View Full Version : help me please
snakes300
2008-09-20, 20:54
well I ran S&D and Avast they found stuff and deleted it, i had to restart and let avast do a scan in boot-up and it found 5 or more problems it deleted them, and i still have prblems its having pop-ups come up when im not even on the internet im using a pop-up blocker and they still go past it. heres my log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:26 PM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\program files\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: agadoo browser enhancer - {2c26e2f9-3f4f-d3b6-4151-63afdbf79b67} - C:\WINDOWS\system32\smrckkjoqrjtwe.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: BitDownload BHO - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll (file missing)
O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{E2-25-54-47-DW}] c:\windows\system32\rmwnw64r.exe DWbrk01
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 8821 bytes
Hi
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
snakes300
2008-09-24, 14:46
LOG:
Logfile of random's system information tool 1.02 (written by random/random)
Run by Hurricane at 2008-09-24 08:44:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 175 GB (73%) free of 238 GB
Total RAM: 1982 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:55 AM, on 9/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Hurricane\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Hurricane.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: agadoo browser enhancer - {2c26e2f9-3f4f-d3b6-4151-63afdbf79b67} - C:\WINDOWS\system32\smrckkjoqrjtwe.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [frag 1] C:\DOCUME~1\HURRIC~1\APPLIC~1\STOPHT~1\size title corn.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 6469 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AB3CEC2B918760A7.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c26e2f9-3f4f-d3b6-4151-63afdbf79b67}]
agadoo browser enhancer - C:\WINDOWS\system32\smrckkjoqrjtwe.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-12 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
"frag 1"=C:\DOCUME~1\HURRIC~1\APPLIC~1\STOPHT~1\size title corn.exe [2008-09-19 474624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2008-09-09 234736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2008-09-09 181488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\frag 1]
C:\DOCUME~1\HURRIC~1\APPLIC~1\STOPHT~1\size title corn.exe [2008-09-19 474624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-02-01 385024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2008-03-28 1271032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-27 68856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Love]
C:\WINDOWS\system32\LoveFly.dll [2008-08-08 71680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"C:\Program Files\Steam\SteamApps\warstick\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\warstick\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Bluehell Productions\Red Alert - A Path Beyond\renalert.exe"="C:\Program Files\Bluehell Productions\Red Alert - A Path Beyond\renalert.exe:*:Enabled:Renegade"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40e7809a-67ae-11dc-9b64-00508dc81bb9}]
shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5efef848-661d-11dc-9b5b-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
======List of files/folders created in the last 1 months======
2008-09-24 08:44:44 ----D---- C:\rsit
2008-09-21 18:49:39 ----D---- C:\Program Files\Bluehell Productions
2008-09-21 17:25:23 ----SHD---- C:\RECYCLER
2008-09-21 17:24:14 ----A---- C:\ComboFix.txt
2008-09-21 17:18:46 ----D---- C:\WINDOWS\erdnt
2008-09-21 17:18:13 ----D---- C:\QooBox
2008-09-21 17:18:08 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-21 17:18:07 ----A---- C:\WINDOWS\zip.exe
2008-09-21 17:18:07 ----A---- C:\WINDOWS\VFind.exe
2008-09-21 17:18:07 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-21 17:18:07 ----A---- C:\WINDOWS\SWSC.exe
2008-09-21 17:18:07 ----A---- C:\WINDOWS\swreg.exe
2008-09-21 17:18:07 ----A---- C:\WINDOWS\sed.exe
2008-09-21 17:18:07 ----A---- C:\WINDOWS\grep.exe
2008-09-21 17:18:07 ----A---- C:\WINDOWS\fdsv.exe
2008-09-21 14:18:52 ----D---- C:\WINDOWS\pss
2008-09-21 14:13:03 ----D---- C:\Program Files\Zone Labs
2008-09-21 14:12:55 ----D---- C:\WINDOWS\Internet Logs
2008-09-20 22:22:04 ----SHD---- C:\Config.Msi
2008-09-20 21:16:25 ----D---- C:\Program Files\Lavasoft
2008-09-20 21:16:25 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-20 14:30:01 ----D---- C:\Program Files\Trend Micro
2008-09-19 20:43:09 ----A---- C:\WINDOWS\system32\aylsjjfgbfolbovd.dll-uninst.exe
2008-09-19 20:36:56 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-09-19 20:36:56 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-09-19 20:36:51 ----D---- C:\Program Files\Alwil Software
2008-09-19 17:19:49 ----D---- C:\Program Files\The Cleaner Free
