virtumonde / smitfraud-c.coreservice / zenosearch / directrack / deewoo

soseberg · Sep 24, 2008

thank you all for your efforts on this site. i wish i had found the forum sooner, as i spent an inordinate amount of time researching my comoputer infections...

my son severely infected my computer to the point where I thought I might have to reinstall the os – I was not looking forward to it - he was using bit torrent peering for WOW, and claimed the problems started when he tried to download a "free" limewire update – these ad/aml/spyware programs are so insidious they would open explorer even when I was not running a browser & the pop-up ads were bad so I disabled wifi & created a password for explorer to open any pages – repeated spybot runs helped me limp along mostly resolving service denial issues for yahoo, google etc. the malware/Trojans would always reappear – also, my PC would often randomly turn off in the middle of a scan, as id these bad boys knew they were being scanned, thus never completing - I was unable to force safemode using [F8] - for some reason, my logon credentials were denied. weird. I disabled teatimer since the warnings were so prolific, my machine would lock up & I had no clue which registry mods I should allow (or not) so I typically said no - I knew I had registry corruptions, but I am not experienced with registry cleaning

here’s what I have done to date (& no more popups! YAY!)
I think there might be a few remaining items I should manually remove & I would appreciate experienced eyes to review my logs that follow

1) download & run ccleaner, log follows
2) download & run combofix, log follows
I did experience an unexpected behavior when combofix shut down my machine – I thought it would restart to safemode, but it shutdown & I manually powered up again; however, when my pc manually restarted, the log file still was created – hopefully I did this correctly
3) download & run hijackthis, log follows
4) reactivated teatimer, log follows
a bunch of registry mods were generated; I denied some and accepted some – I hope I chose correctly…

ccleaner:
ACT! Premium 2006
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Standard
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
ALPS Touch Pad Driver
anagram
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
bc635PCI Demonstration Software
Broadcom Gigabit Integrated Controller
CCleaner (remove only)
CDBurnerXP Pro 3
C-Major Audio
Compatibility Pack for the 2007 Office system
Curitel PC Card Software
CutePDF Writer 2.5
Diablo II
DivX Web Player
eFax Messenger 4.3
Free iPod Video Converter 1.34
GTK+ Runtime 2.10.11 rev b (remove only)
HijackThis 2.0.2
HP Image Zone Express
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_06
Java Media Framework 2.1.1c
Java(TM) 6 Update 3
Lexmark Software Uninstall
LiveUpdate 2.0 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.3
Microsoft IntelliType Pro 5.3
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.1)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Netflix Movie Viewer
Picasa 2
QuickSet
QuickTime
Spybot - Search & Destroy
Symantec AntiVirus
The KMPlayer (remove only)
Time Zone Data Update Tool for Microsoft Office Outlook
TPRO-TSAT WDM PCI Driver
VISUAL Manufacturing
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver

combofix:
ComboFix 08-09-22.06 - soseberg 2008-09-23 17:55:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.132 [GMT -7:00]
Running from: C:\Documents and Settings\soseberg\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\soseberg\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\soseberg\Application Data\CURITY~1
C:\Documents and Settings\soseberg\Application Data\CURITY~1\?explore.exe
C:\Documents and Settings\soseberg\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\soseberg\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\soseberg\services.exe
C:\Documents and Settings\soseberg\Start Menu\Programs\Startup\Deewoo.lnk
C:\Program Files\BChanger
C:\Program Files\BChanger\data.dat
C:\Program Files\GetPack
C:\Program Files\GetPack\dictame.gz
C:\Program Files\GetPack\trgtame.gz
C:\Program Files\ymante~1
C:\Program Files\ymante~1\?ymantec\
C:\Program Files\ymante~1\spool32.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b158.exe
C:\WINDOWS\BMe338b560.txt
C:\WINDOWS\BMe338b560.xml
C:\WINDOWS\faceback.exe
C:\WINDOWS\mrofinu1188.exe.tmp
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afkhph.dll
C:\WINDOWS\system32\arvoxeto.dll
C:\WINDOWS\system32\atvljjkp.dll
C:\WINDOWS\system32\aukhvbaj.dll
C:\WINDOWS\system32\autodis.dll
C:\WINDOWS\system32\awtqnLDv.dll
C:\WINDOWS\system32\awtutrrO.dll
C:\WINDOWS\system32\axjsliip.exe
C:\WINDOWS\system32\bdfixnml.exe
C:\WINDOWS\system32\bhdtxf.dll
C:\WINDOWS\system32\bmlxad.dll
C:\WINDOWS\system32\byXRigFu.dll
C:\WINDOWS\system32\cbaejisf.ini
C:\WINDOWS\system32\cLknWvut.ini
C:\WINDOWS\system32\cmakcjvr.dll
C:\WINDOWS\system32\czxxsh.dll
C:\WINDOWS\system32\ddcYppml.dll
C:\WINDOWS\system32\DKUFNqss.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\miverlog.dat
C:\WINDOWS\system32\drivers\tosdvdd.sys
C:\WINDOWS\system32\dtqdfrbq.exe
C:\WINDOWS\system32\dwcsfuco.dll
C:\WINDOWS\system32\ehodbumj.dll
C:\WINDOWS\system32\enpfijiv.dll
C:\WINDOWS\system32\fsijeabc.dll
C:\WINDOWS\system32\fxmgcrfc.dll
C:\WINDOWS\system32\gcisdwcr.ini
C:\WINDOWS\system32\gdogol.dll
C:\WINDOWS\system32\geBrqolk.dll
C:\WINDOWS\system32\geBuuvUN.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\gulmrplr.dll
C:\WINDOWS\system32\guujbc.dll
C:\WINDOWS\system32\hfyospri.dll
C:\WINDOWS\system32\hpokjikt.exe
C:\WINDOWS\system32\htvdkvqh.ini
C:\WINDOWS\system32\ifhfisps.dll
C:\WINDOWS\system32\ifsrculr.dll
C:\WINDOWS\system32\iifedbcy.dll
C:\WINDOWS\system32\iiygydde.exe
C:\WINDOWS\system32\jeoslcnw.exe
C:\WINDOWS\system32\jkkIXpNh.dll
C:\WINDOWS\system32\jotyxmld.dll
C:\WINDOWS\system32\jpcotk.dll
C:\WINDOWS\system32\jwsdwnmi.dll
C:\WINDOWS\system32\kglskfdp.dll
C:\WINDOWS\system32\khfGaYsq.dll
C:\WINDOWS\system32\khfggeeE.dll
C:\WINDOWS\system32\kmxisl.dll
C:\WINDOWS\system32\kvfind.dll
C:\WINDOWS\system32\ljJaWOge.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\medjfu.dll
C:\WINDOWS\system32\mftdjpnk.dll
C:\WINDOWS\system32\mlJdeBrq.dll
C:\WINDOWS\system32\mlJYsttQ.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mTAdMUtv.ini
C:\WINDOWS\system32\MWxbayxx.ini
C:\WINDOWS\system32\nfonxbpy.dll
C:\WINDOWS\system32\nnnkIaWo.dll
C:\WINDOWS\system32\nnnOHXNE.dll
C:\WINDOWS\system32\nyhfvjsa.ini
C:\WINDOWS\system32\ohyjxlih.dll
C:\WINDOWS\system32\opnlJywv.dll
C:\WINDOWS\system32\oqiovnwa.dll
C:\WINDOWS\system32\otjefckx.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnkHYQj.dll
C:\WINDOWS\system32\pwcejmrv.dll
C:\WINDOWS\system32\qacdnkgm.dll
C:\WINDOWS\system32\qrtwyJjl.ini
C:\WINDOWS\system32\qswpfmft.dll
C:\WINDOWS\system32\raspriuk.dll
C:\WINDOWS\system32\rbxvbnqo.ini
C:\WINDOWS\system32\riffqqls.dll
C:\WINDOWS\system32\rnwnw64s.exe
C:\WINDOWS\system32\rqRHaBTm.dll
C:\WINDOWS\system32\rqRKETKA.dll
C:\WINDOWS\system32\rucridnb.ini
C:\WINDOWS\system32\sjcikd.dll
C:\WINDOWS\system32\spteggnc.dll
C:\WINDOWS\system32\ssqNEvsS.dll
C:\WINDOWS\system32\tfepeksk.dll
C:\WINDOWS\system32\tuvTNGvW.dll
C:\WINDOWS\system32\txtajdxo.exe
C:\WINDOWS\system32\UEhkmUvw.ini
C:\WINDOWS\system32\UEhkmUvw.ini2
C:\WINDOWS\system32\uisjwypp.dll
C:\WINDOWS\system32\urqrpqOg.dll
C:\WINDOWS\system32\uuubqwpq.dll
C:\WINDOWS\system32\uvbyslgk.dll
C:\WINDOWS\system32\uwdnds.dll
C:\WINDOWS\system32\uyuoptif.exe
C:\WINDOWS\system32\vacldkhw.dll
C:\WINDOWS\system32\vaiathqw.dll
C:\WINDOWS\system32\vhmjcy.dll
C:\WINDOWS\system32\visgykqi.ini
C:\WINDOWS\system32\vrmjecwp.ini
C:\WINDOWS\system32\vtUMdATm.dll
C:\WINDOWS\system32\vtUmNEVO.dll
C:\WINDOWS\system32\vtUoOEvW.dll
C:\WINDOWS\system32\vuprkopd.dll
C:\WINDOWS\system32\vvrrxsfj.ini
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wtlbinkp.dll
C:\WINDOWS\system32\wuglmv.dll
C:\WINDOWS\system32\wupfsabc.dll
C:\WINDOWS\system32\wvUmkhEU.dll
C:\WINDOWS\system32\wwohmyix.dll
C:\WINDOWS\system32\xiymhoww.ini
C:\WINDOWS\system32\xkcfejto.ini
C:\WINDOWS\system32\xkwims.dll
C:\WINDOWS\system32\xmfnweqi.dll
C:\WINDOWS\system32\xxdlvgei.dll
C:\WINDOWS\system32\xxefxz.dll
C:\WINDOWS\system32\xxyyyATL.dll
C:\WINDOWS\system32\xydfocpc.dll
C:\WINDOWS\system32\yayxYSlJ.dll
C:\WINDOWS\system32\yenssbwb.ini
C:\WINDOWS\system32\yhushvqk.dll
C:\WINDOWS\system32\yisiknfa.ini
C:\WINDOWS\system32\ylyybujc.dll
C:\WINDOWS\system32\yocetcjt.dll
C:\WINDOWS\system32\zxdnt3d.cfg

