demonic_angel
2008-03-26, 08:30
I unexpectedly got a really wierd virus today...and I don't know how to get rid of it. It slows down my computer, and crashes internet explorer.
Here's my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 23:29, on 2008-03-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Xfire\Xfire.exe
D:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HI JACK!\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {069EA346-60ED-4B11-A6DA-B2E2F43AE540} - C:\WINDOWS\system32\nnnlm.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\system32\wvuuspo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {e44a5db3-7f3b-a9b9-1214-e66445ea7c95} - {59c7ae54-466e-4121-9b9a-b3f73bd5a44e} - C:\WINDOWS\system32\bvbnovts.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442097479
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvuuspo - C:\WINDOWS\SYSTEM32\wvuuspo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
Thanks
ndmmxiaomayi
2008-03-28, 09:39
Hi,
Before I continue, I notice that you have Bitcomet installed.
Have you been using Bitcomet to share and download files?
demonic_angel
2008-03-28, 17:31
Hi, thanks for replying.
Yes, I used bitcomet to download a game, but it should be safe. and I turn it off whenever I don't use it
ndmmxiaomayi
2008-03-28, 18:12
OK.
Take note that you are not to use any P2P programs when we are cleaning the computer.
You will have to remove all P2P programs if during the course of cleaning I see it running.
A list of clean and infected P2P programs can be found at Malware Removal (http://p2p.malwareremoval.com/) and Spyware Info (http://www.spywareinfo.com/articles/p2p/).
The risks of using a P2P program are stated in this Sourceforge website (http://aresgalaxy.sourceforge.net/p2prisks.htm) and Information Week article (http://www.informationweek.com/security/showArticle.jhtml?articleID=53200209&pgno=2&queryText=).
Please also read this sticky (http://forums.spybot.info/showthread.php?t=282).
____________________
Step 1
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Please download Combofix from Bleeping Computer (http://download.bleepingcomputer.com/sUBs/ComboFix.exe). Save it to your desktop.
If you can't download it, please try these 2 alternative sites:
Forospyware (http://www.forospyware.com/sUBs/ComboFix.exe)
Geeks to Go (http://subs.geekstogo.com/ComboFix.exe)
Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply.
Do not mouse click on Combofix while it is running. That may cause it to stall.
Step 2
Please download and install CCleaner Slim (http://www.ccleaner.com/download/builds/downloading-slim).
Once installed, double click on the desktop shortcut created.
On the leftmost column, click on Tools.
On the middle column, click on Uninstall.
At the bottom right hand corner, click on the Save to text file... button.
By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
Close CCleaner.
Note: Doing this will not uninstall any programs. It will only produce a log of installed programs on your computer.
In your next reply, please post:
Combofix log (C:\Combofix.txt)
CCleaner install.txt file
A new HijackThis log
demonic_angel
2008-03-29, 09:55
Combo fix:
ComboFix 08-03-27.3 - Darrell Lau 2008-03-29 0:07:18.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.127 [GMT -7:00]
Running from: C:\Documents and Settings\Darrell Lau\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM9bd319e7.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bneypvcs.ini
C:\WINDOWS\system32\cehkj.ini
C:\WINDOWS\system32\cehkj.ini2
C:\WINDOWS\system32\doquoiyf.dll
C:\WINDOWS\system32\fyiouqod.ini
C:\WINDOWS\system32\jjvjtusj.ini
C:\WINDOWS\system32\jkhec.dll
C:\WINDOWS\system32\jsutjvjj.dll
C:\WINDOWS\system32\mjupgxsq.dll
C:\WINDOWS\system32\mlnnn.ini
C:\WINDOWS\system32\mlnnn.ini2
C:\WINDOWS\system32\mnusqlpe.dll
C:\WINDOWS\system32\ngtvqcdm.dll
C:\WINDOWS\system32\pypfanwj.dll
C:\WINDOWS\system32\qynjppft.dll
C:\WINDOWS\system32\rqrssts.dll
C:\WINDOWS\system32\rtpftokd.dll
C:\WINDOWS\system32\scvpyenb.dll
C:\WINDOWS\system32\thmdujyn.dll
C:\WINDOWS\system32\tkoeendy.dll
C:\WINDOWS\system32\wgtwedag.dll
C:\WINDOWS\system32\wvuuspo.dll
C:\WINDOWS\system32\ydneeokt.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_npf
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.