2008-09-19 16:54:03 ----D---- C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
2008-09-19 16:53:47 ----D---- C:\Program Files\stophtmmanager
2008-09-19 16:53:47 ----D---- C:\Documents and Settings\Hurricane\Application Data\stophtmmanager
2008-09-19 16:53:09 ----A---- C:\WINDOWS\system32\wgjonxvfsowvtsexe.exe
2008-09-19 16:53:05 ----D---- C:\Program Files\torrent_search
2008-09-19 16:53:05 ----D---- C:\Program Files\Conduit
2008-09-19 16:53:04 ----A---- C:\WINDOWS\system32\g15.exe
2008-09-19 16:53:00 ----D---- C:\Program Files\BitTorrent Fastest Tool
2008-09-17 19:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-16 22:52:27 ----D---- C:\WINDOWS\Prefetch
2008-09-16 22:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-16 22:46:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-16 22:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-16 22:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-16 22:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-16 22:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-16 22:45:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-16 22:45:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-16 22:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-16 22:44:23 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-16 22:44:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-16 22:40:57 ----D---- C:\WINDOWS\system32\scripting
2008-09-16 22:40:57 ----D---- C:\WINDOWS\system32\en
2008-09-16 22:40:57 ----D---- C:\WINDOWS\l2schemas
2008-09-16 22:40:56 ----D---- C:\WINDOWS\system32\bits
2008-09-16 22:38:51 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-16 22:33:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-16 22:33:31 ----D---- C:\WINDOWS\EHome
2008-09-16 19:53:41 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-09-16 19:53:41 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-09-14 18:11:35 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-14 18:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-14 15:11:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-14 15:11:32 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-14 15:11:31 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-14 15:11:31 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-14 15:11:28 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-14 15:11:28 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-14 15:11:25 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-14 15:11:25 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-14 15:11:24 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-14 15:11:24 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-14 15:11:24 ----N---- C:\WINDOWS\slrundll.exe
2008-09-14 15:11:23 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-14 15:11:23 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-14 15:11:23 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-14 15:11:23 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-14 15:11:21 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-14 15:11:21 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-14 15:11:20 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-14 15:11:20 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-14 15:11:19 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-14 15:11:19 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-14 15:11:19 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-14 15:11:18 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-14 15:11:17 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-14 15:11:11 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-14 15:11:11 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-14 15:11:11 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-14 15:11:10 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-14 15:11:10 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-14 15:11:10 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-14 15:11:09 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-14 15:11:09 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-14 15:11:04 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-14 15:11:04 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-14 15:11:04 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-14 15:11:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-14 15:11:04 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-14 15:10:59 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-14 15:10:59 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-14 15:10:58 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-14 15:10:58 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-14 15:10:58 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-14 15:10:58 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-14 15:10:54 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-14 15:10:51 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-14 15:10:51 ----A---- C:\WINDOWS\002738_.tmp