----- BITS: Possible infected sites -----

hxxp://visual
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KILRXCSV
-------\Legacy_TOSDVDD
-------\Service_kilrxcsv
-------\Service_tosdvdd

((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\CCleaner
2008-09-23 16:31 . 2008-09-23 16:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-20 12:33 . 2008-09-20 12:33 <DIR> d-------- C:\Program Files\Microsoft Games
2008-09-20 01:09 . 2008-09-20 01:09 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-09-20 01:09 . 2008-09-20 01:40 41,509 --a------ C:\WINDOWS\DIIUnin.dat
2008-09-20 01:09 . 2008-09-20 01:09 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-09-17 02:13 . 2008-09-23 14:46 <DIR> d-------- C:\WINDOWS\system32\mC02
2008-09-17 02:13 . 2008-09-17 02:13 <DIR> d-------- C:\Temp\mtc2
2008-09-16 19:23 . 2008-09-20 01:38 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-09-16 19:23 . 2008-09-20 01:38 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-09-16 19:23 . 2008-09-20 01:38 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-08-29 13:35 . 2008-09-22 19:18 <DIR> d-------- C:\WINDOWS\system32\wTR02
2008-08-29 13:35 . 2008-08-29 13:35 <DIR> d-------- C:\Temp\dax41
2008-08-29 12:57 . 2008-08-29 12:57 5,120 --a------ C:\WINDOWS\system32\drivers\ktlfolnp.dat
2008-08-26 12:09 . 2008-05-29 11:34 60,928 --a------ C:\WINDOWS\system32\jcta.dll
2008-08-26 11:50 . 2008-09-03 12:29 <DIR> d-------- C:\WINDOWS\system32\usp
2008-08-26 11:50 . 2008-08-26 11:50 <DIR> d-------- C:\WINDOWS\system32\tep
2008-08-26 11:50 . 2008-09-03 12:29 <DIR> d-------- C:\WINDOWS\system32\spol
2008-08-26 11:50 . 2008-08-26 11:50 <DIR> d-------- C:\WINDOWS\system32\jr
2008-08-26 11:50 . 2008-08-26 11:51 548,928 --a------ C:\WINDOWS\system32\lcntttdl.exe
2008-08-26 11:50 . 2008-08-26 11:50 153,483 --a------ C:\WINDOWS\system32\g6.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 23:23 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-09-22 06:44 --------- d-----w C:\Program Files\Viewpoint
2008-09-22 06:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-20 07:52 --------- d-----w C:\Program Files\BitLord
2008-09-19 04:16 --------- d-----w C:\Program Files\InterActual
2008-09-17 09:09 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-05 04:19 --------- d-----w C:\Program Files\Conduit
2008-09-02 21:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 20:04 --------- d-----w C:\Documents and Settings\soseberg\Application Data\LimeWire
2008-08-29 20:03 --------- d-----w C:\Program Files\LimeWire
2008-08-27 18:30 --------- d-----w C:\Program Files\Mjcore
2008-08-25 18:32 --------- d-----w C:\Program Files\Google
2008-08-21 08:48 --------- d-----w C:\Program Files\Verizon Wireless
2008-08-21 08:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 08:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-19 12:24 103,936 ----a-w C:\WINDOWS\faceback1188.exe
2008-08-18 21:51 355 ----a-w C:\334.bat
2008-08-18 21:42 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\Scanner
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\aolback
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\ComcastToolbar
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-18 21:40 --------- d-----w C:\Program Files\Yahoo!
2008-08-10 18:57 77 ----a-w C:\Documents and Settings\soseberg\9123.bat
2008-08-05 06:37 --------- d-----w C:\Program Files\Picasa2
2008-08-02 02:54 --------- d-----w C:\Documents and Settings\soseberg\Application Data\Uniblue
2008-08-02 02:03 --------- d-----w C:\Program Files\Bonjour
2008-07-28 08:46 --------- d-----w C:\Documents and Settings\soseberg\Application Data\Ventrilo
2008-06-28 01:38 53,248 --sh--w C:\Documents and Settings\soseberg\winlogon.exe
2007-01-23 12:07 1,847,296 ----a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
2006-08-23 20:52 56 --sh--r C:\WINDOWS\system32\7BF3C4AD00.sys
2008-02-20 05:14 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD33E819-2187-5F06-AA3D-7AA2EDBA4CE6}]
2008-05-29 11:34 60928 --a------ C:\WINDOWS\system32\jcta.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD33E81B-2186-5C76-AA3E-79A2E6B44C9C}]
2008-05-29 11:34 60928 --a------ C:\WINDOWS\system32\jcta.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zuctok"="C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe" [?]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2006-06-14 53248]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"Windows Logon Applicationedc"="C:\Documents and Settings\soseberg\winlogon.exe" [2008-06-27 53248]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-05 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 176128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2008-06-22 629248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vhmjcy.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\soseberg\\Application Data\\vusbsp\\VonageTalkUSB.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\act.scheduler.exe [2006-08-23 53248]
S2 ClockDaemon;Clock Daemon;C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe [ ]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 55344]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 9200]

hijackthis logfile and startup list:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30, on 2008-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\soseberg\winlogon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: (no name) - {DD33E819-2187-5F06-AA3D-7AA2EDBA4CE6} - C:\WINDOWS\system32\jcta.dll
O2 - BHO: (no name) - {DD33E81B-2186-5C76-AA3E-79A2E6B44C9C} - C:\WINDOWS\system32\jcta.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\soseberg\winlogon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Zuctok] "C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O20 - AppInit_DLLs: vhmjcy.dll
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9183 bytes

StartupList report, 9/23/2008, 4:43:55 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Documents and Settings\soseberg\winlogon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\lcntttdl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\PROGRA~1\YMANTE~1\spool32.exe
C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\soseberg\Start Menu\Programs\Startup]
Deewoo.lnk = C:\WINDOWS\system32\lcntttdl.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
IntelZeroConfig = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray = C:\PROGRA~1\SYMANT~1\VPTray.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
type32 = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
Windows Logon Applicationedc = C:\Documents and Settings\soseberg\winlogon.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Apoint = C:\Program Files\Apoint\Apoint.exe
ExploreUpdSched = C:\WINDOWS\system32\lcntttdl.exe DWram03FF
e00b86fc = rundll32.exe "C:\WINDOWS\system32\vtUMdATm.dll",b
BMe338b560 = Rundll32.exe "C:\WINDOWS\system32\hfyospri.dll",s

