-05 20:25 . 2008-07-05 20:25 <DIR> d-------- G:\Program Files\Common Files\TI Shared
2008-07-05 13:53 . 1999-05-29 04:08 45,568 --a------ C:\WINDOWS\UniFish3.exe
2008-07-05 13:53 . 2008-07-05 13:53 227 --a------ C:\WINDOWS\PowerReg.dat
2008-07-04 21:45 . 2008-07-04 21:46 <DIR> d-------- G:\Program Files\Cpukiller3
2008-06-23 13:08 . 2008-06-23 13:08 <DIR> d-------- C:\Documents and Settings\user1\temp
2008-06-23 13:08 . 2008-06-23 13:08 <DIR> d-------- C:\Documents and Settings\user1\Application Data\TeamViewer
2008-06-23 12:38 . 2008-06-23 12:38 <DIR> d-------- C:\Documents and Settings\user1\Tracing
2008-06-23 11:42 . 2008-06-23 11:44 <DIR> d--hsc--- G:\Program Files\Common Files\WindowsLiveInstaller
2008-06-23 11:42 . 2008-07-15 13:02 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-22 10:11 . 2008-06-22 10:11 <DIR> d-------- G:\Program Files\ENGLISH
2008-06-21 15:13 . 2008-06-21 15:15 <DIR> d-------- G:\Program Files\SystemRequirementsLab
2008-06-21 15:13 . 2008-06-21 15:13 <DIR> d-------- C:\Documents and Settings\user1\Application Data\SystemRequirementsLab
2008-06-20 16:14 . 2008-06-20 17:37 <DIR> d-------- G:\Program Files\Counter-Strike 1.6
2008-06-20 14:27 . 2008-06-20 14:27 <DIR> d--h----- C:\Documents and Settings\user1\Application Data\ijjigame
2008-06-20 14:24 . 2008-06-20 14:24 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\IJJIGame

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 13:44 --------- d-----w G:\Program Files\Common Files\Wise Installation Wizard
2008-07-15 16:53 --------- d-----w G:\Program Files\Messenger Plus! Live
2008-07-15 16:36 --------- d-----w G:\Program Files\Windows Live
2008-07-14 17:29 --------- d-----w G:\Program Files\Soulseek
2008-07-14 01:37 --------- d-----w G:\Program Files\Winamp
2008-07-11 17:44 --------- d-----w G:\Documents and Settings\All Users\Application Data\Creative
2008-06-09 01:47 --------- d-----w G:\Program Files\Avidemux 2.4
2008-06-09 01:21 --------- d-----w G:\Program Files\Free FLV Converter
2008-06-01 14:06 --------- d-----w C:\Documents and Settings\user1\Application Data\Thinstall
2008-05-31 19:20 --------- d-----w G:\Program Files\Google
2008-05-31 19:12 --------- d-----w G:\Program Files\AVSMedia
2008-05-31 19:10 --------- d-----w G:\Program Files\Common Files\AVSMedia
2008-05-25 22:51 --------- d-----w C:\Documents and Settings\user1\Application Data\gtk-2.0
2008-05-25 22:31 --------- d-----w G:\Program Files\Solveig Multimedia
2008-05-25 22:31 --------- d-----w G:\Program Files\Common Files\Solveig Multimedia
2008-05-15 15:30 208,896 ----a-w C:\WINDOWS\SYSTEM32\TubeFinder.exe
2006-05-23 22:19 1,940 ----a-w C:\Documents and Settings\user1\Application Data\ViewerApp.dat
2004-08-04 04:56 24,244 ---h--w C:\Documents and Settings\user1\Application Data\fix.dat
2004-05-11 19:59 560 ----a-w C:\Documents and Settings\user1\PCDOC.BAT
2002-11-04 18:54 3,392 ------w C:\WINDOWS\inf\OTHER\cmiainfo.sys
2000-02-18 21:35 353 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\layout.bin
1997-08-26 17:02 8,192 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\_ISDEL.EXE
1997-08-26 17:02 59,904 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\SETUP.EXE
1997-08-26 17:01 11,264 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\_SETUP.DLL
1997-05-30 16:31 4,557 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\lang.dat
1997-05-06 19:15 417 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\os.dat
2003-09-30 21:46 32 --sha-w C:\WINDOWS\SYSTEM\{E2CD2910-F36D-11D7-B847-000AE6CB12FC}.dat
2005-08-31 18:14 3,913,435 --sha-w C:\WINDOWS\SYSTEM32\xcrfsys.dat
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\SYSTEM32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\SYSTEM32\msfDX.dll
.

