Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91863 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Numerous virus probs + IE/Explorer popups


  • This topic is locked This topic is locked
4 replies to this topic

#1 Sarit

Sarit

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 29 March 2008 - 01:11 PM

This log is for my computer XD

I've been having problems with getting rid of some viruses. I know Virtumundo is on it, along with another called Smith...something. I can't remember the name. One of the main things is, browsers run really slow and lag. I also have a problem whenever I open My computer or Windows explorer, it will freeze and a popup about adware programs will pop up in IE. Ironic no? >_> I've installed a registry fixer and that hasn't helped. I've done numerous checks with AVG and nothing. Help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:46 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\OEM03Mon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Semagic\LiveJournalU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\FileZilla\FileZilla.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {D908439B-4B58-4D5E-AC6B-5FD7382633C8} - C:\WINDOWS\system32\dsoun.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\WINDOWS\OEM03Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co....MSpeedCheck.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.c...GNowStarter.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CFCBEE6F-BE54-4682-84F6-0E3FCDFAE3E2} (NowCAFE Control) - http://www.clubbox.c...fld/NowCAFE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15033/CTPID.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.c...MultiUpload.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Owner\Desktop\GM\GM1.gif
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Owner\Desktop\suboshiyui\GM1.gif

--
End of file - 13203 bytes

    Advertisements

Register to Remove


#2 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 04 April 2008 - 06:18 AM

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

#3 Sarit

Sarit

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 04 April 2008 - 11:34 AM

Hello! :D Thank you for your help!

ComboFix Log


ComboFix 08-04-03.5 - Owner 2008-04-04 11:28:53.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\.rdr.ini
C:\Documents and Settings\LocalService\Application Data\install.dat
C:\Documents and Settings\NetworkService\Application Data\.rdr.ini
C:\Documents and Settings\NetworkService\Application Data\Install.dat
C:\Documents and Settings\NetworkService\Local Settings\Application Data\n.ini
C:\Documents and Settings\Owner\Application Data\.rdr.ini
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\PT65V8D4\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\PT65V8D4\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\PT65V8D4\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\ystem~1
C:\Program Files\Common Files\ystem~1\?ystem\
C:\WINDOWS\sembly~1
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\config\system~1\applic~1\install.dat
C:\WINDOWS\system32\config\systemprofile\application data\.rdr.ini
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\gzsvoctp.dat
C:\WINDOWS\system32\dsoun.dll
C:\WINDOWS\system32\f06WtR
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\NSIS.Library.RegTool.v2.{2C94EC64-F2A5-47E4-B0A1-86B3BE445DBC}.exe
C:\WINDOWS\system32\nso12k.sys
C:\WINDOWS\system32\win
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\X11
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X7
C:\WINDOWS\system32\X9
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BDGUARD
-------\Legacy_BILCHKUZ
-------\Legacy_CORE
-------\Legacy_DRIVER
-------\Legacy_NET_AGENT
-------\Service_bilchkuz