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Uniblue RegistryBooster 2 = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
DrvMon.exe = C:\WINDOWS\system32\DrvMon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
Tair = "C:\PROGRA~1\YMANTE~1\spool32.exe" -vt ndrv
Zuctok = "C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe"
muuw = C:\Program Files\InetGet2\stub109_4_0_4_0.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=vhmjcy.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 8,220 bytes
Report generated in 0.219 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

teatimer:
2008-09-23 19:13:40 Denied (based on user decision) value "SpybotDeletingB4360" (new data: "") deleted in System Startup user entry!
2008-09-23 19:13:46 Denied (based on user decision) value "SpybotDeletingD4192" (new data: "") deleted in System Startup user entry!
2008-09-23 19:14:33 Denied (based on user decision) value "SpybotDeletingD8620" (new data: "") deleted in System Startup user entry!
2008-09-23 19:21:32 Denied (based on user decision) value "SpybotDeletingB4360" (new data: "") deleted in System Startup user entry!
2008-09-23 19:22:54 Denied (based on user decision) value "SpybotDeletingD4192" (new data: "") deleted in System Startup user entry!
2008-09-23 19:23:23 Allowed (based on user decision) value "SpybotDeletingD8620" (new data: "") deleted in System Startup user entry!
2008-09-23 19:23:23 Allowed (based on lassh blacklist) value "UserFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -u") added in System Startup global entry!
2008-09-23 19:24:20 Denied (based on user decision) value "{B8-86-65-53-DW}" (new data: "") deleted in System Startup global entry!
2008-09-23 19:25:14 Allowed (based on user decision) value "{a7759adb-c3ca-c23d-a4e8-cb386ed24140}" (new data: "") deleted in System Startup global entry!
2008-09-23 19:25:42 Allowed (based on user decision) value "ExploreUpdSched" (new data: "") deleted in System Startup global entry!
2008-09-23 19:27:04 Allowed (based on user decision) value "BMe338b560" (new data: "") deleted in System Startup global entry!
2008-09-23 19:27:38 Allowed (based on user decision) value "e00b86fc" (new data: "") deleted in System Startup global entry!
2008-09-23 19:28:33 Allowed (based on user decision) value "{8a33937f-911b-3b9f-e647-88e4ea3bf891}" (new data: "") deleted in System Startup global entry!

Do NOT run 'fixes' before helpers have analyzed HJT log

soseberg · Oct 1, 2008

virtumonde problems continue - updated HJT log

Teatimer is warning me of a systme32 key change - i think both entries are bad, but teatimer does not allow me to deny the change - the same request keeps appearing although a click on deny change (existing value is nyscyigl.dll",s):

2008-09-30 17:27:30 Denied (based on user decision) value "BMe338b560" (new data: "Rundll32.exe "C:\WINDOWS\system32\bqiedxlk.dll",s") changed in System Startup global entry!
2008-09-30 17:34:48 Denied (based on user decision) value "BMe338b560" (new data: "Rundll32.exe "C:\WINDOWS\system32\bqiedxlk.dll",s") changed in System Startup global entry!
2008-09-30 17:34:48 Allowed (based on user whitelist) value "e00b86fc" (new data: "") deleted in System Startup global entry!
2008-09-30 17:34:58 Denied (based on user decision) value "{8a1314e3-e0ac-433b-8f3b-2545f7ad1298}" (new data: "") added in Browser Helper Object!
2008-09-30 17:35:15 Denied (based on user decision) value "BMe338b560" (new data: "Rundll32.exe "C:\WINDOWS\system32\bqiedxlk.dll",s") changed in System Startup global entry!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28, on 2008-09-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf

Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and

Settings\soseberg\winlogon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BMe338b560] Rundll32.exe "C:\WINDOWS\system32\bqiedxlk.dll",s
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program

Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Zuctok] "C:\Documents and Settings\soseberg\Application

Data\??curity\?explore.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL

Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact -

{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... -

{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.ca

b?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.ca

b?1222260100609
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O20 - AppInit_DLLs: vhmjcy.dll fnqnpc.dll pdogiy.dll jsvdgs.dll, ynejda.dll
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for

windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and

Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file

missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -

C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. -

C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec

AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec

AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation -

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9638 bytes

Shaba · Oct 1, 2008

Hi soseberg

The formatting of your post is messed up. This is caused by having Word Wrap checked.
1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears unchecked.

After that, please post back a fresh HijackThis log

soseberg · Oct 1, 2008

fresh hjt log - word wrap off

i have unchecked word wrap. here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38, on 2008-10-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\system32\winmine.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\soseberg\winlogon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BMe338b560] Rundll32.exe "C:\WINDOWS\system32\bqiedxlk.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9396] command /c del "C:\WINDOWS\system32\bqiedxlk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9639] cmd /c del "C:\WINDOWS\system32\bqiedxlk.dll_old"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Zuctok] "C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4144] command /c del "C:\WINDOWS\system32\bqiedxlk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2205] cmd /c del "C:\WINDOWS\system32\bqiedxlk.dll_old"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1222260100609
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O20 - AppInit_DLLs: vhmjcy.dll fnqnpc.dll pdogiy.dll jsvdgs.dll, ynejda.dll
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10025 bytes

Shaba · Oct 2, 2008

Re-run combofix and let it update itself if it finds a newer version.

Post back a fresh HijackThis log and a fresh combofix log, please.

soseberg · Oct 2, 2008

New ComboFix & HJT logs

updated & ran combo fix, log follows:
upon reboot, just b4 powerdown, got a missing dll error, catchme.cfexe; while powering up, got one of thise pesky system32 errors.
(question: is combofix supposed to rest my default browser to IE?)

ComboFix 08-10-01.02 - soseberg 2008-10-02 6:40:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.211 [GMT -7:00]
Running from: C:\Documents and Settings\soseberg\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMe338b560.txt
C:\WINDOWS\BMe338b560.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akggoxyo.dll
C:\WINDOWS\system32\amowqbvu.ini
C:\WINDOWS\system32\cjehfucm.dll
C:\WINDOWS\system32\eujgpjal.ini
C:\WINDOWS\system32\fihowizu.dll
C:\WINDOWS\system32\fnqnpc.dll
C:\WINDOWS\system32\fsjdkoxt.dll
C:\WINDOWS\system32\gkdovx.dll
C:\WINDOWS\system32\guvegavu.dll
C:\WINDOWS\system32\hcibcrvm.ini
C:\WINDOWS\system32\hqanfmgr.dll
C:\WINDOWS\system32\jklllnnn.ini
C:\WINDOWS\system32\jklllnnn.ini2
C:\WINDOWS\system32\jlhwwr.dll
C:\WINDOWS\system32\jrsumeit.dll
C:\WINDOWS\system32\jsvdgs.dll
C:\WINDOWS\system32\khfCtqNh.dll
C:\WINDOWS\system32\lajpgjue.dll
C:\WINDOWS\system32\lomehane.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mcufhejc.ini
C:\WINDOWS\system32\mlJCUMGX.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mvrcbich.dll
C:\WINDOWS\system32\nevxfygr.dll
C:\WINDOWS\system32\nnnlllkj.dll
C:\WINDOWS\system32\nowrjwup.dll
C:\WINDOWS\system32\olircmut.dll
C:\WINDOWS\system32\owrnllns.ini
C:\WINDOWS\system32\oyxoggka.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pdogiy.dll
C:\WINDOWS\system32\rgyfxven.ini
C:\WINDOWS\system32\rtusvw.dll
C:\WINDOWS\system32\snnproxe.dll
C:\WINDOWS\system32\ucqufrdp.dll
C:\WINDOWS\system32\uvbqwoma.dll
C:\WINDOWS\system32\vfenrnpw.dll
C:\WINDOWS\system32\vkiclljh.dll
C:\WINDOWS\system32\vqgvihru.dll
C:\WINDOWS\system32\wlkbcegy.dll
C:\WINDOWS\system32\ygecbklw.ini
C:\WINDOWS\system32\ynejda.dll
C:\WINDOWS\Tasks\znmclagv.job
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://77.74.48.101
.
((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.