2008-09-14 15:10:50 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-14 15:10:50 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-14 15:10:50 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-14 15:10:50 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-14 15:10:50 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-14 15:10:50 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-14 15:10:50 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-14 15:10:50 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-14 15:10:49 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-14 15:10:49 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-14 15:10:49 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-14 15:10:49 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-14 15:10:49 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-14 15:10:49 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-14 15:10:49 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-14 15:10:48 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-14 15:10:48 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-14 15:10:48 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-14 15:10:46 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-14 15:10:44 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-14 15:10:43 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-14 15:10:43 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-14 15:10:43 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-14 15:10:41 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-14 15:10:41 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-14 15:10:41 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-14 15:10:41 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-14 15:10:41 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-14 15:10:36 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-07 12:00:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-07 12:00:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-02 01:12:50 ----D---- C:\Documents and Settings\Hurricane\Application Data\GoldWaveCDDB
2008-09-02 01:12:50 ----D---- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
2008-09-01 22:58:12 ----D---- C:\Documents and Settings\Hurricane\Application Data\dBpoweramp
2008-09-01 22:40:45 ----D---- C:\Documents and Settings\Hurricane\Application Data\AccurateRip
2008-09-01 18:05:21 ----D---- C:\Documents and Settings\Hurricane\Application Data\WinRAR
2008-09-01 18:05:01 ----D---- C:\Program Files\WinRAR
======List of files/folders modified in the last 1 months======
2008-09-24 08:31:34 ----D---- C:\WINDOWS\Temp
2008-09-23 21:54:03 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-23 17:41:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-22 18:44:37 ----D---- C:\WINDOWS
2008-09-22 15:07:58 ----RSH---- C:\boot.ini
2008-09-22 15:07:58 ----A---- C:\WINDOWS\win.ini
2008-09-22 15:07:58 ----A---- C:\WINDOWS\system.ini
2008-09-21 18:50:40 ----D---- C:\WINDOWS\system32\DirectX
2008-09-21 18:49:39 ----RD---- C:\Program Files
2008-09-21 18:49:24 ----D---- C:\WINDOWS\CAVTemp
2008-09-21 17:24:26 ----D---- C:\WINDOWS\system32
2008-09-21 17:21:45 ----D---- C:\WINDOWS\system32\drivers
2008-09-21 17:21:45 ----D---- C:\WINDOWS\AppPatch
2008-09-21 17:21:45 ----D---- C:\Program Files\Common Files
2008-09-21 15:25:27 ----D---- C:\Program Files\Steam
2008-09-21 14:30:20 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-21 10:03:13 ----D---- C:\Program Files\Warcraft III
2008-09-20 22:22:13 ----SHD---- C:\WINDOWS\Installer
2008-09-20 21:15:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 20:41:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 20:40:01 ----HD---- C:\WINDOWS\inf
2008-09-19 23:13:14 ----D---- C:\Program Files\NCSoft
2008-09-19 23:13:09 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-19 23:10:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-19 22:56:39 ----D---- C:\WINDOWS\system32\config
2008-09-19 16:54:07 ----SD---- C:\WINDOWS\Tasks
2008-09-17 22:02:27 ----D---- C:\Documents and Settings\Hurricane\Application Data\LimeWire
2008-09-17 19:34:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-17 17:20:32 ----D---- C:\Program Files\World of Warcraft
2008-09-17 12:25:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-16 22:54:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-16 22:53:08 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-16 22:52:31 ----A---- C:\WINDOWS\setuplog.txt
2008-09-16 22:52:03 ----D---- C:\WINDOWS\system32\wbem
2008-09-16 22:52:03 ----D---- C:\WINDOWS\system32\Setup
2008-09-16 22:52:02 ----RSD---- C:\WINDOWS\Fonts
2008-09-16 22:47:23 ----A---- C:\WINDOWS\imsins.BAK
2008-09-16 22:44:25 ----D---- C:\Program Files\Messenger
2008-09-16 22:43:47 ----D---- C:\WINDOWS\security
2008-09-16 22:41:24 ----D---- C:\WINDOWS\WinSxS