2008-03-27 07:05 . 2008-03-27 07:05 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-27 07:05 . 2008-03-27 07:35 <DIR> d-------- C:\SDFix
2008-03-25 20:43 . 2008-03-25 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-18 21:07 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\1928070.dll
2008-03-18 21:07 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\95e375.dll
2008-03-18 18:41 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\587d804.dll
2008-03-18 18:41 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\6c3c98.dll
2008-03-18 10:06 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\1cdd8568.dll
2008-03-18 10:06 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\16235166.dll
2008-03-18 10:06 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\27cd075.dll
2008-03-18 10:06 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\25343a4b.dll
2008-03-18 00:59 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\19d71ee3.dll
2008-03-18 00:59 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\16561f90.dll
2008-03-18 00:59 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\5a3a9c2.dll
2008-03-18 00:59 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\21b3577.dll
2008-03-17 19:04 . 2008-03-17 19:22 <DIR> d-------- C:\Documents and Settings\Darrell Lau\Application Data\GarageGames
2008-03-17 17:48 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\368b728.dll
2008-03-17 17:48 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\6b5723e.dll
2008-03-17 11:22 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\285530aa.dll
2008-03-17 10:44 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\11722003.dll
2008-03-16 23:00 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\f642e4.dll
2008-03-16 23:00 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\44284c8.dll
2008-03-16 17:11 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\3933d3f.dll
2008-03-16 01:26 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\140a6938.dll
2008-03-16 01:26 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\53141ec.dll
2008-03-16 00:22 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\d6618b0.dll
2008-03-15 00:27 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\2be72895.dll
2008-03-15 00:27 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\132516c.dll
2008-03-14 09:03 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\57a9c53.dll
2008-03-14 09:03 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\82f5684.dll
2008-03-14 09:03 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\1be8231b.dll
2008-03-13 22:37 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\127e41fa.dll
2008-03-13 19:51 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\c9ef556.dll
2008-03-13 19:51 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\166bfcf9.dll
2008-03-13 19:51 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\ae0d27e.dll
2008-03-13 19:51 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\13125dd4.dll
2008-03-13 16:06 . 2008-03-13 16:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-13 02:51 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\a94fe9.dll
2008-03-13 02:51 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\ffdd588.dll
2008-03-12 18:02 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\3ce85e0.dll
2008-03-12 09:16 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\dd26400.dll
2008-03-12 00:18 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\7e2a9f0.dll
2008-03-12 00:18 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\1a476fcc.dll
2008-03-12 00:18 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\617e8a8.dll
2008-03-12 00:18 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\1f7408ba.dll
2008-03-11 18:41 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\93d509c.dll
2008-03-11 18:41 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\3dbf684.dll
2008-03-11 18:41 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\2483f4f8.dll
2008-03-11 18:41 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\11cee72.dll
2008-03-11 09:41 . 2008-03-11 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-03-10 18:04 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\8fdd40a.dll
2008-03-09 18:52 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\1cf2dce0.dll
2008-03-08 23:02 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\1524019c.dll
2008-03-08 23:02 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\12f74b50.dll
2008-03-08 23:02 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\192007be.dll
2008-03-08 23:02 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\10bdd808.dll
2008-03-07 16:35 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\63f691e.dll
2008-03-07 09:06 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\c4f6341.dll
2008-03-07 09:06 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\3770100.dll
2008-03-06 21:47 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\27a6b1bc.dll
2008-03-06 21:47 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\226315d.dll
2008-03-06 21:47 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\2444a5f.dll
2008-03-06 21:47 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\1430ad5c.dll
2008-03-05 23:06 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\15d08d8c.dll
2008-03-04 21:10 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\18f2704.dll
2008-03-04 09:12 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\144f63c4.dll
2008-03-04 09:12 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\116743a0.dll
2008-03-04 00:23 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\b187058.dll
2008-03-04 00:23 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\161f2f2e.dll
2008-03-03 09:08 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\33e59fa6.dll
2008-03-02 22:20 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\18767f9c.dll
2008-03-02 15:15 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\2227eb2.dll
2008-03-02 13:12 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\b83a8c8.dll
2008-03-02 00:15 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-02 00:15 . 2007-07-30 20:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-02 00:15 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-02 00:15 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-02 00:15 . 2007-07-30 20:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-01 00:05 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\23b75908.dll
2008-03-01 00:05 . 2004-08-03 17:56 1,689,088 --a------ C:\WINDOWS\system32\1703e91a.dll
2008-03-01 00:05 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\c0f07bf.dll
2008-03-01 00:05 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\11ceaec8.dll
2008-02-29 09:14 . 2007-05-03 18:19 82,944 --a------ C:\WINDOWS\system32\1e7a01aa.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 14:41 --------- d-----w C:\Program Files\HI JACK!