2008-09-28 16:06 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-25 19:57 . 2008-09-25 19:57 <DIR> d-------- C:\Program Files\Sun
2008-09-25 09:50 . 2008-09-25 09:52 <DIR> d-------- C:\Documents and Settings\soseberg\Application Data\SiteAdvisor
2008-09-25 09:50 . 2008-09-25 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-25 09:50 . 2008-09-25 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-24 21:31 . 2008-09-24 21:31 77,824 --ahs---- C:\WINDOWS\system32\ssqNeEuv.dll
2008-09-24 05:42 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-24 02:15 . 2008-09-24 02:28 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\CCleaner
2008-09-23 16:31 . 2008-09-23 16:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-20 12:33 . 2008-09-20 12:33 <DIR> d-------- C:\Program Files\Microsoft Games
2008-09-20 01:09 . 2008-09-20 01:09 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-09-20 01:09 . 2008-09-20 01:40 41,509 --a------ C:\WINDOWS\DIIUnin.dat
2008-09-20 01:09 . 2008-09-20 01:09 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-09-17 02:13 . 2008-09-25 21:16 <DIR> d-------- C:\WINDOWS\system32\mC02
2008-09-17 02:13 . 2008-09-17 02:13 <DIR> d-------- C:\Temp\mtc2
2008-09-16 19:23 . 2008-09-20 01:38 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-09-16 19:23 . 2008-09-20 01:38 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-09-16 19:23 . 2008-09-20 01:38 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 14:00 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-09-28 23:06 --------- d-----w C:\Program Files\Java
2008-09-25 16:21 --------- d-----w C:\Program Files\Mjcore
2008-09-24 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 06:44 --------- d-----w C:\Program Files\Viewpoint
2008-09-22 06:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-20 07:52 --------- d-----w C:\Program Files\BitLord
2008-09-19 04:16 --------- d-----w C:\Program Files\InterActual
2008-09-17 09:09 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-05 04:19 --------- d-----w C:\Program Files\Conduit
2008-09-02 21:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 20:04 --------- d-----w C:\Documents and Settings\soseberg\Application Data\LimeWire
2008-08-29 20:03 --------- d-----w C:\Program Files\LimeWire
2008-08-25 18:32 --------- d-----w C:\Program Files\Google
2008-08-21 08:48 --------- d-----w C:\Program Files\Verizon Wireless
2008-08-21 08:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 08:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 21:51 355 ----a-w C:\334.bat
2008-08-18 21:42 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\Scanner
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\aolback
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\ComcastToolbar
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-18 21:40 --------- d-----w C:\Program Files\Yahoo!
2008-08-10 18:57 77 ----a-w C:\Documents and Settings\soseberg\9123.bat
2008-08-05 06:37 --------- d-----w C:\Program Files\Picasa2
2008-08-02 02:54 --------- d-----w C:\Documents and Settings\soseberg\Application Data\Uniblue
2008-08-02 02:03 --------- d-----w C:\Program Files\Bonjour
2007-01-23 12:07 1,847,296 ----a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
2006-08-23 20:52 56 --sh--r C:\WINDOWS\system32\7BF3C4AD00.sys
2008-02-20 05:14 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-09-23_18.26.12.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2008-07-19 05:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
- 2006-08-23 17:17:32 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-30 19:01:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2006-08-23 17:17:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-30 19:01:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-29 03:02:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
- 2006-08-23 17:17:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-30 19:01:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-05-09 14:50:00 75,736 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-19 05:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-04-17 05:45:48 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-19 05:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-04-17 05:45:20 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-19 05:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-04-17 05:45:54 1,710,936 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-19 05:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-04-17 05:45:42 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 05:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-04-17 05:47:36 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-19 05:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-04-17 05:45:36 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-31 02:19:46 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2007-09-25 06:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 08:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-25 06:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 08:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-25 07:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 09:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2006-05-17 19:23:38 579,888 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-21 01:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-09-25 16:47:28 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2005-05-26 08:19:32 178,408 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2007-07-31 02:18:34 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2008-07-19 05:09:44 563,912 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.784\wuapi.dll
+ 2008-07-19 05:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 05:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2006-09-26 00:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2008-03-20 21:41:20 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
- 2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2008-07-19 05:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2008-07-19 05:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2008-07-19 05:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2008-07-19 05:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2008-07-19 05:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2008-07-19 05:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-31 02:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-10-02 14:00:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_510.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zuctok"="C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe" [?]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2006-06-14 53248]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-05 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BMe338b560"="C:\WINDOWS\system32\vqgvihru.dll" [BU]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2008-06-22 629248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\soseberg\\Application Data\\vusbsp\\VonageTalkUSB.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\act.scheduler.exe [2006-08-23 53248]
S2 ClockDaemon;Clock Daemon;C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe [ ]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 55344]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 9200]
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 69632]
S3 SQLAgent$ACT7;SQLAgent$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 311872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f7199ba-5293-11dc-b410-00123f1296c3}]
\Shell\AutoRun\command - E:\Loaderw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f70f64ae-6863-11db-b37c-00123f1296c3}]
\Shell\AutoRun\command - F:\Loaderw.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{0a09ca12-5bae-19cc-88c4-073b4d808e66} - (no file)
BHO-{1E1170B7-2BDD-4709-982A-9BF0D16977D1} - C:\WINDOWS\system32\nnnlllkj.dll
BHO-{2699F491-8103-478D-AB09-CB204B84EF64} - (no file)
BHO-{2C072730-2688-4E86-B619-CAD1D33F6C3C} - (no file)
BHO-{300677A5-EEB2-429A-9498-FADC1EBE7400} - (no file)
BHO-{30B58F52-3B18-4571-B6DA-8224C1D438EA} - (no file)
BHO-{3988F3C4-7992-412B-B413-8BDDC16176B3} - (no file)
BHO-{55A848A9-3DEB-4FF1-91D6-F7A64BD06DEA} - (no file)
BHO-{7E5E4C26-B8BA-4ADB-A3E0-7026279BB610} - (no file)
BHO-{9D0E61B0-E08D-4305-9EDD-BDD379DF05B3} - (no file)
BHO-{A49E9AC0-3C5D-4FF1-BE91-D34A212DA320} - (no file)
BHO-{D1ED7B09-08B0-405B-B416-D28343F0FFA7} - (no file)
BHO-{db3121b0-f36e-4142-a206-afa13774236a} - C:\WINDOWS\system32\gkdovx.dll
BHO-{DD33E819-2187-5F06-AA3D-7AA2EDBA4CE6} - C:\WINDOWS\system32\jcta.dll
BHO-{DD33E81B-2186-5C76-AA3E-79A2E6B44C9C} - C:\WINDOWS\system32\jcta.dll
BHO-{e6f48a45-874f-4723-736b-2238bdc192b7} - (no file)
BHO-{EB338DB6-EC2C-456B-B5AD-ED97FB489684} - C:\WINDOWS\system32\mlJCUMGX.dll
BHO-{f4550eb7-8988-af49-346f-461dc9e02214} - (no file)
BHO-{fa941c6f-2936-4104-8d5f-22f090b8f9f2} - (no file)
HKLM-Run-Windows Logon Applicationedc - C:\Documents and Settings\soseberg\winlogon.exe
ShellExecuteHooks-{EB338DB6-EC2C-456B-B5AD-ED97FB489684} - C:\WINDOWS\system32\mlJCUMGX.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\soseberg\Application Data\Mozilla\Firefox\Profiles\5kq5zkxq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF -: plugin - C:\Documents and Settings\soseberg\Application Data\Mozilla\Firefox\Profiles\5kq5zkxq.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppsynth.dll
FF -: plugin - C:\WINDOWS\system32\Photosynth\nppsynth.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 07:02:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Apoint\ApntEx.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-10-02 7:06:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-02 14:06:48
ComboFix2.txt 2008-09-24 01:26:38

Pre-Run: 17,829,801,984 bytes free
Post-Run: 17,889,120,256 bytes free

327 --- E O F --- 2007-12-13 15:51:21

new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:14, on 2008-10-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BMe338b560] Rundll32.exe "C:\WINDOWS\system32\vqgvihru.dll",s
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Zuctok] "C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1222260100609
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10057 bytes

Shaba · Oct 2, 2008

"question: is combofix supposed to rest my default browser to IE?"

Yes it is. You can change it later.

Are both avast! and Norton antivirus up-to-date?

soseberg · Oct 2, 2008

Virus SW

avast is up-to-date; it is set to update automatically, and just updated this morning. i don't use the symantec - it probably hasn't updated in 6-mos. or so. I tried removing some time ago but whomever installed the SW used a password to prevent uninstallation.

ps. already update my default browser to firefox.

Shaba · Oct 2, 2008

See and post back if it helped.

soseberg · Oct 2, 2008

symantec (w/password) removal?

very kewl - thx so much for this info

I successfully edited the symantec password registry key UseVPUninstallPassword at:
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administrator Only\Security\

when i try to use add/remove programs, i get the message "fatal error during installation"

will try the norton uninstall program referenced in the blog now.

Shaba · Oct 2, 2008

OK, enable windows firewall before that and post a fresh HijackThis log afterwards

soseberg · Oct 2, 2008

symantec (w/password) removal, cont' ?

there are 3-sites referenced in the disable uninstall symantec password blog:
(1) pcauthorities
(2) simpleuninstaller.com
(3) pctuneuptips

is there any preference?

Shaba · Oct 2, 2008

This is the official tool

soseberg · Oct 2, 2008

symantec removal, cont' ?

tried running the norton removal tool downloaded from the symantec site - the SW tells me that i must use add/remove programs to remove symantec antivirus 9 or later before I can use the norton removal tool. ARGH!

If I click on symantic antivirus supportino in add/remove programs, there is a repair option. should I try repairing? any other suggestions?

Shaba · Oct 2, 2008

Sure you can

If no go, you can try those other tools - but I've never used/ask anyone to use them so that will happen at your own risk then.

soseberg · Oct 2, 2008

norton/symantec removal

so

All the 3-sites referenced above in the disable uninstall symantec password blog download a program called perfect uninstaller that is advertised to remove norton, among many others, however, when reading the license agreement after download, one must purchase a license to actually remove anything

Seems the referenced blog may be an advert for perfect uninstaller.