------- Sigcheck -------

2008-01-03 12:16 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
2008-01-03 12:16 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\SYSTEM32\dllcache\TCPIP.SYS
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SUPERAntiSpyware"="G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15 106496]
"AEZBProc"="c:\ibmtools\aptezbtn\aptezbp.exe" [2001-07-24 16:49 372736]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-10 16:24 151597]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"SearchSettings"="G:\Program Files\Search Settings\SearchSettings.exe" [2008-02-06 18:47 1036640]
"YOP"="G:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "G:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 11:39 282624 G:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.VDOM"= vdowave.drv
"vidc.LEAD"= LCODCCMPE.DLL
"VIDC.AP41"= APmpg4v1.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Encoder Agent.lnk]
backup=C:\WINDOWS\pss\Encoder Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Filseclab Messenger.lnk]
backup=C:\WINDOWS\pss\Filseclab Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user1^Start Menu^Programs^Startup^Trivial Pursuit_ Unhinged Registration.lnk]
backup=C:\WINDOWS\pss\Trivial Pursuit_ Unhinged Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisableEHCI]
--a------ 2002-08-26 15:49 28672 C:\WINDOWS\S4TSR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 05:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 07:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
--a------ 2006-06-01 15:26 1003520 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHS]
--a------ 2006-03-13 10:52 2939176 C:\Program Files\Rogers\SelfHealing\SHS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-10 16:24 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AdobeActiveFileMonitor4.0"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SiS KHooker"=C:\WINDOWS\System32\khooker.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Photo Downloader"="C:\Program Files\Adobe PhotoShop Elements 4\apdproxy.exe"
"EssSpkPhone"=essspk.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SiS KHooker"=C:\WINDOWS\SYSTEM32\KHOOKER.EXE
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LVComs"=C:\WINDOWS\SYSTEM32\LVComS.exe
"DXM6Patch_981116"=C:\WINDOWS\p_981116.exe /Q:A
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
"Advanced Tools Check"=C:\PROGRA~1\NORTON~2\ADVTOOLS\ADVCHK.EXE
"NPROTECT"=C:\PROGRA~1\NORTON~2\ADVTOOLS\NPROTECT.EXE
"LoadQM"=loadqm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\NyxLauncher.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=
"G:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"G:\\Program Files\\MSN Messenger\\livecall.exe"=

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 13:58:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-17 13:59:53
ComboFix-quarantined-files.txt 2008-07-17 17:59:48
ComboFix2.txt 2008-07-17 12:57:48

Pre-Run: 1,114,816,512 bytes free
Post-Run: 1,104,789,504 bytes free

233 --- E O F --- 2006-06-27 02:37:57

[balmoral123]

THANK YOU!!!!!!
i'm pretty sure the problems fixed now...
since it doesnt show iexplore.exe anymore
and nothings taking up the CPU

THanks again

[greyknight17]

Please try to keep all your logs and responses in one post instead of replying back multiple times. Get everything scanned and save each log. Once they are all completed, post them all at once

Any reason why you ran Combofix twice?

I suggest uninstalling Messenger Plus as that's what infected your computer. I also see another infection there caused by your file sharing programs. I recommend removing them....Limewire, etc.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\UniFish3.exe
Folder::
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\user1\Application Data\32 MOVE
G:\Program Files\Search Settings\
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

[balmoral123]

i did wat you said and this is the new Combofix log:



ComboFix 08-07-15.4 - user1 2008-07-17 18:42:50.3 - FAT32x86

Running from: H:\Vishal\Work\fix\ComboFix.exe
Command switches used :: H:\Vishal\Work\fix\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\UniFish3.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#01008771324C.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#01A8A6F9D2A6.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#03E86B3BCCF7.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#05200C0B9E7E.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#053806836E67.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#0568F6F7B5C3.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#0669C9B206E5.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#06E8736C710E.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#06E8E11BAE95.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#08F21EF8EDCD.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#0A90449F406F.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#0BC89CD507B6.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#0BF858280462.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#10A87468ED52.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#12581F2E85C5.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#12D01326B75F.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#1A7858B98BCE.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#206B39145F71.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#2AD02D181FDB.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#2B5804B9B5E8.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#2CF00325B964.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#33C417A89674.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#389BF811A896.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#3C2005C83A9D.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#3CA8A0B89571.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#3CF8155907CC.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#43284C287A59.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#45385B4006EB.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#4699FE47C279.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#4870F3EAF3F8.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#48EC4ECC88B6.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#499064A72A52.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#4DFB95DD68BC.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#4F1C0FF9A271.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#4FC7EAC60880.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#514C55CA04E3.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#54B0477ACE40.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#56242A84B2EB.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#59F001F709CE.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#5B6EB7DCBDFA.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#5E02444E58C7.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#5E8EF2B5484D.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#6041E2DDC9A2.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#64B5C05ED1AC.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#69886C058222.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#6A7F97659856.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#6F2CFC29B0F6.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#6FE022C621E3.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#715F9C729624.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#717DE9B95C72.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#77300C3C59A2.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#787405EF37B9.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#812C1B85B075.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#82600D2272EF.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#82701CD4F0E0.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#83A01D576A65.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#83A851310A29.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#86A812B92DA4.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#8B41F5F6331A.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#8BB81E434752.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#8DA7C06B76B0.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#8DE0BA562BA3.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#90386D905EF4.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#93E001AF268B.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#944C093F7060.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#97880B2BD7D8.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#9BB8750C9E51.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#A02A3B3F3F9E.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#A12AEF2B4A51.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#A14A66B485A5.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#A23803530CAE.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#A448015C0927.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#A81A0299C737.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#AB3804A90E77.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#AB3F0898C85C.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#AC1A3758CCA1.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#AF18BCEDE7EB.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#BBD0AC22F978.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#BEA049170202.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#C26C3149E42A.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#D73C5B9DDBFE.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#DB74D982BD5F.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#DBC8977FB8A4.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#E5B834261DEF.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#E8886905B811.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#E984828792DA.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#EA38555C1053.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#F11C1F2CA452.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#F2F08D39AB44.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#F63827CE2293.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#FA88755E15BB.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#FDE8352596D0.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#FE300F44AD41.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\BuiltIn33.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\BuiltIn35.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\BuiltIn36.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\BuiltIn37.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\BuiltIn42.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\BuiltIn44.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\BuiltIn50.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\BuiltIn53.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\BuiltIn64.dat
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\global.dat
C:\Documents and Settings\user1\Application Data\32 MOVE
C:\WINDOWS\UniFish3.exe
G:\Program Files\Search Settings\
G:\Program Files\Search Settings\\SearchSettings.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-17 12:27 . 2008-07-17 12:27 106 --a------ C:\delete.bat
2008-07-17 08:36 . 2008-07-17 08:36 <DIR> d-------- C:\NoLopBackups
2008-07-16 17:05 . 2008-07-16 17:05 <DIR> d-------- C:\WINDOWS\0E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2008-07-16 13:03 . 2008-07-16 13:03 <DIR> d-------- C:\VundoFix Backups
2008-07-16 12:10 . 2008-07-16 12:10 <DIR> d-------- G:\Program Files\Trend Micro
2008-07-16 11:09 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
2008-07-16 11:06 . 2008-07-16 11:06 <DIR> d-------- G:\Program Files\Panda Security
2008-07-16 09:47 . 2008-07-16 09:47 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-16 09:46 . 2008-07-17 14:03 <DIR> d-------- G:\Program Files\SUPERAntiSpyware
2008-07-16 09:25 . 2008-07-16 09:25 <DIR> d-------- C:\Documents and Settings\user1\Application Data\Malwarebytes
2008-07-16 09:24 . 2008-07-16 09:24 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-15 18:41 . 2008-07-16 13:26 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 18:20 . 2008-07-15 18:20 <DIR> d-------- G:\Program Files\Lavasoft
2008-07-15 18:20 . 2008-07-15 18:20 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-15 13:53 . 2008-07-15 13:53 <DIR> d-------- C:\Documents and Settings\user1\Application Data\Uniblue
2008-07-15 12:53 . 2008-07-15 20:37 <DIR> d-------- G:\Program Files\Circle Developement
2008-07-15 12:53 . 2008-07-15 12:53 <DIR> d-------- G:\Program Files\32 MOVE
2008-07-15 12:49 . 2008-07-15 12:53 <DIR> d-------- G:\Program Files\MSN Messenger
2008-07-11 13:24 . 2008-07-11 13:24 <DIR> d-------- C:\Documents and Settings\user1\Application Data\LimeWireTurbo
2008-07-11 11:51 . 2008-07-17 14:03 <DIR> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 10:15 . 2008-07-11 10:15 <DIR> d-------- G:\Program Files\AVG
2008-07-10 21:26 . 2008-07-10 21:26 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
2008-07-10 21:26 . 2008-07-10 21:26 <DIR> d-------- C:\aidualc3
2008-07-08 11:42 . 2008-07-08 11:47 <DIR> d-------- G:\Program Files\Common Files\Nero
2008-07-08 11:33 . 2006-03-26 13:30 105 --a------ C:\WININF.DAT
2008-07-08 11:21 . 2008-07-08 11:41 <DIR> d-------- G:\Program Files\Dachshund Software
2008-07-08 11:21 . 2006-03-26 13:30 105 --ah----- C:\WINDOWS\wininf.dat
2008-07-07 13:24 . 2008-07-07 13:24 5,632 --ahs---- C:\Thumbs.db
2008-07-07 13:24 . 2008-07-07 13:27 167 --a------ C:\WINDOWS\CorelDrw.ini
2008-07-05 20:25 . 2008-07-05 20:25 <DIR> d-------- G:\Program Files\TI Education
2008-07-05 20:25 . 2008-07-05 20:25 <DIR> d-------- G:\Program Files\Common Files\TI Shared
2008-07-05 13:53 . 2008-07-05 13:53 227 --a------ C:\WINDOWS\PowerReg.dat
2008-07-04 21:45 . 2008-07-04 21:46 <DIR> d-------- G:\Program Files\Cpukiller3
2008-06-23 13:08 . 2008-06-23 13:08 <DIR> d-------- C:\Documents and Settings\user1\temp
2008-06-23 13:08 . 2008-06-23 13:08 <DIR> d-------- C:\Documents and Settings\user1\Application Data\TeamViewer
2008-06-23 12:38 . 2008-06-23 12:38 <DIR> d-------- C:\Documents and Settings\user1\Tracing
2008-06-23 11:42 . 2008-06-23 11:44 <DIR> d--hsc--- G:\Program Files\Common Files\WindowsLiveInstaller
2008-06-23 11:42 . 2008-07-15 13:02 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-22 10:11 . 2008-06-22 10:11 <DIR> d-------- G:\Program Files\ENGLISH
2008-06-21 15:13 . 2008-06-21 15:15 <DIR> d-------- G:\Program Files\SystemRequirementsLab
2008-06-21 15:13 . 2008-06-21 15:13 <DIR> d-------- C:\Documents and Settings\user1\Application Data\SystemRequirementsLab
2008-06-20 16:14 . 2008-06-20 17:37 <DIR> d-------- G:\Program Files\Counter-Strike 1.6
2008-06-20 14:27 . 2008-06-20 14:27 <DIR> d--h----- C:\Documents and Settings\user1\Application Data\ijjigame
2008-06-20 14:24 . 2008-06-20 14:24 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\IJJIGame

