PDA

View Full Version : Security Warning: your computer may be infected with harmful or unwa



xAyumiii
2007-12-23, 18:43
Ever since yesterday, my computer has been going crazy on me. I keep getting this message "Security Warning: your computer may be infected with harmful or unwanted software!" Please help~

Here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:12 AM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\WINDOWS\system32\hkcmd .exe
D:\Program Files\Ahead\InCD\InCD .exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched .exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Common Files\Real\Update_OB\realsched .exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc .exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
D:\WINDOWS\system32\ctfmon .exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\PROGRA~1\Jetico\BESTCR~1\BCResident.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\shell.exe
F3 - REG:win.ini: load=D:\WINDOWS\system32\awtqr.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1137343402\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCWipeTM Startup] "D:\Program Files\Jetico\BestCrypt\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ebulchaj] rundll32.exe "D:\Program Files\ebulchaj\ozsfubgr.dll",Init
O4 - HKLM\..\Run: [SC2] D:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [lsass] D:\WINDOWS\lsass .exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTDrive] rundll32.exe D:\WINDOWS\system32\drvfit.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKLM\..\Policies\Explorer\Run: [m1lv1JxECH] rundll32.exe "D:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Global Startup: BestCrypt Auto Open.lnk = D:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137214321562
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: D:\WINDOWS\system32\wowfx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - D:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9762 bytes

Thank you~

shelf life
2007-12-24, 17:50
hi xAyumiii

before using hjt disable spybots teatimer like this:

Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.
----------------------------------------------------------
first we will use hjt, then boot computer into safe mode:

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\shell.exe

F3 - REG:win.ini: load=D:\WINDOWS\system32\awtqr.exe

O4 - HKLM\..\Run: [ebulchaj] rundll32.exe "D:\Program Files\ebulchaj\ozsfubgr.dll",Init

O4 - HKLM\..\Run: [SC2] D:\Program Files\SecCenter\scprot4.exe

O4 - HKLM\..\Run: [lsass] D:\WINDOWS\lsass .exe

O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe

O4 - HKLM\..\Policies\Explorer\Run: [m1lv1JxECH] rundll32.exe "D:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer

O20 - AppInit_DLLs: D:\WINDOWS\system32\wowfx.dll
----------------------------------------------------------
SAFE MODE;

time for safe mode. you should copy/paste this into notepad and save it somewhere so you can find and read it in safe mode.

to reach safe mode you would tap the f8 key during a computer restart. chose the first option safe mode.

once in safe mode:
navigate to the C\windows dir, look for and delete:
xpupdate.exe

navigate to:D\WINDOWS\system32
and delete awtqr.exe
and wowfx.dll

navigate to
D:\Program Files and delete the folder called:
SecCenter

next:
using explorer(right click on start>explore) drill down to these you want to delete whats >inside< the folder, not the folder itself.

C:\Windows\Temp\

C:\Documents and Settings\-Your Profile-\Local Settings\Temporary Internet Files\ (will dump all your cached internet content including cookies)

C:\Documents and Settings\-Your Profile-\Local Settings\Temp\

C:\Documents and Settings\-Any other users Profile-\Local Settings\Temporary Internet Files\

C:\Documents and Settings\-Any other users Profile-\Local Settings\Temp\

last;
while you are in safe mode run spybot once.
----------------------------
reboot computer normally. first stop is to get 2 downloads;

download and run vundofix.exe:

http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
-----------------------------------
Download combofix from one of these links and save it to Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

please post; the vundo log, the combofix log and a new hjt log

xAyumiii
2007-12-24, 20:32
Hey~

Here's the vundofix log:

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.10

Scan started at 12:41:05 PM 12/24/2007

Listing files found while scanning....

D:\windows\system32\drvfitr.dll

Beginning removal...

Attempting to delete D:\windows\system32\drvfitr.dll
D:\windows\system32\drvfitr.dll Has been deleted!