((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-02 11:50 . 2008-04-02 11:50 <DIR> d-------- C:\WINDOWS\Cache
2008-04-02 11:50 . 2008-04-02 11:50 <DIR> d-------- C:\Program Files\Coupons
2008-04-02 11:50 . 2008-04-02 11:50 193,880 -rah----- C:\WINDOWS\system32\cpnprt2.cid
2008-03-28 17:23 . 2008-03-28 17:23 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-03-28 17:23 . 2008-03-28 17:23 0 --a------ C:\WINDOWS\frontpg.ini
2008-03-28 17:07 . 2008-03-28 17:23 <DIR> d-------- C:\Inetpub
2008-03-28 16:14 . 2008-03-28 16:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-03-28 11:54 . 2008-04-04 12:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-28 11:54 . 2008-03-28 11:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-24 10:56 . 2008-03-24 10:54 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-24 10:56 . 2008-03-24 10:56 2,550 --a------ C:\WINDOWS\unins000.dat
2008-03-17 20:31 . 2008-03-17 20:38 85,086,197 --a------ C:\Papa to Musume no Nanokakan OST.rar
2008-03-17 19:09 . 2008-03-17 19:09 <DIR> d-------- C:\Program Files\ImTOO
2008-03-17 15:09 . 2008-03-17 15:09 17,529 --a------ C:\golfmike_xpirathynnax4.jpg
2008-03-17 14:04 . 2008-03-17 14:04 799,842 --a------ C:\2008-03-17_rakubeiji.wmv
2008-03-17 00:53 . 2008-03-17 00:53 65,506 --a------ C:\fjdm.jpg
2008-03-17 00:20 . 2008-03-17 00:20 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-17 00:14 . 2008-03-17 02:05 11,270 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-16 22:52 . 2008-03-17 00:15 <DIR> d-------- C:\Program Files\RealMedia
2008-03-16 22:52 . 2008-03-17 00:17 <DIR> d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-03-16 22:52 . 2008-03-16 22:52 <DIR> d-------- C:\Program Files\DScaler5
2008-03-16 22:52 . 2008-03-17 00:16 <DIR> d-------- C:\Program Files\CD Audio Reader Filter
2008-03-16 22:51 . 2008-03-17 00:16 <DIR> d-------- C:\Program Files\SHOUTcast Source
2008-03-16 22:51 . 2008-03-16 22:51 <DIR> d-------- C:\Program Files\Haali
2008-03-16 22:46 . 2008-04-03 02:50 <DIR> d-------- C:\Program Files\Zoom Player
2008-03-16 21:19 . 2008-03-16 21:34 <DIR> d-------- C:\qc tutorial
2008-03-16 20:56 . 2008-03-16 20:56 60,336 --a------ C:\dragonsakura01020ts3.jpg
2008-03-16 14:06 . 2008-03-16 14:09 28,399,413 --a------ C:\172.20.22.1.sql
2008-03-16 13:40 . 2008-03-16 13:55 798,711,452 --a------ C:\Papa to Musume no Nanokakan ep01 (704x396).avi
2008-03-16 00:38 . 2008-03-16 00:38 45,005 --a------ C:\Pi Layout by Neyvaa.zip
2008-03-15 18:49 . 2008-03-15 22:01 <DIR> d-------- C:\Images
2008-03-15 18:49 . 2008-03-15 18:49 <DIR> d-------- C:\Archives
2008-03-15 18:48 . 2008-03-21 01:52 <DIR> d-------- C:\Videos
2008-03-13 13:45 . 2008-03-15 22:01 <DIR> d-------- C:\Yamashita Tomohisa Magazines
2008-03-12 22:23 . 2008-03-12 22:23 <DIR> d-------- C:\Program Files\Uniblue
2008-03-12 11:32 . 2008-04-04 08:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-03-12 11:32 . 2008-03-12 11:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-12 11:31 . 2008-03-12 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-11 23:50 . 2008-03-17 02:05 56 -r-hs---- C:\WINDOWS\system32\2B0345F728.sys
2008-03-11 23:49 . 2008-03-17 00:14 <DIR> d-------- C:\Program Files\DivX5.2
2008-03-11 23:42 . 2008-03-13 18:13 <DIR> d-------- C:\Virtual Dub 1.7.8
2008-03-11 18:24 . 2008-03-16 00:57 <DIR> d-------- C:\Pi Layout by Neyvaa
2008-03-09 17:45 . 2008-03-09 17:45 <DIR> d-------- C:\Program Files\EchoSub
2008-03-06 05:30 . 2008-03-06 05:30 <DIR> d-------- C:\Program Files\TVAnts
2008-03-04 22:47 . 2008-03-25 08:27 <DIR> d-------- C:\Program Files\KeyHoleTV
2008-03-04 01:39 . 2008-03-04 01:39 <DIR> d-------- C:\Program Files\ToGo Game