Tried to repair symantic antivirus via the support link in add/remove programs, but the Symantec Antivirus server is required.

I guess I am stuck with Symantec for now. I am thinking I should post this as a separate issue after we are done here. What do you think?

Shaba · Oct 2, 2008

Then we will remove it manually a bit later, now most of it.

Open notepad and copy/paste the text in the codebox below into it:

Code:

File::
C:\WINDOWS\system32\ssqNeEuv.dll

Folder::
C:\WINDOWS\system32\mC02
C:\Temp\mtc2
C:\Program Files\BitLord
C:\Documents and Settings\soseberg\Application Data\LimeWire
C:\Program Files\LimeWire
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Symantec AntiVirus

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zuctok"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMe338b560"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

soseberg · Oct 2, 2008

latest combofix/hjt scans

I ran combofix and dragged the cfscript file from below onto the combofix icon. combofix asked me to download updates again (i had already done so this morning - so i hope i did it correctly - i am guessing the updates are not saved to combofix.exe & that i would need to download a fresh version).

combofix ran fine - but it did not force my machine to reboot this time. also, the task bar disappeared, so i restarted using ctrl-alt-del.

the diabloII in the bitlord folder is a microsoft game my boys play - is there an issue with this game? (i did delete the bitlord folder, as you recommended)

combofix log:
(the HJT log will follow in a separate post, as I ran out of room in this post)

ComboFix 08-10-01.06 - soseberg 2008-10-02 12:25:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.141 [GMT -7:00]
Running from: C:\Documents and Settings\soseberg\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\soseberg\Desktop\troubleshooting\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\ssqNeEuv.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\soseberg\Application Data\LimeWire
C:\Documents and Settings\soseberg\Application Data\LimeWire\active.mojito
C:\Documents and Settings\soseberg\Application Data\LimeWire\certificate\limewire.keystore
C:\Documents and Settings\soseberg\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\soseberg\Application Data\LimeWire\downloads.dat
C:\Documents and Settings\soseberg\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\soseberg\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\soseberg\Application Data\LimeWire\filters.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\soseberg\Application Data\LimeWire\installation.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\library.dat
C:\Documents and Settings\soseberg\Application Data\LimeWire\limewire.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\mojito.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\passive.mojito
C:\Documents and Settings\soseberg\Application Data\LimeWire\promotion\promodb.backup
C:\Documents and Settings\soseberg\Application Data\LimeWire\promotion\promodb.data
C:\Documents and Settings\soseberg\Application Data\LimeWire\promotion\promodb.properties
C:\Documents and Settings\soseberg\Application Data\LimeWire\promotion\promodb.script
C:\Documents and Settings\soseberg\Application Data\LimeWire\questions.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\responses.cache
C:\Documents and Settings\soseberg\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\soseberg\Application Data\LimeWire\spam.dat
C:\Documents and Settings\soseberg\Application Data\LimeWire\tables.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\logo.png
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\notsearching.png
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\searching.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\version.txt
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\ttrees.cache
C:\Documents and Settings\soseberg\Application Data\LimeWire\ttroot.cache
C:\Documents and Settings\soseberg\Application Data\LimeWire\version.xml
C:\Documents and Settings\soseberg\Application Data\LimeWire\versions.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\xml\data\video.sxml2
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\BitLord
C:\Program Files\BitLord\BitLord.xml
C:\Program Files\BitLord\Diablo II\binkw32.dll
C:\Program Files\BitLord\Diablo II\bncache.dat
C:\Program Files\BitLord\Diablo II\Bnclient.dll
C:\Program Files\BitLord\Diablo II\BnetLog.txt
C:\Program Files\BitLord\Diablo II\BNUpdate.exe
C:\Program Files\BitLord\Diablo II\bnupdate.log
C:\Program Files\BitLord\Diablo II\D2.LNG
C:\Program Files\BitLord\Diablo II\D2080929.txt
C:\Program Files\BitLord\Diablo II\D2080930.txt
C:\Program Files\BitLord\Diablo II\D2081001.txt
C:\Program Files\BitLord\Diablo II\d2char.mpq
C:\Program Files\BitLord\Diablo II\D2Client.dll
C:\Program Files\BitLord\Diablo II\D2CMP.dll
C:\Program Files\BitLord\Diablo II\D2Common.dll
C:\Program Files\BitLord\Diablo II\d2data.mpq
C:\Program Files\BitLord\Diablo II\D2DDraw.dll
C:\Program Files\BitLord\Diablo II\D2Direct3D.dll
C:\Program Files\BitLord\Diablo II\d2exp.mpq
C:\Program Files\BitLord\Diablo II\D2Game.dll
C:\Program Files\BitLord\Diablo II\D2Gdi.dll
C:\Program Files\BitLord\Diablo II\D2gfx.dll
C:\Program Files\BitLord\Diablo II\D2Glide.dll
C:\Program Files\BitLord\Diablo II\D2Lang.dll
C:\Program Files\BitLord\Diablo II\D2Launch.dll
C:\Program Files\BitLord\Diablo II\D2MCPClient.dll
C:\Program Files\BitLord\Diablo II\D2Multi.dll
C:\Program Files\BitLord\Diablo II\d2music.mpq
C:\Program Files\BitLord\Diablo II\D2Net.dll
C:\Program Files\BitLord\Diablo II\d2readme.htm
C:\Program Files\BitLord\Diablo II\d2sfx.mpq
C:\Program Files\BitLord\Diablo II\D2sound.dll
C:\Program Files\BitLord\Diablo II\d2speech.mpq
C:\Program Files\BitLord\Diablo II\d2video.mpq
C:\Program Files\BitLord\Diablo II\D2VidTst.exe
C:\Program Files\BitLord\Diablo II\D2Win.dll
C:\Program Files\BitLord\Diablo II\D2xMusic.mpq
C:\Program Files\BitLord\Diablo II\d2xtalk.mpq
C:\Program Files\BitLord\Diablo II\D2xVideo.mpq
C:\Program Files\BitLord\Diablo II\default.key
C:\Program Files\BitLord\Diablo II\Diablo II.exe
C:\Program Files\BitLord\Diablo II\Fog.dll
C:\Program Files\BitLord\Diablo II\Game.exe
C:\Program Files\BitLord\Diablo II\ijl11.dll
C:\Program Files\BitLord\Diablo II\Install.log
C:\Program Files\BitLord\Diablo II\License.html
C:\Program Files\BitLord\Diablo II\Patch.txt
C:\Program Files\BitLord\Diablo II\patch_d2.mpq
C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.key
C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.ma0