2008-09-16 22:41:18 ----D---- C:\Program Files\Windows Media Player
2008-09-16 22:41:17 ----D---- C:\WINDOWS\Help
2008-09-16 22:41:10 ----D---- C:\WINDOWS\network diagnostic
2008-09-16 22:41:09 ----D---- C:\WINDOWS\ime
2008-09-16 22:40:58 ----D---- C:\WINDOWS\system32\usmt
2008-09-16 22:40:58 ----D---- C:\WINDOWS\system32\en-US
2008-09-16 22:40:56 ----D---- C:\WINDOWS\PeerNet
2008-09-16 22:40:56 ----D---- C:\Program Files\Movie Maker
2008-09-16 22:38:46 ----D---- C:\WINDOWS\system32\Restore
2008-09-16 22:38:46 ----D---- C:\WINDOWS\system32\npp
2008-09-16 22:38:44 ----D---- C:\WINDOWS\msagent
2008-09-16 22:38:43 ----D---- C:\WINDOWS\srchasst
2008-09-16 22:38:42 ----D---- C:\Program Files\NetMeeting
2008-09-16 22:38:41 ----D---- C:\WINDOWS\system32\Com
2008-09-16 22:38:37 ----D---- C:\Program Files\Windows NT
2008-09-16 22:38:37 ----D---- C:\Program Files\Outlook Express
2008-09-16 22:38:34 ----D---- C:\Program Files\Common Files\System
2008-09-16 22:38:13 ----D---- C:\WINDOWS\system32\oobe
2008-09-16 22:38:11 ----D---- C:\WINDOWS\system
2008-09-16 20:12:18 ----D---- C:\WINDOWS\system32\Adobe
2008-09-16 19:53:45 ----D---- C:\Documents and Settings\Hurricane\Application Data\Adobe
2008-09-16 19:53:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-14 14:51:09 ----D---- C:\WINDOWS\Debug
2008-09-09 01:16:17 ----A---- C:\WINDOWS\system32\isafprod.dll
2008-09-01 23:08:14 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-28 18:33:22 ----A---- C:\WINDOWS\CDPlayer.ini
2008-08-26 13:28:14 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 36864]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-04 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-09-09 21488]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-09-09 26352]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-09-09 32240]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-09-09 21104]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-04 108368]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-20 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-02-01 144696]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2008-09-09 255216]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2008-09-09 214256]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-18 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
info:
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{45820070-9BE5-4785-B770-A50F5240250B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
AGEIA PhysX v7.06.25-->MsiExec.exe /X{45820070-9BE5-4785-B770-A50F5240250B}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Extension Tool Agadoo-->C:\WINDOWS\system32\wgjonxvfsowvtsexe.exe
CA Anti-Virus-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
CA Anti-Virus-->C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
dBpoweramp [Calculate Audio CRC] Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
dBpoweramp Dalet Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat
dBpoweramp FLAC Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp m4a Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Monkeys Audio Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpoweramp Mp2 and BwfMp2 codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
dBpoweramp mp3 (Fraunhofer IIS) Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dBpoweramp Real Audio (Helix) Encoder-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
dBPoweramp tooLame MP2 codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
dBpoweramp Wave64 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
dBpoweramp WavPack Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
dBpoweramp Windows Media Audio 10 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
Fury-->"C:\Program Files\Fury\unins000.exe"
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
GoldWave v5.20-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MySidesearch Search Assistant Bfinding-->C:\WINDOWS\system32\aylsjjfgbfolbovd.dll-uninst.exe
Nero 7 Essentials-->MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641033}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\Setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Red Alert: A Path Beyond - Beta-->C:\Program Files\Bluehell Productions\Red Alert - A Path Beyond\uninst.exe
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
Source SDK-->"C:\Program Files\Steam\steam.exe" steam://uninstall/211
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SwiftKit-->C:\Program Files\SwiftKit\Uninstall.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (3)\Uninstall.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: CA Anti-Virus (outdated)
AV: avast! antivirus 4.8.1229 [VPS 080923-0]
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=5f03
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"sourcesdk"=c:\program files\steam\steamapps\warstick\sourcesdk
"VProject"=c:\program files\steam\steamapps\warstick\counter-strike source\cstrike
