Hey mschroe919...=j it worked... i can see my hidden files now and no warnings came out when i double clicked my drives... tanx a lot! Wahoo! thank you! thank you! thank you!
here's the logfile you asked..=j:
Logfile of HijackThis v1.99.1
Scan saved at 11:52:39 AM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampplite\apache\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\xampplite\apache\bin\apache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\scannthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {C298F7C6-958F-47AE-B811-C730070B5BD2} (EzWebView Control) -
http://equity.dnsali...cab/Webview.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\xampplite\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
And here the Combofix logfile:
ComboFix 08-04-04.1 - Joel yap 2008-04-06 11:37:45.1 - NTFSx86
Running from: C:\Documents and Settings\Joel yap\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\Program Files\ContextTool\ContextTool-2.dll
C:\Program Files\ContextTool\pcre3.dll
C:\Program Files\ContextTool\uninstall.exe
C:\WINDOWS\system\_sv_CMD_
C:\WINDOWS\system32\gzmrot-uninst.exe
C:\WINDOWS\system32\ninjaext-uninstall.exe
C:\WINDOWS\system32\rightonadz-uninst.exe
C:\WINDOWS\ufdata2000.log
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-04 11:07 . 2008-04-05 19:45 <DIR> d-------- C:\HJT
2008-04-03 11:02 . 2008-04-03 11:02 160,055 -r-hs---- C:\dhv2u8.cmd
2008-03-31 21:01 . 2008-03-31 21:00 155,662 -r-hs---- C:\w00g.exe
2008-03-31 19:08 . 2008-03-30 17:10 159,134 -r-hs---- C:\es.exe
2008-03-30 10:24 . 2008-03-30 11:25 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 07:13 . 2008-04-01 18:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-30 07:13 . 2008-03-30 07:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-27 20:01 . 2008-03-27 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Chessmaster Challenge
2008-03-23 15:44 . 2008-04-05 18:40 92,160 -r-hs---- C:\WINDOWS\system32\fool0.dll
2008-03-23 15:20 . 2008-03-23 15:19 154,818 -r-hs---- C:\p.bat
2008-03-23 15:15 . 2008-03-23 15:14 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-03-20 05:53 . 2008-03-21 09:33 153,899 -r-hs---- C:\ojbss9gv.com
2008-03-20 03:53 . 2008-03-20 03:53 <DIR> d-------- C:\WebSite2
2008-03-19 12:17 . 2008-03-19 12:16 152,093 -r-hs---- C:\lqxo8w.cmd
2008-03-16 07:47 . 2008-03-16 07:46 149,214 -r-hs---- C:\uulaqvl.cmd
2008-03-15 15:47 . 1997-11-05 12:28 576,000 --a------ C:\WINDOWS\system32\ww_cu232.dll
2008-03-15 15:47 . 1997-11-05 12:28 215,552 --a------ C:\WINDOWS\system32\ww_mc232.dll
2008-03-15 15:47 . 1997-11-05 12:28 215,204 --a------ C:\WINDOWS\system32\saxbasic.hlp
2008-03-15 15:47 . 1997-11-05 12:28 168,960 --a------ C:\WINDOWS\system32\ww_oa232.dll
2008-03-15 15:47 . 1997-11-05 12:26 87,552 --a------ C:\WINDOWS\system32\sbpro_42.ocx
2008-03-15 15:46 . 1997-11-20 11:33 5,705 --a------ C:\WINDOWS\emcgm2.ini
2008-03-15 15:46 . 1997-11-20 11:36 4,338 --a------ C:\WINDOWS\isgdi32.ini
2008-03-15 15:46 . 1997-12-15 21:43 4,001 --a------ C:\WINDOWS\emps_2.ini
2008-03-15 15:46 . 1997-12-20 16:22 1,052 --a------ C:\WINDOWS\emwmf2.ini
2008-03-15 15:46 . 1997-12-15 21:43 382 --a------ C:\WINDOWS\ebtif2.ini
2008-03-15 15:46 . 1999-08-19 14:47 377 --a------ C:\WINDOWS\ebpng2.ini
2008-03-15 15:46 . 1997-12-15 21:44 344 --a------ C:\WINDOWS\ebbmp2.ini
2008-03-15 15:46 . 1997-12-15 21:42 341 --a------ C:\WINDOWS\ebjpg2.ini
2008-03-15 15:46 . 1997-11-20 11:33 245 --a------ C:\WINDOWS\empct2.ini
2008-03-15 15:45 . 2008-03-18 08:39 <DIR> d-------- C:\Program Files\SPSS
2008-03-14 20:17 . 2008-03-19 23:42 <DIR> d-------- C:\Project in DBMS
2008-03-13 06:50 . 2008-03-13 06:50 146,194 -r-hs---- C:\vuts0e.cmd
2008-03-12 22:19 . 2008-03-12 22:19 148,550 -r-hs---- C:\3g.com
2008-03-12 22:19 . 2008-03-31 21:00 92,160 -r-hs---- C:\WINDOWS\system32\fool1.dll
2008-03-12 22:19 . 2008-04-05 18:42 505 -r-hs---- C:\autorun.inf
2008-03-12 11:40 . 2008-03-12 11:40 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-11 01:02 . 2008-03-11 01:02 <DIR> d-------- C:\Documents and Settings\Joel yap\Application Data\IDMComp
2008-03-11 00:05 . 2008-03-11 00:05 0 -ra------ C:\logwmemory.bin
2008-03-09 12:31 . 2008-03-09 12:31 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-08 15:54 . 1997-11-20 11:36 232 --a------ C:\WINDOWS\imwmf2.ini
2008-03-08 15:49 . 2001-09-12 15:32 1,335,584 --a------ C:\WINDOWS\system32\sbe6_32.dll
2008-03-08 15:49 . 2001-09-12 15:32 558,656 --a------ C:\WINDOWS\system32\sb6ent.ocx
2008-03-08 15:49 . 1998-05-19 15:33 396,800 --a------ C:\WINDOWS\system32\msfrt40.dll
2008-03-08 15:49 . 2001-05-23 03:02 329,423 --a------ C:\WINDOWS\system32\sbe6_000.hlp
2008-03-08 15:49 . 2001-05-23 03:02 6,255 --a------ C:\WINDOWS\system32\sbe6_000.cnt
2008-03-08 15:48 . 1996-01-12 01:00 722,192 --a------ C:\WINDOWS\system32\vb40032.dll