Performing Repairs to the registry.
Done!

the Hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:15 PM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\PROGRA~1\Jetico\BESTCR~1\BCResident.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - D:\Program Files\Humykfax\cvoarlfo.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EDD3948-E753-413E-8C84-BA20D25CC497} - D:\WINDOWS\system32\awtqr.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - D:\WINDOWS\system32\iifdaxu.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1137343402\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCWipeTM Startup] "D:\Program Files\Jetico\BestCrypt\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BestCrypt Auto Open.lnk = D:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137214321562
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - Winlogon Notify: iifdaxu - iifdaxu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9300 bytes

when i tried to use combo fix, i get this message:

"swreg.cfexe - application error: the instruction at "0x7c9111de" referenced memory at "0x4f444e49". the memory could not be "read". Click OK to terminate the program."

thank you <3

shelf life
2007-12-24, 23:52
hi,

ok thanks for the info. hjt log looks better already, never seen that with combofix. we can try two things:

move the combofix icon to your root drive, C:

go to start, right click>explore. drag the icon from your desktop to Local Disk C:
then you should see the icon in the right hand window, double click it to start it.

if that dosnt work then run it while in safe mode. to reach safe mode tap the f8 key during a computer restart. chose the first option safe mode
------------------------
also do this:

start HJT, click the "Scan" button. check the items below if present- close any open windows, then click "Fixed checked"

O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - D:\Program Files\Humykfax\cvoarlfo.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8EDD3948-E753-413E-8C84-BA20D25CC497} - D:\WINDOWS\system32\awtqr.dll

O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - D:\WINDOWS\system32\iifdaxu.dll (file missing)

O20 - Winlogon Notify: iifdaxu - iifdaxu.dll (file missing)

xAyumiii
2007-12-25, 04:26
Hey,

Combofix worked in safe mode <33 =D

Here's the log:

ComboFix 07-12-21.4 - HP 2007-12-24 8:55:14.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1033.18.88 [GMT -5:00]
Running from: D:\Documents and Settings\HP\My Documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Program Files\ebulchaj
D:\Program Files\ebulchaj\ozsfubgr.dll
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\cup.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\customer_cup.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\heart.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_down.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_up.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\plates.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\ticket.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\tray.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\music\mainmenumusic.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_bring_check_1_snd.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_diner.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_food_ready_1_snd.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_gain_heart_1.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pencil_write_2.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_rollover_1.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_seat_people_snd.ogg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\choosedifficulty.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\credits.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_lose.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_win.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help1.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help2.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\highscores.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro_mask.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover_mask.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\mainmenu.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup_mask.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradegrid.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradetitle.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upsell.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_blue.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_yellow.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_blue.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_yellow.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_blue.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_yellow.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalk.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalkup.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_blue.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_yellow.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancel.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancelup.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career_over.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\close.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\closeup.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continue.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continueover.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_blue.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_yellow.png

xAyumiii
2007-12-25, 04:27
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_blue.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_yellow.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy_over.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift_over.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard_over.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help_over.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores_over.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_blue.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_yellow.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplay.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplayover.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium_over.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfo.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfoup.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off_on.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on_on.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pause.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pauseover.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quit.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgame.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgameover.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitover.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegame.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegameover.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submit.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submitup.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagain.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagainover.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_over.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_up.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobal.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobalup.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscore.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscoreon.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocal.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocalup.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\comics\webcomic.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\career.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\customer.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\endless.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\global.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\powerups.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\stove.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\arrow.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click2.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\grab.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\open.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\sit_legs.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\sit_legs.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\sit_legs.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\sit_legs.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\sit_legs.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\sit_legs.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\sit_legs.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\sit_legs.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\sit_legs.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\sit_legs.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\arial.mvec
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\komikaaxis.mvec
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt2top.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt4top.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_off.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on1.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on2.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdown.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdownon.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowleft.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowlefton.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowright.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowrighton.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowup.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowupon.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\p1icon.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\textedit.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\title.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_a.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_b.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_c.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_a.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_b.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_c.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_d.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_a.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_b.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_c.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_d.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fifth_level_diner.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\first_level_diner.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fourth_level_diner.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\second_level_diner.txt
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\playfirst_logo.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\background.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\frames\upgrade_0001.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\upgrades.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\tableshadow.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\choosedifficulty.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooseplayer.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooserestaurant.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\credits.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\game.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\gothighscore.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help2.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscore.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoreinfo.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoresubmit.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelintro.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelover.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\loading.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainloop.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainmenu.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\ok.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\pause.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\style.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\tutorialintro.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upgrade.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upsell.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\webcomic.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\yesno.lua
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\aol_logo.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\gamelabsplash.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\playfirst_logo.jpg
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\strings.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\check.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\checkmark.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\clock.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closed.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closingtime.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\dollar.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\coffee.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\tables.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\wallpaper.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expert.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expertscore.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\fork_timer.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\goalcompleted.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level_career.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\score.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\sound.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staroff.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staron.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumber.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumberup.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\traynumber.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorial_character.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialarrow.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialbox.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.xml
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\drinks.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\maitred.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\oven.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\select.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\shoes.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\stereo.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\table.png
D:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72\dinerdash.exe
D:\WINDOWS\PerfInfo