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 18:03 --------- d-----w G:\Program Files\Common Files\Wise Installation Wizard
2008-07-15 16:53 --------- d-----w G:\Program Files\Messenger Plus! Live
2008-07-15 16:36 --------- d-----w G:\Program Files\Windows Live
2008-07-14 17:29 --------- d-----w G:\Program Files\Soulseek
2008-07-14 01:37 --------- d-----w G:\Program Files\Winamp
2008-07-11 17:44 --------- d-----w G:\Documents and Settings\All Users\Application Data\Creative
2008-06-09 01:47 --------- d-----w G:\Program Files\Avidemux 2.4
2008-06-09 01:21 --------- d-----w G:\Program Files\Free FLV Converter
2008-06-01 14:06 --------- d-----w C:\Documents and Settings\user1\Application Data\Thinstall
2008-05-31 19:20 --------- d-----w G:\Program Files\Google
2008-05-31 19:12 --------- d-----w G:\Program Files\AVSMedia
2008-05-31 19:10 --------- d-----w G:\Program Files\Common Files\AVSMedia
2008-05-25 22:51 --------- d-----w C:\Documents and Settings\user1\Application Data\gtk-2.0
2008-05-25 22:31 --------- d-----w G:\Program Files\Solveig Multimedia
2008-05-25 22:31 --------- d-----w G:\Program Files\Common Files\Solveig Multimedia
2008-05-15 15:30 208,896 ----a-w C:\WINDOWS\SYSTEM32\TubeFinder.exe
2006-05-23 22:19 1,940 ----a-w C:\Documents and Settings\user1\Application Data\ViewerApp.dat
2004-08-04 04:56 24,244 ---h--w C:\Documents and Settings\user1\Application Data\fix.dat
2004-05-11 19:59 560 ----a-w C:\Documents and Settings\user1\PCDOC.BAT
2000-02-18 21:35 353 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\layout.bin
1997-08-26 17:02 8,192 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\_ISDEL.EXE
1997-08-26 17:02 59,904 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\SETUP.EXE
1997-08-26 17:01 11,264 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\_SETUP.DLL
1997-05-30 16:31 4,557 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\lang.dat
1997-05-06 19:15 417 ----a-w C:\Documents and Settings\DesignWorkshop Lite Installer\os.dat
2003-09-30 21:46 32 --sha-w C:\WINDOWS\SYSTEM\{E2CD2910-F36D-11D7-B847-000AE6CB12FC}.dat
2005-08-31 18:14 3,913,435 --sha-w C:\WINDOWS\SYSTEM32\xcrfsys.dat
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\SYSTEM32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\SYSTEM32\msfDX.dll
.