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
-----------------EOF-----------------
Hi
Looks like you've got both Avast and CA Internet Security Suite installed. It's not recommended to have multiple antivirus programs installed in same system. Decide which one to keep and delete the other one.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 7 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says
The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove following Java versions:
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 3
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
Then:
Disable Spybot's TeaTimer
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
snakes300
2008-09-24, 22:44
combo log:
ComboFix 08-09-24.01 - Hurricane 2008-09-24 16:39:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1585 [GMT -4:00]
Running from: C:\Documents and Settings\Hurricane\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
2008-09-24 16:15 . 2008-09-24 16:15 <DIR> d-------- C:\Program Files\Sun
2008-09-24 08:44 . 2008-09-24 08:44 <DIR> d-------- C:\rsit
2008-09-21 18:49 . 2008-09-21 18:49 <DIR> d-------- C:\Program Files\Bluehell Productions
2008-09-21 14:13 . 2008-09-21 14:13 <DIR> d-------- C:\Program Files\Zone Labs
2008-09-21 14:12 . 2008-09-21 14:13 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-09-20 21:16 . 2008-09-20 21:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 21:16 . 2008-09-20 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-20 14:30 . 2008-09-20 14:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-19 20:43 . 2008-09-19 20:43 90,915 --a------ C:\WINDOWS\system32\aylsjjfgbfolbovd.dll-uninst.exe
2008-09-19 20:36 . 2008-09-19 20:36 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-19 20:36 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-19 17:19 . 2008-09-19 17:21 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-09-19 16:54 . 2008-09-19 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
2008-09-19 16:53 . 2008-09-21 14:25 <DIR> d-------- C:\Program Files\torrent_search
2008-09-19 16:53 . 2008-09-19 16:53 <DIR> d-------- C:\Program Files\stophtmmanager
2008-09-19 16:53 . 2008-09-21 14:27 <DIR> d-------- C:\Program Files\Conduit
2008-09-19 16:53 . 2008-09-19 20:56 <DIR> d-------- C:\Program Files\BitTorrent Fastest Tool
2008-09-19 16:53 . 2008-09-19 16:54 <DIR> d-------- C:\Documents and Settings\Hurricane\Application Data\stophtmmanager
2008-09-19 16:53 . 2008-09-19 16:53 153,394 --a------ C:\WINDOWS\system32\g15.exe
2008-09-19 16:53 . 2008-09-19 16:53 71,817 --a------ C:\WINDOWS\system32\wgjonxvfsowvtsexe.exe
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-16 22:38 . 2008-09-16 22:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-16 22:33 . 2008-09-16 22:33 <DIR> d-------- C:\WINDOWS\EHome
2008-09-16 19:53 . 2008-08-06 15:27 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-09-16 19:53 . 2008-08-06 15:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-09-14 15:10 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-07 12:00 . 2008-09-07 12:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-07 12:00 . 2008-09-10 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-02 01:12 . 2008-09-02 01:12 <DIR> d-------- C:\Documents and Settings\Hurricane\Application Data\GoldWaveCDDB
2008-09-02 01:12 . 2008-09-02 01:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
2008-09-01 23:08 . 2008-09-01 23:08 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2008-09-01 23:08 . 2008-09-01 23:08 3,625 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-09-01 23:06 . 2008-09-01 23:06 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Wave64 Codec.bmp
2008-09-01 23:06 . 2008-09-01 23:06 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.bmp
2008-09-01 23:06 . 2008-09-01 23:05 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp
2008-09-01 23:06 . 2008-09-01 23:06 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.bmp
2008-09-01 23:06 . 2008-09-01 23:06 11,473 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2008-09-01 23:06 . 2008-09-01 23:06 2,228 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2008-09-01 23:06 . 2008-09-01 23:06 1,844 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2008-09-01 23:06 . 2008-09-01 23:06 1,224 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
2008-09-01 22:58 . 2008-09-01 23:01 <DIR> d-------- C:\Documents and Settings\Hurricane\Application Data\dBpoweramp
2008-09-01 22:48 . 2008-09-01 22:48 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2008-09-01 22:48 . 2008-09-01 22:48 3,400 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2008-09-01 22:40 . 2008-09-01 22:40 <DIR> d-------- C:\Documents and Settings\Hurricane\Application Data\AccurateRip
2008-09-01 22:40 . 2008-09-01 22:40 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-09-01 22:40 . 2008-09-01 22:40 13,783 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 20:14 --------- d-----w C:\Program Files\Java