C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.ma1
C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.ma2
C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.ma3
C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.map
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.key
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.ma0
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.ma1
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.ma2
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.ma3
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.map
C:\Program Files\BitLord\Diablo II\save\USWest\negromacerr.key
C:\Program Files\BitLord\Diablo II\save\USWest\negromacerr.ma0
C:\Program Files\BitLord\Diablo II\save\USWest\negromacerr.map
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.key
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.ma0
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.ma1
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.ma2
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.ma3
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.map
C:\Program Files\BitLord\Diablo II\save\USWest\sneakylittlerat.key
C:\Program Files\BitLord\Diablo II\save\USWest\sneakylittlerat.ma0
C:\Program Files\BitLord\Diablo II\save\USWest\sneakylittlerat.map
C:\Program Files\BitLord\Diablo II\SmackW32.dll
C:\Program Files\BitLord\Diablo II\Storm.dll
C:\Program Files\BitLord\Diablo II\support\bnet\channels.htm
C:\Program Files\BitLord\Diablo II\support\bnet\char.htm
C:\Program Files\BitLord\Diablo II\support\bnet\commands.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\16bit.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\account.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\appver.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\cdkey.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\index.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\inuse.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\manually.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\noname.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\password.htm
C:\Program Files\BitLord\Diablo II\support\bnet\general\chatboot.htm
C:\Program Files\BitLord\Diablo II\support\bnet\general\harass.htm
C:\Program Files\BitLord\Diablo II\support\bnet\general\index.htm
C:\Program Files\BitLord\Diablo II\support\bnet\general\symbols.htm
C:\Program Files\BitLord\Diablo II\support\bnet\general\symobls.htm
C:\Program Files\BitLord\Diablo II\support\bnet\index.htm
C:\Program Files\BitLord\Diablo II\support\bnet\latency.htm
C:\Program Files\BitLord\Diablo II\support\d2\accessv.htm
C:\Program Files\BitLord\Diablo II\support\d2\alt_tab.htm
C:\Program Files\BitLord\Diablo II\support\d2\altav.htm
C:\Program Files\BitLord\Diablo II\support\d2\blckedge.htm
C:\Program Files\BitLord\Diablo II\support\d2\cd.htm
C:\Program Files\BitLord\Diablo II\support\d2\choppy.htm
C:\Program Files\BitLord\Diablo II\support\d2\contact.htm
C:\Program Files\BitLord\Diablo II\support\d2\corpse.htm
C:\Program Files\BitLord\Diablo II\support\d2\cr.htm
C:\Program Files\BitLord\Diablo II\support\d2\d2music.htm
C:\Program Files\BitLord\Diablo II\support\d2\death.htm
C:\Program Files\BitLord\Diablo II\support\d2\drivers.htm
C:\Program Files\BitLord\Diablo II\support\d2\errors.htm
C:\Program Files\BitLord\Diablo II\support\d2\hardcore.htm
C:\Program Files\BitLord\Diablo II\support\d2\icontact.htm
C:\Program Files\BitLord\Diablo II\support\d2\index.htm
C:\Program Files\BitLord\Diablo II\support\d2\legalfaq.htm
C:\Program Files\BitLord\Diablo II\support\d2\minreq.htm
C:\Program Files\BitLord\Diablo II\support\d2\msinfo.htm
C:\Program Files\BitLord\Diablo II\support\d2\realm.htm
C:\Program Files\BitLord\Diablo II\support\d2\sprite.htm
C:\Program Files\BitLord\Diablo II\support\d2\tech.htm
C:\Program Files\BitLord\Diablo II\support\d2\terms.htm
C:\Program Files\BitLord\Diablo II\support\d2\unique.htm
C:\Program Files\BitLord\Diablo II\support\d2\vendors.htm
C:\Program Files\BitLord\Diablo II\support\d2\vid_mode.htm
C:\Program Files\BitLord\Diablo II\support\d2\windows.htm
C:\Program Files\BitLord\Diablo II\support\images\arrows\left.gif
C:\Program Files\BitLord\Diablo II\support\images\arrows\right.gif
C:\Program Files\BitLord\Diablo II\support\images\bnet.gif
C:\Program Files\BitLord\Diablo II\support\images\bnet.jpg
C:\Program Files\BitLord\Diablo II\support\images\cd.gif
C:\Program Files\BitLord\Diablo II\support\images\cd.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\bhood.gif
C:\Program Files\BitLord\Diablo II\support\images\char\BHood.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\blizrep.gif
C:\Program Files\BitLord\Diablo II\support\images\char\BlizRep.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\chat.gif
C:\Program Files\BitLord\Diablo II\support\images\char\Chat.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\diablo.gif
C:\Program Files\BitLord\Diablo II\support\images\char\Diablo.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\ghood.gif
C:\Program Files\BitLord\Diablo II\support\images\char\GHood.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\medic.gif
C:\Program Files\BitLord\Diablo II\support\images\char\Medic.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\mod.gif
C:\Program Files\BitLord\Diablo II\support\images\char\mod.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\referee.gif
C:\Program Files\BitLord\Diablo II\support\images\char\Referee.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\sc.gif
C:\Program Files\BitLord\Diablo II\support\images\char\SC.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\speaker.gif
C:\Program Files\BitLord\Diablo II\support\images\char\Speaker.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\sysop.gif
C:\Program Files\BitLord\Diablo II\support\images\char\SysOp.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\war2bne.gif
C:\Program Files\BitLord\Diablo II\support\images\char\War2Bne.jpg
C:\Program Files\BitLord\Diablo II\support\images\common.gif
C:\Program Files\BitLord\Diablo II\support\images\common.jpg
C:\Program Files\BitLord\Diablo II\support\images\d2logo.jpg
C:\Program Files\BitLord\Diablo II\support\images\diablo2.gif
C:\Program Files\BitLord\Diablo II\support\images\diablo2.jpg
C:\Program Files\BitLord\Diablo II\support\images\lat.gif
C:\Program Files\BitLord\Diablo II\support\images\lat.jpg
C:\Program Files\BitLord\Diablo II\support\images\msproxy\clnt1.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\clnt2.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\clnt3.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\clnt4.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp1.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp10.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp2.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp3.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp4.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp5.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp6.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp7.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp8.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp9.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msproxy.gif
C:\Program Files\BitLord\Diablo II\support\images\proxy.gif
C:\Program Files\BitLord\Diablo II\support\images\proxy.jpg
C:\Program Files\BitLord\Diablo II\support\images\readme.gif
C:\Program Files\BitLord\Diablo II\support\images\readme.jpg
C:\Program Files\BitLord\Diablo II\support\images\wingate\sc.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\sc1.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\sc2.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\sc3.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wg1.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wg2.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wg3.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wg4.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wg5.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wingate.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\sc.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\sc1.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\sc2.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\sc3.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\winproxy.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\wp1.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\wp2.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\wp3.gif
C:\Program Files\BitLord\Diablo II\support\include\support.css
C:\Program Files\BitLord\Diablo II\support\index.htm
C:\Program Files\BitLord\Diablo II\xreadme.htm
C:\Program Files\BitLord\Downloads.xml
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar - 101 - The Boy In The Iceberg & 102 - The Avatar Returns.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar - 104 - The Warriors Of Kyoshi.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E03.-.The.Southern.Air.Temple.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E05.-.The.King.of.Omashu.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E06.-.Imprisoned.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E07.-.The.Spirit.World.(Winter.Solstice,Part.One).DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E08.-.Avatar.Roku.(Winter.Solstice,Part.Two).DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E09.-.The.Waterbending.Scroll.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E10.-.Jet.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E11.-.The.Great.Divide.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E12.-.The.Storm.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E13.-.The.Blue.Spirit.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E14.-.The.Fortuneteller.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E15.-.Bato.of.the.Water.Tribe.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E16.-.The.Deserter.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E17.-.The.Northern.Air.Temple.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E18.-.The.Waterbending.Master.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E19.-.The.Siege.of.the.North.(Part.One).DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E20.-.The.Siege.of.the.North.(Part.Two).DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 05 - Avatar Day.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 10 - The Library.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 11 - The Desert.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 12 - The Serpent's Pass (Secret Of the Fire Nation Part 1).mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 13 - The Drill.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 14 - City of Walls and Secrets.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 16 - Appa's Lost Days.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 17 - Lake Laogai.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 18 - The Earth King.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 19 & 20 (The Guru, The Crossroads of Destiny) .mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 6 - The Blind Bandit.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 7 - Zuko Alone.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 8 - Chase.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Chapter 1 - The Avatar State.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Chapter 15 - Tales of Ba Sing Se.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Chapter 9 - Bitter Work.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Earth - Chapter 03- Return to Omashu.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Earth - Chapter 2 - The Cave of Two Lovers.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Earth - Chapter 4 - The Swamp.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar- The Last Airbender - Book 3- chapter 10 - The day of the black sun part 1 The invasion.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - 06 - The Avatar and the Firelord [Eng)].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 03 - The Painted Lady.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 1 - The Awakening.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 11 - The Day of Black Sun part 2 the eclipse.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 12 - The Western Air Temple [C-W].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 14 - The Boiling Rock, Part 1.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 15 - The Boiling Rock, Part 2.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 2 - The Headband.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 4 - Sokka's Master' [NICK-usotsuki] [4BD71D1D].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 5 - The Beach.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 7 - The Runaway.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 8 - The Puppetmaster.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 9 - (Nightmares and Daydreams).avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar 318-321 Sozin's Comet [Common].mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar The Last Airbender - book 3 - chapter 13 - The Firebending Masters.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar the Last Airbender - Book 3 - Chapter 16 - The Southern Raiders.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar The Last Airbender - Book 3 Chapters 18-21 - Sozin's Comet.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\The Avatar - 317 - The Ember Island Players {C_P}.avi
C:\Program Files\BitLord\lang\lang_ar_ae.xml
C:\Program Files\BitLord\lang\lang_bg_bg.xml
C:\Program Files\BitLord\lang\lang_ca_es.xml
C:\Program Files\BitLord\lang\lang_cz_cz.xml
C:\Program Files\BitLord\lang\lang_da_dk.xml
C:\Program Files\BitLord\lang\lang_de_de.xml
C:\Program Files\BitLord\lang\lang_el_gr.xml
C:\Program Files\BitLord\lang\lang_en_us.xml
C:\Program Files\BitLord\lang\lang_es_ar.xml
C:\Program Files\BitLord\lang\lang_es_es.xml
C:\Program Files\BitLord\lang\lang_et_ee.xml
C:\Program Files\BitLord\lang\lang_fi_fi.xml
C:\Program Files\BitLord\lang\lang_fr_fr.xml
C:\Program Files\BitLord\lang\lang_gl_es.xml
C:\Program Files\BitLord\lang\lang_he_il.xml
C:\Program Files\BitLord\lang\lang_hu_hu.xml
C:\Program Files\BitLord\lang\lang_it_it.xml
C:\Program Files\BitLord\lang\lang_jp_jp.xml
C:\Program Files\BitLord\lang\lang_ko_kr.xml
C:\Program Files\BitLord\lang\lang_nb_no.xml
C:\Program Files\BitLord\lang\lang_nl_nl.xml
C:\Program Files\BitLord\lang\lang_pl_pl.xml
C:\Program Files\BitLord\lang\lang_pt_br.xml
C:\Program Files\BitLord\lang\lang_pt_pt.xml
C:\Program Files\BitLord\lang\lang_ro_ro.xml
C:\Program Files\BitLord\lang\lang_ru_ru.xml
C:\Program Files\BitLord\lang\lang_sk_sk.xml
C:\Program Files\BitLord\lang\lang_sl_si.xml
C:\Program Files\BitLord\lang\lang_sr_sr.xml
C:\Program Files\BitLord\lang\lang_sv_se.xml
C:\Program Files\BitLord\lang\lang_th_th.xml
C:\Program Files\BitLord\lang\lang_tr_tr.xml
C:\Program Files\BitLord\lang\lang_va_es.xml
C:\Program Files\BitLord\lang\lang_zh_tw.xml
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Common Files\Symantec Shared\ccAlert.dll
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccDec.dll
C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll
C:\Program Files\Common Files\Symantec Shared\ccErrDsp.dll
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.CHM
C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
C:\Program Files\Common Files\Symantec Shared\ccProd.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\ccPwd.dll
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccScan.dll
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\ccWebWnd.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2EXE.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2MIME.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\DecSDK.dll
C:\Program Files\Common Files\Symantec Shared\Default.rul
C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
C:\Program Files\Common Files\Symantec Shared\Help\LUALL.chm
C:\Program Files\Common Files\Symantec Shared\IDSDefs\IDSCoLU.exe
C:\Program Files\Common Files\Symantec Shared\IDSDefs\IDSLU.exe
C:\Program Files\Common Files\Symantec Shared\Persist.BAK
C:\Program Files\Common Files\Symantec Shared\Persist.Dat
C:\Program Files\Common Files\Symantec Shared\sevinst.exe
C:\Program Files\Common Files\Symantec Shared\SNDInst.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SSC\ExchngUI.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\IMailUI.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\LDDateTm.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\LDVPDlgs.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\LDVPTask.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\ldvpui.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\LDVPView.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll
C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll
C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
C:\Program Files\Common Files\Symantec Shared\SSC\webshell.dll
C:\Program Files\Common Files\Symantec Shared\Validate.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\CATALOG.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\cceraser.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ERASER.grd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ERASER.sig
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ERASER.spm
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ERASER.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\esrdef.bin
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\HH
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVENG.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVENG.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVENG.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVENG32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVEX15.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVEX15.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVEX15.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVEX32A.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NCSACERT.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\SCRAUTH.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\SymErase.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\SymErase.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TCDEFS.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TCSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TCSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TCSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TECHNOTE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TINF.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TINFIDX.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TINFL.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TSCAN1HD.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\V.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\V.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN2.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN3.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN4.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN5.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN6.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\vscanmsx.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\WHATSNEW.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ZDONE.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\CATALOG.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\cceraser.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ERASER.grd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ERASER.sig
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ERASER.spm
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ERASER.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\esrdef.bin
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\HH
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVENG.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVENG.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVENG.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVENG32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVEX15.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVEX15.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVEX15.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVEX32A.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NCSACERT.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\SCRAUTH.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\SymErase.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\SymErase.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TCDEFS.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TCSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TCSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TCSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TECHNOTE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TINF.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TINFIDX.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TINFL.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TSCAN1HD.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\V.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\V.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN2.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN3.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN4.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN5.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN6.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\vscanmsx.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\WHATSNEW.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ZDONE.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\catalog.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecbootil.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecmsvr32.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\hh
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.exp
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng32.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.exp
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex32a.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ncsacert.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\scrauth.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcdefs.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan7.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan8.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan9.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\technote.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinf.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfidx.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfl.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1hd.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\v.grd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\v.sig
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan1.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan2.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan3.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan4.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan5.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan6.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan7.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan8.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\whatsnew.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\zdone.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\lulock.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\TextHub\virscant.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\usage.dat
C:\Program Files\LimeWire
C:\Program Files\LimeWire\hs_err_pid3876.log
C:\Program Files\LimeWire\lib\aopalliance.jar
C:\Program Files\LimeWire\lib\clink.jar
C:\Program Files\LimeWire\lib\commons-codec-1.3.jar
C:\Program Files\LimeWire\lib\commons-logging.jar
C:\Program Files\LimeWire\lib\commons-net.jar
C:\Program Files\LimeWire\lib\daap.jar
C:\Program Files\LimeWire\lib\dnsjava.jar
C:\Program Files\LimeWire\lib\forms.jar
C:\Program Files\LimeWire\lib\foxtrot.jar
C:\Program Files\LimeWire\lib\gettext-commons.jar
C:\Program Files\LimeWire\lib\guice-1.0.jar
C:\Program Files\LimeWire\lib\hsqldb.jar
C:\Program Files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
C:\Program Files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
C:\Program Files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
C:\Program Files\LimeWire\lib\icu4j.jar
C:\Program Files\LimeWire\lib\jaudiotagger.jar
C:\Program Files\LimeWire\lib\jcraft.jar
C:\Program Files\LimeWire\lib\jdic.dll
C:\Program Files\LimeWire\lib\jdic.jar
C:\Program Files\LimeWire\lib\jdic_stub.jar
C:\Program Files\LimeWire\lib\jflac.jar
C:\Program Files\LimeWire\lib\jl.jar
C:\Program Files\LimeWire\lib\jmdns.jar
C:\Program Files\LimeWire\lib\jogg.jar
C:\Program Files\LimeWire\lib\jorbis.jar
C:\Program Files\LimeWire\lib\LimeWire.jar
C:\Program Files\LimeWire\lib\log4j.jar
C:\Program Files\LimeWire\lib\looks.jar
C:\Program Files\LimeWire\lib\messages.jar
C:\Program Files\LimeWire\lib\mp3spi.jar
C:\Program Files\LimeWire\lib\onion-common.jar
C:\Program Files\LimeWire\lib\onion-fec.jar
C:\Program Files\LimeWire\lib\ProgressTabs.jar
C:\Program Files\LimeWire\lib\swt.jar
C:\Program Files\LimeWire\lib\SystemUtilities.dll
C:\Program Files\LimeWire\lib\themes.jar
C:\Program Files\LimeWire\lib\tray.dll
C:\Program Files\LimeWire\lib\tritonus.jar
C:\Program Files\LimeWire\lib\vorbisspi.jar
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Symantec AntiVirus
C:\Program Files\Symantec AntiVirus\Cliproxy.dll
C:\Program Files\Symantec AntiVirus\Cliscan.dll
C:\Program Files\Symantec AntiVirus\clninst.bat
C:\Program Files\Symantec AntiVirus\COUNTRY.DAT
C:\Program Files\Symantec AntiVirus\Dec2.dll
C:\Program Files\Symantec AntiVirus\Dec2AMG.dll
C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll
C:\Program Files\Symantec AntiVirus\Dec2CAB.dll
C:\Program Files\Symantec AntiVirus\Dec2EXE.dll
C:\Program Files\Symantec AntiVirus\Dec2GHO.dll
C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll
C:\Program Files\Symantec AntiVirus\Dec2HQX.dll
C:\Program Files\Symantec AntiVirus\Dec2ID.dll
C:\Program Files\Symantec AntiVirus\Dec2LHA.dll
C:\Program Files\Symantec AntiVirus\Dec2LZ.dll
C:\Program Files\Symantec AntiVirus\Dec2MIME.dll
C:\Program Files\Symantec AntiVirus\Dec2RTF.dll
C:\Program Files\Symantec AntiVirus\Dec2SS.dll
C:\Program Files\Symantec AntiVirus\Dec2TAR.dll
C:\Program Files\Symantec AntiVirus\Dec2Text.dll
C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll
C:\Program Files\Symantec AntiVirus\Dec2UUE.dll
C:\Program Files\Symantec AntiVirus\Dec2Zip.dll
C:\Program Files\Symantec AntiVirus\Dec3.cfg
C:\Program Files\Symantec AntiVirus\DecSDK.dll
C:\Program Files\Symantec AntiVirus\Default.hst
C:\Program Files\Symantec AntiVirus\DefUtDCD.dll
C:\Program Files\Symantec AntiVirus\DefUtDCS.dll
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\DWHWizrd.exe
C:\Program Files\Symantec AntiVirus\ecmldr32.DLL
C:\Program Files\Symantec AntiVirus\I2ldvp3.dll
C:\Program Files\Symantec AntiVirus\IMail.dll
C:\Program Files\Symantec AntiVirus\LDVPREG.exe
C:\Program Files\Symantec AntiVirus\LuaWrap.exe
C:\Program Files\Symantec AntiVirus\LuHstEdt.dll
C:\Program Files\Symantec AntiVirus\NAVAPI32.DLL
C:\Program Files\Symantec AntiVirus\NAVLU.dll
C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL
C:\Program Files\Symantec AntiVirus\nnewdefs.dll
C:\Program Files\Symantec AntiVirus\OEHeur.dll
C:\Program Files\Symantec AntiVirus\PATCH32I.DLL
C:\Program Files\Symantec AntiVirus\PLATFORM.DAT
C:\Program Files\Symantec AntiVirus\qscomm32.dll
C:\Program Files\Symantec AntiVirus\QsInfo.dll
C:\Program Files\Symantec AntiVirus\qspak32.dll
C:\Program Files\Symantec AntiVirus\Rec2.dll
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec AntiVirus\SAVCProd.dll
C:\Program Files\Symantec AntiVirus\SavEmail.dll
C:\Program Files\Symantec AntiVirus\savhelp.chm
C:\Program Files\Symantec AntiVirus\savmain.chm
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\savrt.cat
C:\Program Files\Symantec AntiVirus\savrt.dat
C:\Program Files\Symantec AntiVirus\savrt.inf
C:\Program Files\Symantec AntiVirus\savrt.sys
C:\Program Files\Symantec AntiVirus\SavRT32.dll
C:\Program Files\Symantec AntiVirus\savrtpel.cat
C:\Program Files\Symantec AntiVirus\savrtpel.inf
C:\Program Files\Symantec AntiVirus\Savrtpel.sys
C:\Program Files\Symantec AntiVirus\SCANCFG.DAT
C:\Program Files\Symantec AntiVirus\SCANDLVR.DLL
C:\Program Files\Symantec AntiVirus\SCANDRES.DLL
C:\Program Files\Symantec AntiVirus\SDPCK32I.DLL
C:\Program Files\Symantec AntiVirus\SDSND32I.DLL
C:\Program Files\Symantec AntiVirus\SDSOK32I.DLL
C:\Program Files\Symantec AntiVirus\SDSTP32I.DLL
C:\Program Files\Symantec AntiVirus\SMSTR32I.DLL
C:\Program Files\Symantec AntiVirus\SRTLEXCL.DAT
C:\Program Files\Symantec AntiVirus\SRTSEXCL.DAT
C:\Program Files\Symantec AntiVirus\SymClnUp.exe
C:\Program Files\Symantec AntiVirus\Virus Defs\CATALOG.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\ECBOOTIL.VXD
C:\Program Files\Symantec AntiVirus\Virus Defs\ECMSVR32.DLL
C:\Program Files\Symantec AntiVirus\Virus Defs\HH
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVENG.EXP
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVENG.SYS
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVENG.VXD
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVENG32.DLL
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVEX15.EXP
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVEX15.SYS
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVEX15.VXD
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVEX32A.DLL
C:\Program Files\Symantec AntiVirus\Virus Defs\NCSACERT.TXT
C:\Program Files\Symantec AntiVirus\Virus Defs\SCRAUTH.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\SYMAVENG.CAT
C:\Program Files\Symantec AntiVirus\Virus Defs\SYMAVENG.INF
C:\Program Files\Symantec AntiVirus\Virus Defs\TCDEFS.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TCSCAN7.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TCSCAN8.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TCSCAN9.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TECHNOTE.TXT
C:\Program Files\Symantec AntiVirus\Virus Defs\TINF.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TINFIDX.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TINFL.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TSCAN1.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TSCAN1HD.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\V.GRD
C:\Program Files\Symantec AntiVirus\Virus Defs\V.SIG
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN.INF
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN1.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN2.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN3.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN4.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN5.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN6.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN7.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN8.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN9.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCANT.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\WHATSNEW.TXT
C:\Program Files\Symantec AntiVirus\Virus Defs\ZDONE.DAT
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\Program Files\Symantec AntiVirus\VPDN_LU.exe
C:\Program Files\Symantec AntiVirus\vpmsece.dll
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Temp\mtc2
C:\Temp\mtc2\h5v.log
C:\WINDOWS\system32\mC02
C:\WINDOWS\system32\ssqNeEuv.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.