xAyumiii
2007-12-25, 04:28
D:\WINDOWS\PerfInfo\m1lv1JxECHuc.exe
D:\WINDOWS\PerfInfo\m1lv1JxECHud.exe
D:\WINDOWS\system32\awtqr.dll
D:\WINDOWS\system32\njprckha
D:\WINDOWS\system32\njprckha\bg1.gif
D:\WINDOWS\system32\njprckha\bgtop.gif
D:\WINDOWS\system32\njprckha\bottom1.gif
D:\WINDOWS\system32\njprckha\essentials.gif
D:\WINDOWS\system32\njprckha\icon1.ico
D:\WINDOWS\system32\njprckha\install1.gif
D:\WINDOWS\system32\njprckha\left1.gif
D:\WINDOWS\system32\njprckha\li.gif
D:\WINDOWS\system32\njprckha\logo.gif
D:\WINDOWS\system32\njprckha\main.htm
D:\WINDOWS\system32\njprckha\mainframe.htm
D:\WINDOWS\system32\njprckha\njprckha1.exe
D:\WINDOWS\system32\njprckha\njprckha2.exe
D:\WINDOWS\system32\njprckha\njprckha3.exe
D:\WINDOWS\system32\njprckha\reinstall1.gif
D:\WINDOWS\system32\njprckha\right1.gif
D:\WINDOWS\system32\njprckha\s1.htm
D:\WINDOWS\system32\njprckha\s2.htm
D: \WINDOWS\system32\njprckha\s3.htm
D:\WINDOWS\system32\njprckha\SMTop1.gif
D:\WINDOWS\system32\njprckha\SMTop2.gif
D:\WINDOWS\system32\njprckha\SMTop3.gif
D:\WINDOWS\system32\njprckha\SMTop4.gif
D:\WINDOWS\system32\njprckha\soft1_off.gif
D:\WINDOWS\system32\njprckha\soft1_off_ext.gif
D:\WINDOWS\system32\njprckha\soft1_on.gif
D:\WINDOWS\system32\njprckha\soft1_on_ext.gif
D:\WINDOWS\system32\njprckha\soft2_off.gif
D:\WINDOWS\system32\njprckha\soft2_off_ext.gif
D:\WINDOWS\system32\njprckha\soft2_on.gif
D:\WINDOWS\system32\njprckha\soft2_on_ext.gif
D:\WINDOWS\system32\njprckha\soft3_off.gif
D:\WINDOWS\system32\njprckha\soft3_off_ext.gif
D:\WINDOWS\system32\njprckha\soft3_on.gif
D:\WINDOWS\system32\njprckha\soft3_on_ext.gif
D:\WINDOWS\system32\njprckha\softbottom_off.gif
D:\WINDOWS\system32\njprckha\softbottom_on.gif
D:\WINDOWS\system32\njprckha\softleft_off.gif
D:\WINDOWS\system32\njprckha\softleft_on.gif
D:\WINDOWS\ system32\njprckha\top1.gif
D:\WINDOWS\system32\njprckha\top2.gif
D:\WINDOWS\system32\njprckha\turnoff1.gif
D:\WINDOWS\system32\njprckha\turnon1.gif
D:\WINDOWS\system32\rqtwa.ini
D:\WINDOWS\system32\rqtwa.ini2
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-24 13:01 . 2007-12-24 13:01 24,576 --a------ D:\WINDOWS\system32\VundoFixSVC.exe
2007-12-24 12:41 . 2007-12-24 12:41 <DIR> d-------- D:\VundoFix Backups
2007-12-24 08:49 . 2007-12-24 08:56 326,656 --a------ D:\WINDOWS\system32\awtqr.exe
2007-12-24 06:17 . 2004-08-20 15:56 159,744 --a------ D:\WINDOWS\system32\igfxres.dll
2007-12-23 22:39 . 2007-12-23 22:39 1,409 --a------ D:\WINDOWS\QTFont.for
2007-12-23 22:38 . 2007-12-24 10:37 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2007-12-23 20:45 . 2004-08-04 07:00 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2007-12-23 20:42 . 2003-02-28 18:26 139,536 --a------ D:\WINDOWS\system32\javaee.dll
2007-12-23 20:34 . 2007-12-24 02:46 1,393 --a------ D:\WINDOWS\imsins.BAK
2007-12-23 19:25 . 2007-07-30 19:18 34,136 --a------ D:\WINDOWS\system32\wucltui.dll.mui
2007-12-23 19:25 . 2007-07-30 19:19 25,944 --a------ D:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-23 19:25 . 2007-07-30 19:19 25,944 --a------ D:\WINDOWS\system32\wuapi.dll.mui
2007-12-23 19:25 . 2007-07-30 19:18 20,312 --a------ D:\WINDOWS\system32\wuaueng.dll.mui
2007-12-23 14:25 . 2007-12-23 14:25 <DIR> d-------- D:\Program Files\Defraggler
2007-12-23 14:24 . 2007-12-23 14:24 <DIR> d-------- D:\Program Files\CCleaner
2007-12-23 13:11 . 2007-12-23 13:11 30,590 --a------ D:\WINDOWS\system32\pavas.ico
2007-12-23 13:11 . 2007-12-23 13:11 2,550 --a------ D:\WINDOWS\system32\Uninstall.ico
2007-12-23 13:11 . 2007-12-23 13:11 1,406 --a------ D:\WINDOWS\system32\Help.ico
2007-12-23 13:10 . 2007-12-23 13:12 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2007-12-23 12:42 . 2007-12-23 12:42 3,822 --a------ D:\WINDOWS\system32\tmp.reg
2007-12-23 12:26 . 2007-09-05 23:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2007-12-23 12:26 . 2006-04-27 16:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2007-12-23 12:26 . 2007-12-20 23:11 81,920 --a------ D:\WINDOWS\system32\IEDFix.exe
2007-12-23 12:26 . 2003-06-05 20:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2007-12-23 12:26 . 2004-07-31 17:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2007-12-23 12:26 . 2007-10-03 23:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2007-12-23 11:38 . 2007-12-23 11:38 <DIR> d-------- D:\Program Files\Trend Micro
2007-12-23 10:02 . 2007-12-24 11:29 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-23 09:51 . 2007-12-23 09:51 <DIR> d-------- D:\WINDOWS\ppqvmpqr
2007-12-23 09:50 . 2007-12-23 09:50 208,896 --a------ D:\WINDOWS\system32\ndaTqsVqrX.dll
2007-12-23 00:25 . 2007-12-23 00:14 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-23 00:14 . 2007-12-23 00:30 <DIR> d-------- D:\Documents and Settings\HP\.housecall6.6
2007-12-22 21:44 . 2007-12-22 21:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-22 21:26 . 2001-08-17 22:36 3,200 --a------ D:\WINDOWS\system32\wowfax.dll
2007-12-22 21:26 . 2001-08-17 22:36 3,200 --a--c--- D:\WINDOWS\system32\dllcache\wowfax.dll
2007-12-22 21:21 . 2007-12-24 10:37 15,360 --a------ D:\WINDOWS\system32\ctfmon .exe
2007-12-22 19:33 . 2007-12-22 19:33 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-12-22 18:55 . 2007-12-23 19:48 <DIR> d-------- D:\Documents and Settings\HP\Application Data\AVG7
2007-12-22 18:50 . 2007-12-22 18:50 <DIR> d-------- D:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-22 18:48 . 2007-12-22 18:48 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 18:48 . 2007-12-22 20:19 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 16:23 . 2007-12-24 10:36 155,648 --a------ D:\WINDOWS\system32\NeroCheck .exe
2007-12-22 16:23 . 2007-12-22 17:11 155,648 --a------ D:\WINDOWS\system32\igfxtray .exe
2007-12-22 16:23 . 2007-12-24 10:36 118,784 --a------ D:\WINDOWS\system32\hkcmd .exe
2007-12-22 14:05 . 2007-12-22 14:05 <DIR> d-------- D:\Program Files\Common Files\xing shared
2007-12-21 00:42 . 2007-12-21 00:42 268 --ah----- D:\sqmdata06.sqm
2007-12-21 00:42 . 2007-12-21 00:42 244 --ah----- D:\sqmnoopt06.sqm
2007-12-19 19:24 . 2007-12-19 19:24 268 --ah----- D:\sqmdata05.sqm
2007-12-19 19:24 . 2007-12-19 19:24 244 --ah----- D:\sqmnoopt05.sqm
2007-12-17 20:26 . 2007-12-22 15:56 <DIR> dr------- D:\Documents and Settings\All Users\Documents
2007-12-09 11:57 . 2007-12-09 11:57 <DIR> d-------- D:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 13:55 --------- d-----w D:\Program Files\QuickTime
2007-12-24 13:55 --------- d-----w D:\Program Files\iTunes
2007-12-24 00:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\WildTangent
2007-12-23 02:45 --------- d-----w D:\Program Files\Lavasoft
2007-12-23 02:45 --------- d-----w D:\Documents and Settings\HP\Application Data\Lavasoft
2007-12-22 19:05 --------- d-----w D:\Program Files\Real
2007-12-22 19:04 --------- d-----w D:\Program Files\Common Files\Real
2007-12-22 00:29 20 ---h--w D:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-12-15 18:36 --------- d-----w D:\Documents and Settings\HP\Application Data\Apple Computer
2007-12-09 17:03 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-09 16:41 --------- d-----w D:\Program Files\BitComet
2007-11-23 20:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-10 04:21 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 00:36 --------- d-----w D:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-27 18:02 774,144 ----a-w D:\Program Files\RngInterstitial.dll
2007-10-27 00:54 --------- d-----w D:\Documents and Settings\HP\Application Data\My Games
2007-09-29 01:01 57,680 ----a-w D:\Documents and Settings\HP\Application Data\GDIPFONTCACHEV1.DAT
2006-01-29 00:36 80 --sh--r D:\WINDOWS\system32\48FCA516DD.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