2008-03-26 03:43 --------- d-----w C:\Program Files\ESET
2008-03-26 03:27 --------- d---a-w C:\Documents and Settings\Darrell Lau\Application Data\Xfire
2008-02-27 01:08 --------- d-----w C:\Program Files\LimeWire
2008-02-26 07:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-19 16:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-19 16:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 07:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 07:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 07:41 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-18 05:03 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-18 04:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-02-17 19:43 --------- d-----w C:\Program Files\Metrowerks
2008-02-13 07:53 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-02 09:05 --------- d-----w C:\Program Files\iLike
2008-01-31 09:41 --------- d-----w C:\Program Files\PCSX2 0.9 R3
2008-01-30 06:33 --------- d-----w C:\Program Files\TI Education
2008-01-30 06:29 --------- d-----w C:\Program Files\Common Files\TI Shared
2008-01-30 06:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 16:50 --------- d-----w C:\Program Files\Pcsx2
2008-01-29 08:26 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-29 08:08 --------- d-----w C:\Documents and Settings\Darrell Lau\Application Data\DAEMON Tools
2008-01-29 08:03 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-29 07:34 --------- d-----w C:\Program Files\PS2EMU
2008-01-28 18:46 --------- d-----w C:\Program Files\Sun
2008-01-28 18:46 --------- d-----w C:\Program Files\Java
2008-01-28 03:53 --------- d-----w C:\Documents and Settings\Darrell Lau\Application Data\iLike
2008-01-28 01:05 --------- d-----w C:\Program Files\eRightSoft
2007-07-25 05:23 45,008 ----a-w C:\Documents and Settings\Darrell Lau\Application Data\GDIPFONTCACHEV1.DAT
2006-11-05 21:52 92,064 ----a-w C:\Documents and Settings\Darrell Lau\mqdmmdm.sys
2006-11-05 21:52 9,232 ----a-w C:\Documents and Settings\Darrell Lau\mqdmmdfl.sys
2006-11-05 21:52 79,328 ----a-w C:\Documents and Settings\Darrell Lau\mqdmserd.sys
2006-11-05 21:52 66,656 ----a-w C:\Documents and Settings\Darrell Lau\mqdmbus.sys
2006-11-05 21:52 6,208 ----a-w C:\Documents and Settings\Darrell Lau\mqdmcmnt.sys
2006-11-05 21:52 5,936 ----a-w C:\Documents and Settings\Darrell Lau\mqdmwhnt.sys
2006-11-05 21:52 4,048 ----a-w C:\Documents and Settings\Darrell Lau\mqdmcr.sys
2006-11-05 21:52 25,600 ----a-w C:\Documents and Settings\Darrell Lau\usbsermptxp.sys
2006-11-05 21:52 22,768 ----a-w C:\Documents and Settings\Darrell Lau\usbsermpt.sys
2005-05-17 04:48 47,360 ----a-w C:\Documents and Settings\Darrell Lau\Application Data\pcouffin.sys
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
.