2008-09-24 13:19 --------- d-----w C:\Program Files\Steam
2008-09-21 14:03 --------- d-----w C:\Program Files\Warcraft III
2008-09-21 01:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 03:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-20 03:13 --------- d-----w C:\Program Files\NCSoft
2008-09-18 02:02 --------- d-----w C:\Documents and Settings\Hurricane\Application Data\LimeWire
2008-09-17 21:20 --------- d-----w C:\Program Files\World of Warcraft
2008-09-02 03:08 1,073,528 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-21 21:57 24 ----a-w C:\Documents and Settings\Hurricane\jagex_runescape_preferences.dat
2008-08-09 01:42 71,680 ----a-w C:\WINDOWS\system32\LoveFly.dll
2008-07-28 22:50 --------- d-----w C:\Program Files\Windows Live
2008-07-28 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-28 22:40 --------- d-----w C:\Documents and Settings\Hurricane\Application Data\MSNInstaller
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2007-12-06 22:01 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-17 01:36 12,449 ----a-w C:\Documents and Settings\Hurricane\monster_spray.zip
2007-11-17 01:34 18,349 ----a-w C:\Documents and Settings\Hurricane\yamiarcticfakev2.zip
2007-11-08 03:21 3,420,904 ----a-w C:\Documents and Settings\Hurricane\xfire_installer_28504.exe
2007-11-07 01:34 22,951 ----a-w C:\Documents and Settings\Hurricane\slipknot_2.zip
.
((((((((((((((((((((((((((((( snapshot@2008-09-21_17.23.32.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-21 18:40:21 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-24 20:28:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-21 18:40:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-24 20:28:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-21 18:40:21 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-24 20:28:57 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-30 23:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-19 02:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-07-30 23:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-19 02:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-30 23:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-19 02:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-19 02:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-30 23:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 02:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-30 23:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-19 02:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-30 23:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 02:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-09-24 20:29:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_654.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"frag 1"="C:\DOCUME~1\HURRIC~1\APPLIC~1\STOPHT~1\size title corn.exe" [2008-09-19 474624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-30 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
2008-08-08 21:42 71680 C:\WINDOWS\system32\LoveFly.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\frag 1]
--a------ 2008-09-19 16:53 474624 C:\DOCUME~1\HURRIC~1\APPLIC~1\STOPHT~1\size title corn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-28 09:35 1271032 c:\Program Files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-27 17:16 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-09-12 04:58 16264192 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 06:04 2879488 C:\WINDOWS\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\Steam\\SteamApps\\warstick\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Bluehell Productions\\Red Alert - A Path Beyond\\renalert.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40e7809a-67ae-11dc-9b64-00508dc81bb9}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5efef848-661d-11dc-9b5b-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{2c26e2f9-3f4f-d3b6-4151-63afdbf79b67} - C:\WINDOWS\system32\smrckkjoqrjtwe.dll
MSConfigStartUp-CAVRID - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
MSConfigStartUp-cctray - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 16:41:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-24 16:42:05
ComboFix-quarantined-files.txt 2008-09-24 20:41:59
ComboFix2.txt 2008-09-21 21:24:14
Pre-Run: 182,869,291,008 bytes free
Post-Run: 182,884,892,672 bytes free
212 --- E O F --- 2008-09-17 23:34:55
Highjackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:42 PM, on 9/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [frag 1] C:\DOCUME~1\HURRIC~1\APPLIC~1\STOPHT~1\size title corn.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5480 bytes
Hi
You've got password stealer (C:\WINDOWS\SYSTEM32\LoveFly.dll) in your system. It's recommended you change all your online passwords using other machine than this one we're currently cleaning.