2008-03-08 15:48 . 1995-07-26 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2008-03-08 15:48 . 1996-08-05 05:00 92,160 --a------ C:\WINDOWS\system32\grid32.ocx
2008-03-08 15:41 . 1996-10-23 18:26 298,496 --a------ C:\WINDOWS\uninst.exe
2008-03-07 21:17 . 2008-03-07 21:22 <DIR> d-------- C:\Program Files\Microsoft SQL Server
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 03:39 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-04-04 12:45 56,536 ----a-w C:\Documents and Settings\Joel yap\Application Data\GDIPFONTCACHEV1.DAT
2008-04-03 16:07 --------- d-----w C:\Program Files\LimeWire
2008-04-02 09:36 --------- d-----w C:\Documents and Settings\Joel yap\Application Data\AdobeUM
2008-03-30 03:56 --------- d-----w C:\Documents and Settings\Joel yap\Application Data\Chessmaster Challenge
2008-03-29 23:15 --------- d-----w C:\Program Files\mIRC
2008-03-17 16:41 --------- d-----w C:\Program Files\FBrowsingAdvisor
2008-03-13 14:57 --------- d-----w C:\Documents and Settings\Joel yap\Application Data\MySQL
2008-03-12 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-07 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-07 13:39 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-07 13:19 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-01 00:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 00:36 --------- d-----w C:\Documents and Settings\Joel yap\Application Data\Dev-Cpp
2008-02-22 04:50 --------- d-----w C:\Program Files\FBrowserAdvisor
2008-02-20 16:49 --------- d-----w C:\Documents and Settings\Joel yap\Application Data\Azureus
2008-02-18 14:12 --------- d-----w C:\Program Files\Shockwave.com
2008-02-17 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-12 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WeatherStudio348
2008-02-09 09:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 22:59 224248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:32 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 09:10 409600]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe" [2007-08-28 09:38 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-08-28 09:37 69632]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 22:59 224248]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-07-11 20:20:15 278528]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"D:\\Games\\Quake III Arena\\quake3.exe"=
"D:\\Games\\warcraft\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\xampplite\\apache\\bin\\apache.exe"=
"C:\\Program Files\\xampplite\\mysql\\bin\\mysqld.exe"=
"D:\\Games\\Beach Head 2002\\BH2Game\\BH2.exe"=
"D:\\Games\\Warcraft\\Warcraft III\\War3.exe"=
R2 Apache2.2;Apache2.2;"C:\Program Files\xampplite\apache\bin\apache.exe" -k runservice []
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10aab997-5ad0-11dc-9a03-00167699fe34}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe TTMS1017.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45f008f2-fbcc-11dc-9d5a-00167699fe34}]
\Shell\AutoRun\command - F:\es.exe
\Shell\explore\Command - F:\es.exe
\Shell\open\Command - F:\es.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7661483c-f571-11dc-9d39-00167699fe34}]
\Shell\AutoRun\command - F:\6krxwx.cmd
\Shell\explore\Command - F:\6krxwx.cmd
\Shell\open\Command - F:\6krxwx.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80774ac7-2fa2-11dc-992e-00167699fe34}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - WScript.exe .\imgkulot.vbs
\Shell\open\Command - WScript.exe .\imgkulot.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96b35770-2fa4-11dc-9932-00167699fe34}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - WScript.exe .\imgkulot.vbs
\Shell\open\Command - WScript.exe .\imgkulot.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9db04fe8-4b28-11dc-99bb-00167699fe34}]
\Shell\Autoplay\Command - F:\smss.exe
\Shell\AutoRun\command - F:\smss.exe
\Shell\Explore\Command - F:\smss.exe
\Shell\Open\Command - F:\smss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9db04fe9-4b28-11dc-99bb-00167699fe34}]
\Shell\Auto\command - printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f58ccba-9a2d-11dc-9b6a-00167699fe34}]
\Shell\Auto\command - F:\printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fc05fa7-7ea8-11dc-9ac4-00167699fe34}]
\Shell\Auto\command - F:\printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf71db16-3118-11dc-993b-00167699fe34}]
\Shell\AutoRun\command - lqxo8w.cmd
\Shell\explore\Command - lqxo8w.cmd
\Shell\open\Command - lqxo8w.cmd
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-06 11:42:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-06 11:44:32
ComboFix-quarantined-files.txt 2008-04-06 03:44:27
Pre-Run: 15,650,897,920 bytes free
Post-Run: 15,637,991,424 bytes free
.
2008-03-14 02:01:12 --- E O F ---
Thanx Again mschroe919! You The Best! Hehe!=j
I Just Have Two More Question... What Does The Red Phrase Mean? and How Can I Avoid This From Happening Again? Thanx!
Edited by BuCkiba, 04 April 2008 - 09:54 PM.