------- Sigcheck -------

2008-01-03 12:16 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
2008-01-03 12:16 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\SYSTEM32\dllcache\TCPIP.SYS
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15 106496]
"AEZBProc"="c:\ibmtools\aptezbtn\aptezbp.exe" [2001-07-24 16:49 372736]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-10 16:24 151597]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"YOP"="G:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.VDOM"= vdowave.drv
"vidc.LEAD"= LCODCCMPE.DLL
"VIDC.AP41"= APmpg4v1.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Encoder Agent.lnk]
backup=C:\WINDOWS\pss\Encoder Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Filseclab Messenger.lnk]
backup=C:\WINDOWS\pss\Filseclab Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user1^Start Menu^Programs^Startup^Trivial Pursuit_ Unhinged Registration.lnk]
backup=C:\WINDOWS\pss\Trivial Pursuit_ Unhinged Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisableEHCI]
--a------ 2002-08-26 15:49 28672 C:\WINDOWS\S4TSR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 05:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 07:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
--a------ 2006-06-01 15:26 1003520 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHS]
--a------ 2006-03-13 10:52 2939176 C:\Program Files\Rogers\SelfHealing\SHS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-10 16:24 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AdobeActiveFileMonitor4.0"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SiS KHooker"=C:\WINDOWS\System32\khooker.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Photo Downloader"="C:\Program Files\Adobe PhotoShop Elements 4\apdproxy.exe"
"EssSpkPhone"=essspk.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SiS KHooker"=C:\WINDOWS\SYSTEM32\KHOOKER.EXE
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LVComs"=C:\WINDOWS\SYSTEM32\LVComS.exe
"DXM6Patch_981116"=C:\WINDOWS\p_981116.exe /Q:A
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
"Advanced Tools Check"=C:\PROGRA~1\NORTON~2\ADVTOOLS\ADVCHK.EXE
"NPROTECT"=C:\PROGRA~1\NORTON~2\ADVTOOLS\NPROTECT.EXE
"LoadQM"=loadqm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\NyxLauncher.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=
"G:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"G:\\Program Files\\MSN Messenger\\livecall.exe"=

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 18:47:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\SYSTEM32\SESSMGR.EXE
C:\IBMTOOLS\APTEZBTN\RAKUSB.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
.
**************************************************************************
.
Completion time: 2008-07-17 18:50:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-17 22:50:00
ComboFix3.txt 2008-07-17 12:57:48
ComboFix2.txt 2008-07-17 17:59:58

Pre-Run: 1,064,321,024 bytes free
Post-Run: 1,047,347,200 bytes free

344 --- E O F --- 2006-06-27 02:37:57

[greyknight17]

Do you know what Circle Developement is? If no, uninstall it via the Add/Remove Programs panel if found. Then delete the following:

G:\Program Files\Circle Developement
G:\Program Files\32 MOVE

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

[balmoral123]

I have no clue wat Circle Development is but i deleted it anyways
Also one more question.
I've noticed in my process i dont have iexplore.exe anymore
but i noticed a EXPLORER.EXE
is tht a infection or is it supposed to be there
it takes up about 01 % to 06% CPU sometimes and like 10,000 K memory usage.

[greyknight17]

iexplore.exe is Internet Explorer. So if you launch it, you will see it.

explorer.exe belongs to the Windows interface. Killing that process will render your Windows desktop useless (missing icons and start menu including closing all your open folders). Depending on what you have running, that's pretty normal. Mine is at 35,000K right now

[greyknight17]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.