xAyumiii
2007-12-25, 04:29
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
D:\Program Files\Humykfax\cvoarlfo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2007-12-24 08:55]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-12-24 08:55]
"MSPY2002"="D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2007-12-24 08:55]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-12-24 08:55]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-12-24 08:55]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-12-24 08:55]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-12-24 08:55]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2007-12-24 08:55]
"InCD"="D:\Program Files\Ahead\InCD\InCD.exe" [2007-12-24 08:55]
"HostManager"="D:\Program Files\Common Files\AOL\1137343402\ee\AOLSoftware.exe" [2007-12-24 08:55]
"HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" []
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2007-12-24 08:55]
"QuickTime Task"="D:\Program Files\QuickTime\qttask .exe" [2007-12-24 08:55]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-12-24 08:55]
"BCWipeTM Startup"="D:\Program Files\Jetico\BestCrypt\BCWipeTM.exe" [2007-12-24 08:56]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-24 08:56]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 08:56]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 D:\WINDOWS\ALCXMNTR.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-22 19:01]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BestCrypt Auto Open.lnk - D:\Program Files\Jetico\BestCrypt\BestCrypt.exe [2007-09-18 03:39:05]
NkbMonitor.exe.lnk - D:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-07-06 14:24:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdaxu]
iifdaxu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=D:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=D:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2003-12-17 15:51 94208 --a------ D:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
D:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