2008-09-28 16:06 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-25 19:57 . 2008-09-25 19:57 <DIR> d-------- C:\Program Files\Sun
2008-09-25 09:50 . 2008-09-25 09:52 <DIR> d-------- C:\Documents and Settings\soseberg\Application Data\SiteAdvisor
2008-09-25 09:50 . 2008-09-25 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-25 09:50 . 2008-09-25 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-24 05:42 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-24 02:15 . 2008-09-24 02:28 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\CCleaner
2008-09-23 16:31 . 2008-09-23 16:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-20 12:33 . 2008-09-20 12:33 <DIR> d-------- C:\Program Files\Microsoft Games
2008-09-20 01:09 . 2008-09-20 01:09 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-09-20 01:09 . 2008-09-20 01:40 41,509 --a------ C:\WINDOWS\DIIUnin.dat
2008-09-20 01:09 . 2008-09-20 01:09 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-09-16 19:23 . 2008-09-20 01:38 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-09-16 19:23 . 2008-09-20 01:38 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-09-16 19:23 . 2008-09-20 01:38 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 16:37 1,838 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-28 23:06 --------- d-----w C:\Program Files\Java
2008-09-25 16:21 --------- d-----w C:\Program Files\Mjcore
2008-09-24 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 06:44 --------- d-----w C:\Program Files\Viewpoint
2008-09-22 06:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-19 04:16 --------- d-----w C:\Program Files\InterActual
2008-09-17 09:09 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-05 04:19 --------- d-----w C:\Program Files\Conduit
2008-09-02 21:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-26 18:50 153,483 ----a-w C:\WINDOWS\system32\g6.exe
2008-08-25 18:32 --------- d-----w C:\Program Files\Google
2008-08-21 08:48 --------- d-----w C:\Program Files\Verizon Wireless
2008-08-21 08:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 08:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 21:51 355 ----a-w C:\334.bat
2008-08-18 21:42 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\Scanner
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\aolback
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\ComcastToolbar
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-18 21:40 --------- d-----w C:\Program Files\Yahoo!
2008-08-11 05:04 1,491,111 --sha-w C:\WINDOWS\system32\gqkondov.tmp
2008-08-10 18:57 77 ----a-w C:\Documents and Settings\soseberg\9123.bat
2008-08-05 06:37 --------- d-----w C:\Program Files\Picasa2
2008-08-02 02:54 --------- d-----w C:\Documents and Settings\soseberg\Application Data\Uniblue
2008-08-02 02:03 --------- d-----w C:\Program Files\Bonjour
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-01-23 12:07 1,847,296 ----a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
2006-08-23 20:52 56 --sh--r C:\WINDOWS\system32\7BF3C4AD00.sys
.