------- Sigcheck -------
2007-08-08 17:11 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-08-08 17:11 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-17 09:51 486856]
"iLike"="C:\Program Files\iLike\1.1.27\ilikesidebar.exe" [2007-09-13 12:34 63024]
C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-02 13:53:11 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoStartMenuSubFolders"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{36CD708B-6077-4C02-9377-D73EAA495A0F}"= C:\WINDOWS\WinHttp.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuuspo]
wvuuspo.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NOD32 Control Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NOD32 Control Center.lnk
backup=C:\WINDOWS\pss\NOD32 Control Center.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower PenKeyboard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower PenKeyboard.lnk
backup=C:\WINDOWS\pss\PenPower PenKeyboard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower Start-Up.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower Start-Up.lnk
backup=C:\WINDOWS\pss\PenPower Start-Up.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98e02a7b]
C:\WINDOWS\system32\jsutjvjj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2004-09-16 16:15 538112 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2007-07-18 23:28 6150456 D:\Program Files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2007-11-24 00:23 1481984 C:\Program Files\Comodo\Firewall\cfp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2008-01-17 09:51 486856 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC1300 Monitor]
--------- 2002-08-08 08:13 45056 D:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2007-10-25 10:26 1410304 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-06-03 12:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 18:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
C:\Program Files\Eset\nod32kui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-06-08 16:18 23233576 C:\Program Files\Skype\Phone\Skype.exe
demonic_angel
2008-03-29, 09:55
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 04:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-14 18:08 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19103:TCP"= 19103:TCP:BitComet 19103 TCP
"19103:UDP"= 19103:UDP:BitComet 19103 UDP
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-24 00:23]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-24 00:23]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 10:27]
R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\system32\NMSSvc.exe [2002-05-03 13:36]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-05-03 13:36]
S3 DC1300;DC 1300 WDM Video Capture;C:\WINDOWS\system32\Drivers\BSC504AV.SYS [2002-08-07 11:33]
S3 USBCamera;DC 1300 Still Image Capture;C:\WINDOWS\system32\Drivers\BscBulk.sys [2002-07-25 04:19]
S4 D428BA68;D428BA68;C:\WINDOWS\system32\8C4ED30.EXE []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97487f08-cb7f-11dc-a2e6-00018010dc06}]
\Shell\AutoRun\command - K:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 18:52:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-12-25 11:48:20 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 00:34:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-03-29 0:39:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 07:39:11
ComboFix2.txt 2008-01-27 17:23:00
Pre-Run: 3,503,845,376 bytes free
Post-Run: 3,482,275,840 bytes free
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 12:52:58 AM, on 2008-03-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HI JACK!\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442097479
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvuuspo - wvuuspo.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
demonic_angel
2008-03-29, 09:56
CCleaner:
Ad-Aware SE Professional
Adobe Bridge 1.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop CS2
Adobe Reader 8.1.2
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AviSynth 2.5
BitComet 0.91
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
CCC Help English
ccc-core-preinstall
ccc-core-static
ccc-utility
CCleaner (remove only)
CleanUp!
CodeWarrior for Windows, Version 7.0
Combined Community Codec Pack 2007-07-22
COMODO Firewall Pro
ConvertXtoDVD 2.1.18.242
DC1300
Diablo II
EPSON CardMonitor
EPSON PhotoStarter3.1
EPSON Print CD
EPSON Printer Software
EPSON SPR300 Reference Guide
ESET NOD32 Antivirus
FLAC 1.1.4a (remove only)
Free Games Offer, Desktop Shortcut
GG E-Sports Platform
Google Earth
HijackThis 1.99.1
Hotfix for Windows XP (KB928388)
ijji - Gunz
ijji Auto Installer
ijji FireFox Launcher 1.0
iLike Sidebar
Intel Application Accelerator
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Java DB 10.3.1.4
Java(TM) 6 Update 4
Java(TM) SE Development Kit 6 Update 4
Kaspersky Online Scanner
Last.fm 1.4.2.58376
LimeWire 4.16.6
MapleStory
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft IntelliType Pro 6.1
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
MiraScan V5.01
mIRC
mobile PhoneTools
Monkey's Audio
Mozilla Firefox (2.0.0.13)
Nero 7 Ultra Edition
NOD32 FiX v2.1
Panda ActiveScan
Pcsx2 0.9.4 Watermoose
PenPower Handwriting 9.0
PSP Video 9 1.74
Rappelz_USA
Skins
Skype™ 3.2
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPER © Version 2008.bld.24 (Jan 18, 2008)
TI Connect 1.6
Warcraft III: All Products
WeatherEye
WebFldrs XP
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Movie Maker 2.0
WinRAR archiver
Xfire (remove only)
Thanks
ndmmxiaomayi
2008-03-29, 15:18
Hi,
Please read this - http://forums.spybot.info/showpost.php?p=25290&postcount=4
ndmmxiaomayi
2008-03-29, 19:34
Oops. I should have been clearer. :lip:
You have the latest service pack, but your NOD32 Antivirus isn't legal.
We do not support the use of illegal Pirated/Warez/Cracked software.
Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime. Therefore you will be asked to remove any cracked programs
If you want to continue, please remove NOD32FiX.
ndmmxiaomayi
2008-04-04, 13:48
Since it has been 5 days since your last post, this topic is now closed.
If you still need help, please start a new topic.