R1 BC_3DES;BC_3DES;D:\WINDOWS\system32\drivers\BC_3DES.sys [2007-05-30 22:44]
R1 BC_BF128;BC_BF128;D:\WINDOWS\system32\drivers\BC_BF128.sys [2007-05-30 22:45]
R1 BC_BF448;BC_BF448;D:\WINDOWS\system32\drivers\BC_BF448.sys [2007-05-30 22:46]
R1 BC_BFish;BC_BFish;D:\WINDOWS\system32\drivers\BC_BFish.sys [2007-05-30 22:47]
R1 BC_CAST;BC_CAST;D:\WINDOWS\system32\drivers\BC_CAST.sys [2007-05-30 22:48]
R1 BC_DES;BC_DES;D:\WINDOWS\system32\drivers\BC_DES.sys [2007-05-30 22:49]
R1 BC_Gost;BC_Gost;D:\WINDOWS\system32\drivers\BC_Gost.sys [2007-05-30 22:50]
R1 BC_RC6;BC_RC6;D:\WINDOWS\system32\drivers\BC_RC6.sys [2007-05-30 22:52]
R1 BC_RIJN;BC_RIJN;D:\WINDOWS\system32\drivers\BC_RIJN.sys [2007-05-30 22:53]
R1 BC_SERP;BC_SERP;D:\WINDOWS\system32\drivers\BC_SERP.sys [2007-05-30 22:54]
R1 BC_TFISH;BC_TFISH;D:\WINDOWS\system32\drivers\BC_TFISH.sys [2007-05-30 22:54]
R1 bcbus;BestCrypt bus driver;D:\WINDOWS\system32\DRIVERS\bcbus.sys [2007-08-16 04:25]
R1 fsh;fsh;D:\WINDOWS\system32\drivers\fsh.sys [2007-03-05 05:35]
R1 GhPciScan;GhostPciScanner;D:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-12-17 15:41]
R2 NkPtpEnumP2;NkPtpEnumP2;"D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d="D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll" []
R3 mhk;mhk;D:\WINDOWS\system32\drivers\mhk.sys [2006-12-12 06:45]
R3 moh;moh;D:\WINDOWS\system32\drivers\moh.sys [2006-12-12 06:45]
R3 VBus;Virtual Bus;D:\WINDOWS\system32\DRIVERS\NkVBus.sys [2006-05-11 12:06]
S3 w600bus;Sony Ericsson W600 driver (WDM);D:\WINDOWS\system32\DRIVERS\w600bus.sys []
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\w600mdfl.sys []
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;D:\WINDOWS\system32\DRIVERS\w600mdm.sys []
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;D:\WINDOWS\system32\DRIVERS\w600mgmt.sys []
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;D:\WINDOWS\system32\DRIVERS\w600obex.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-07 01:15:16 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 09:11:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-24 9:14:10 - machine was rebooted [HP]
.
2007-12-24 07:47:28 --- E O F ---

hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:41 AM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\conime.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\PROGRA~1\Jetico\BESTCR~1\BCResident.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1137343402\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCWipeTM Startup] "D:\Program Files\Jetico\BestCrypt\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BestCrypt Auto Open.lnk = D:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137214321562
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - Winlogon Notify: iifdaxu - iifdaxu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8911 bytes

shelf life
2007-12-26, 00:13
hi,

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file on the desktop and click on Merge, when it asks you to merge with the Registry, say yes.


[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
D:\Program Files\Humykfax\cvoarlfo.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdaxu]
iifdaxu.dll


run hjt once more to remove this entry:
O20 - Winlogon Notify: iifdaxu - iifdaxu.dll (file missing)
-------------------
last look in add/remove programs panel and uninstall:

viewpoint or viewpoint manager. its foistware (installed without your knowledge) and worthless anyway.

reboot computer once and post a new hjt log. hows it looking on your end now?

shelf life

xAyumiii
2007-12-27, 19:08
Hey,

after clicking yes to add to the registry, it says:

Cannot import D:\Documents and Settings\HP\Desktop\Regfix.reg: this specified file is not a registry script. you an only import binary registry files from within the registry editor.

i deleted viewpoint manager, should i delete viewpoint media player as well?

hjt log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:28 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\PROGRA~1\Jetico\BESTCR~1\BCResident.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1137343402\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCWipeTM Startup] "D:\Program Files\Jetico\BestCrypt\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BestCrypt Auto Open.lnk = D:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137214321562
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8695 bytes

Thank you~~~

shelf life
2007-12-28, 05:16
hi,

that didnt work because i left something off. try this instead:




REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
D:\Program Files\Humykfax\cvoarlfo.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdaxu]
iifdaxu.dll


should i delete viewpoint media player
yes.

hows it looking on your end now?

shelf life

xAyumiii
2007-12-28, 18:28
It worked <3, Thank you~

hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:40 AM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\PROGRA~1\Jetico\BESTCR~1\BCResident.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1137343402\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCWipeTM Startup] "D:\Program Files\Jetico\BestCrypt\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BestCrypt Auto Open.lnk = D:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137214321562
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - D:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe

--
End of file - 8615 bytes

shelf life
2007-12-28, 22:01
hi,

ok good. these are not malware but you can have hjt "fix" them if you want:

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O8 - Extra context menu item: &Search - ?p=ZJfox000
-------------------------------
if all is good time to make new restore points:

One of the features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is agood idea after malware is removed.



To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.



(winXP)



1. Turn off System Restore. (deletes old possibly infected restore point)

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.



2. Reboot.



3. Turn ON System Restore.(new restore points on a clean system)

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK, then reboot

happy safe surfing out there.

xAyumiii
2007-12-30, 19:47
Thank you sooooooooooo very much <3333

Thank you Thank you~

shelf life
2007-12-31, 03:27
hi xAyumiii,

your welcome. happy safe surfing out there.