((((((((((((((((((((((((((((( snapshot_2008-10-02_ 7.06.23.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-02 19:22:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_150.dat
+ 2008-10-02 19:22:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2006-06-14 53248]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-05 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2008-06-22 629248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\soseberg\\Application Data\\vusbsp\\VonageTalkUSB.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\act.scheduler.exe [2006-08-23 53248]
S2 ClockDaemon;Clock Daemon;C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe [ ]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 55344]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 9200]
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 69632]
S3 SQLAgent$ACT7;SQLAgent$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 311872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f7199ba-5293-11dc-b410-00123f1296c3}]
\Shell\AutoRun\command - E:\Loaderw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f70f64ae-6863-11db-b37c-00123f1296c3}]
\Shell\AutoRun\command - F:\Loaderw.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 12:29:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-02 12:31:59
ComboFix-quarantined-files.txt 2008-10-02 19:31:19
ComboFix2.txt 2008-10-02 14:06:53
ComboFix3.txt 2008-09-24 01:26:38

Pre-Run: 18,877,657,088 bytes free
Post-Run: 18,850,205,696 bytes free

868 --- E O F --- 2007-12-13 15:51:21

soseberg · Oct 2, 2008

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51, on 2008-10-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1222260100609
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - C:\Program Files\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec AntiVirus - Unknown owner - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9513 bytes

soseberg · Oct 2, 2008

symtantec & bitlord removal ?

p.s. looking in add/remove programs & program files, I still see symantec liveupdate

C:\Program Files\Symantec\LiveUpdate

also - looking at bitlord, i found these remnants of WOW. should i delete? I will have to look closer at bitlord - my guess is it uses peering?

C:\Documents and Settings\Bitlord\WoW-2.3.0.7561-enUS\World of Warcraft (OS X).app\Contents\Resources

virtumonde / smitfraud-c.coreservice / zenosearch / directrack / deewoo

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

New member