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 05:05 35,296 ----a-w C:\WINDOWS\system32\drivers\Dvd43.sys
2008-03-29 19:37 --------- d-----w C:\Program Files\Semagic
2008-03-24 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 15:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-24 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-23 02:29 --------- d-----w C:\Program Files\Total Video Converter
2008-03-18 17:27 --------- d-----w C:\Program Files\ljArchive
2008-03-18 17:27 --------- d-----w C:\Program Files\Corel
2008-03-17 08:02 --------- d-----w C:\Program Files\Dictionary
2008-03-17 05:17 --------- d-----w C:\Program Files\DirectVobSub
2008-03-17 05:14 --------- d-----w C:\Program Files\DivX
2008-03-17 04:45 --------- d-----w C:\Program Files\Gabest
2008-03-14 06:20 --------- d-----w C:\Program Files\eMule
2008-03-13 23:11 --------- d-----w C:\Program Files\Aegisub
2008-03-13 03:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-03-12 20:52 --------- d-----w C:\Program Files\Replay Media Catcher
2008-03-12 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-12 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-12 06:14 --------- d-----w C:\Program Files\Java
2008-03-12 03:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-12 01:39 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-12 01:22 --------- d-----w C:\Program Files\Viewpoint
2008-03-12 01:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-03-12 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-12 01:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 01:15 --------- d-----w C:\Program Files\Trillian
2008-03-12 01:12 --------- d-----w C:\Program Files\NCH Swift Sound
2008-03-12 01:09 --------- d-----w C:\Program Files\The Weather Channel FW
2008-03-12 01:00 --------- d-----w C:\Program Files\MEDUSA
2008-03-09 23:02 --------- d-----w C:\Program Files\SubtitleProcessor771
2008-02-27 02:27 1,308,216 ----a-w C:\HiJackThis_v2.exe
2007-12-09 21:21 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-06-16 02:33 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-26 00:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 20:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 19:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 18:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-11 00:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 17:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 17:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 17:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 17:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2007-11-28 07:24 75 --sh--r C:\WINDOWS\CT4CET.bin
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-08-02 01:16 1,758,155 --sh--w C:\WINDOWS\system32\pqqru.bak1
2007-08-05 00:39 6,507 --sh--w C:\WINDOWS\system32\qtwvw.bak1
2007-08-05 12:39 1,757,884 --sh--w C:\WINDOWS\system32\qtwvw.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03 868352]
"MSI Configuration"="msiconf.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DVD43"="C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe" [2006-10-26 15:58 258560]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"P17Helper"="P17.dll" [2005-05-03 06:38 64512 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"OEM03Mon.exe"="C:\WINDOWS\OEM03Mon.exe" [2007-05-18 12:00 36864]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-22 20:31 185896]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-12 11:33 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-12 11:31 219136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-10-08 01:11:23 106496]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Owner\Desktop\GM\GM1.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Owner\Desktop\suboshiyui\GM1.gif
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"VIDC.I420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 8.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk
backup=C:\WINDOWS\pss\Palo Alto Software Update Manager 8.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
backup=C:\WINDOWS\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Get a FREE audiobook!.lnk]
backup=C:\WINDOWS\pss\Get a FREE audiobook!.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TA_Start.lnk]
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 10:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 12:28 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\Owner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\Owner\LOCALS~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\Owner\LOCALS~1\Temp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\Owner\LOCALS~1\Temp\update.exe]
C:\DOCUME~1\Owner\LOCALS~1\Temp\update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer 948 Fax Server]
--a------ 2007-07-03 08:37 307848 C:\Program Files\Dell AIO Printer 948\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldfmon.exe]
--a------ 2007-07-03 08:36 455304 C:\Program Files\Dell AIO Printer 948\dldfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
--a------ 2006-10-26 15:58 258560 C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
--a------ 2007-07-03 08:36 410248 C:\Program Files\Dell AIO Printer 948\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM03Mon.exe]
-ra------ 2007-05-18 12:00 36864 C:\WINDOWS\OEM03Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 23:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 23:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-27 20:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\ServicePackFiles\services.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-11-12 16:48 21760296 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2005-10-24 16:53 307200 C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xem]
C:\WINDOWS\ServicePackFiles\services.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\FSCAgent.exe"=
"C:\\WINDOWS\\system32\\ClubBox.exe"=
"C:\\WINDOWS\\system32\\grdmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dldfcoms.exe"=
"C:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"C:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24357:TCP"= 24357:TCP:BitComet 24357 TCP
"24357:UDP"= 24357:UDP:BitComet 24357 UDP
"23854:TCP"= 23854:TCP:BitComet 23854 TCP
"23854:UDP"= 23854:UDP:BitComet 23854 UDP
"21645:TCP"= 21645:TCP:BitComet 21645 TCP
"21645:UDP"= 21645:UDP:BitComet 21645 UDP
"10090:TCP"= 10090:TCP:BitComet 10090 TCP
"10090:UDP"= 10090:UDP:BitComet 10090 UDP

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2006-12-13 22:10]
R2 dldf_device;dldf_device;C:\WINDOWS\system32\dldfcoms.exe [2007-06-26 01:56]
R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys [2008-04-01 00:05]
R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;C:\WINDOWS\system32\Drivers\OEM03Afx.sys [2007-06-07 12:00]
R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM03Vfx.sys [2007-03-05 05:45]
R3 OEM03Vid;Creative Camera OEM003 Driver;C:\WINDOWS\system32\DRIVERS\OEM03Vid.sys [2007-04-24 12:00]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 18:57]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe [2007-06-26 01:56]
S3 cwrwdm;SoundFusion™ WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2004-08-03 23:32]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\9Dragons\GameGuard\dump_wmimmc.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 12:47:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-04 16:18:06 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 12:03:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-04 12:14:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 17:13:56
Pre-Run: 4,574,208,000 bytes free
Post-Run: 4,647,682,048 bytes free
.
2008-03-24 07:30:10 --- E O F ---



Hijack This Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:02 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\OEM03Mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\WINDOWS\OEM03Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co....MSpeedCheck.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.c...GNowStarter.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CFCBEE6F-BE54-4682-84F6-0E3FCDFAE3E2} (NowCAFE Control) - http://www.clubbox.c...fld/NowCAFE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15033/CTPID.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.c...MultiUpload.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Owner\Desktop\GM\GM1.gif
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Owner\Desktop\suboshiyui\GM1.gif

--
End of file - 13139 bytes

#4 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 04 April 2008 - 11:59 AM

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\cpnprt2.cid
C:\WINDOWS\system32\pqqru.bak1
C:\WINDOWS\system32\qtwvw.bak1
C:\WINDOWS\system32\qtwvw.bak2
C:\WINDOWS\ServicePackFiles\services.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\update.exe

Folder::
C:\Program Files\Coupons

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\Owner\LOCALS~1\Temp\update.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xem]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Reboot and post a new HijackThis log

#5 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 08 April 2008 - 06:47 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users