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\aylsjjfgbfolbovd.dll-uninst.exe
C:\WINDOWS\system32\g15.exe
C:\WINDOWS\system32\wgjonxvfsowvtsexe.exe
C:\WINDOWS\SYSTEM32\LoveFly.dll
Folder::
C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
C:\Program Files\torrent_search
C:\Program Files\stophtmmanager
C:\Program Files\Conduit
C:\Program Files\BitTorrent Fastest Tool
C:\Documents and Settings\Hurricane\Application Data\stophtmmanager
C:\Documents and Settings\Hurricane\Application Data\LimeWire
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"frag 1"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\frag 1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh hjt log and above meantioned ComboFix resultant log.
snakes300
2008-09-25, 17:19
kapersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, September 25, 2008 13:11:33
Records in database: 1258684
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 74834
Threat name: 4
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 00:48:15
File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\Chin Seek.exe.vir Infected: Trojan.Win32.Obfuscated.gen 1
C:\QooBox\Quarantine\C\Documents and Settings\Hurricane\Application Data\stophtmmanager\czjlvzve.exe.vir Infected: Trojan.Win32.Obfuscated.gen 1
C:\QooBox\Quarantine\C\Documents and Settings\Hurricane\Application Data\stophtmmanager\size title corn.exe.vir Infected: Trojan.Win32.Obfuscated.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\g15.exe.vir Infected: Trojan-Clicker.Win32.Agent.bty 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ymu 1
The selected area was scanned.
highjackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12, on 2008-09-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5395 bytes
combofix log:
ComboFix 08-09-24.01 - Hurricane 2008-09-24 16:39:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1585 [GMT -4:00]
Running from: C:\Documents and Settings\Hurricane\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
2008-09-24 16:15 . 2008-09-24 16:15 <DIR> d-------- C:\Program Files\Sun
2008-09-24 08:44 . 2008-09-24 08:44 <DIR> d-------- C:\rsit
2008-09-21 18:49 . 2008-09-21 18:49 <DIR> d-------- C:\Program Files\Bluehell Productions
2008-09-21 14:13 . 2008-09-21 14:13 <DIR> d-------- C:\Program Files\Zone Labs
2008-09-21 14:12 . 2008-09-21 14:13 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-09-20 21:16 . 2008-09-20 21:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 21:16 . 2008-09-20 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-20 14:30 . 2008-09-20 14:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-19 20:43 . 2008-09-19 20:43 90,915 --a------ C:\WINDOWS\system32\aylsjjfgbfolbovd.dll-uninst.exe
2008-09-19 20:36 . 2008-09-19 20:36 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-19 20:36 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-19 17:19 . 2008-09-19 17:21 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-09-19 16:54 . 2008-09-19 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
2008-09-19 16:53 . 2008-09-21 14:25 <DIR> d-------- C:\Program Files\torrent_search
2008-09-19 16:53 . 2008-09-19 16:53 <DIR> d-------- C:\Program Files\stophtmmanager
2008-09-19 16:53 . 2008-09-21 14:27 <DIR> d-------- C:\Program Files\Conduit
2008-09-19 16:53 . 2008-09-19 20:56 <DIR> d-------- C:\Program Files\BitTorrent Fastest Tool
2008-09-19 16:53 . 2008-09-19 16:54 <DIR> d-------- C:\Documents and Settings\Hurricane\Application Data\stophtmmanager
2008-09-19 16:53 . 2008-09-19 16:53 153,394 --a------ C:\WINDOWS\system32\g15.exe
2008-09-19 16:53 . 2008-09-19 16:53 71,817 --a------ C:\WINDOWS\system32\wgjonxvfsowvtsexe.exe
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-16 22:38 . 2008-09-16 22:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-16 22:33 . 2008-09-16 22:33 <DIR> d-------- C:\WINDOWS\EHome
2008-09-16 19:53 . 2008-08-06 15:27 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-09-16 19:53 . 2008-08-06 15:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-09-14 15:10 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-07 12:00 . 2008-09-07 12:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-07 12:00 . 2008-09-10 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-02 01:12 . 2008-09-02 01:12 <DIR> d-------- C:\Documents and Settings\Hurricane\Application Data\GoldWaveCDDB
2008-09-02 01:12 . 2008-09-02 01:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
2008-09-01 23:08 . 2008-09-01 23:08 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2008-09-01 23:08 . 2008-09-01 23:08 3,625 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-09-01 23:06 . 2008-09-01 23:06 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Wave64 Codec.bmp
2008-09-01 23:06 . 2008-09-01 23:06 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.bmp
2008-09-01 23:06 . 2008-09-01 23:05 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp
2008-09-01 23:06 . 2008-09-01 23:06 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.bmp
2008-09-01 23:06 . 2008-09-01 23:06 11,473 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2008-09-01 23:06 . 2008-09-01 23:06 2,228 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2008-09-01 23:06 . 2008-09-01 23:06 1,844 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2008-09-01 23:06 . 2008-09-01 23:06 1,224 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
2008-09-01 22:58 . 2008-09-01 23:01 <DIR> d-------- C:\Documents and Settings\Hurricane\Application Data\dBpoweramp
2008-09-01 22:48 . 2008-09-01 22:48 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2008-09-01 22:48 . 2008-09-01 22:48 3,400 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2008-09-01 22:40 . 2008-09-01 22:40 <DIR> d-------- C:\Documents and Settings\Hurricane\Application Data\AccurateRip
2008-09-01 22:40 . 2008-09-01 22:40 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-09-01 22:40 . 2008-09-01 22:40 13,783 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 20:14 --------- d-----w C:\Program Files\Java
2008-09-24 13:19 --------- d-----w C:\Program Files\Steam
2008-09-21 14:03 --------- d-----w C:\Program Files\Warcraft III
2008-09-21 01:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 03:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-20 03:13 --------- d-----w C:\Program Files\NCSoft
2008-09-18 02:02 --------- d-----w C:\Documents and Settings\Hurricane\Application Data\LimeWire
2008-09-17 21:20 --------- d-----w C:\Program Files\World of Warcraft
2008-09-02 03:08 1,073,528 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-21 21:57 24 ----a-w C:\Documents and Settings\Hurricane\jagex_runescape_preferences.dat
2008-08-09 01:42 71,680 ----a-w C:\WINDOWS\system32\LoveFly.dll
2008-07-28 22:50 --------- d-----w C:\Program Files\Windows Live
2008-07-28 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-28 22:40 --------- d-----w C:\Documents and Settings\Hurricane\Application Data\MSNInstaller
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2007-12-06 22:01 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-17 01:36 12,449 ----a-w C:\Documents and Settings\Hurricane\monster_spray.zip
2007-11-17 01:34 18,349 ----a-w C:\Documents and Settings\Hurricane\yamiarcticfakev2.zip
2007-11-08 03:21 3,420,904 ----a-w C:\Documents and Settings\Hurricane\xfire_installer_28504.exe
2007-11-07 01:34 22,951 ----a-w C:\Documents and Settings\Hurricane\slipknot_2.zip
.
((((((((((((((((((((((((((((( snapshot@2008-09-21_17.23.32.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-21 18:40:21 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-24 20:28:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-21 18:40:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-24 20:28:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-21 18:40:21 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-24 20:28:57 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-30 23:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-19 02:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-07-30 23:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-19 02:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-30 23:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-19 02:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-19 02:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-30 23:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 02:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-30 23:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-19 02:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-30 23:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 02:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-09-24 20:29:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_654.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"frag 1"="C:\DOCUME~1\HURRIC~1\APPLIC~1\STOPHT~1\size title corn.exe" [2008-09-19 474624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-30 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
2008-08-08 21:42 71680 C:\WINDOWS\system32\LoveFly.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\frag 1]
--a------ 2008-09-19 16:53 474624 C:\DOCUME~1\HURRIC~1\APPLIC~1\STOPHT~1\size title corn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-28 09:35 1271032 c:\Program Files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-27 17:16 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-09-12 04:58 16264192 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 06:04 2879488 C:\WINDOWS\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\Steam\\SteamApps\\warstick\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Bluehell Productions\\Red Alert - A Path Beyond\\renalert.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40e7809a-67ae-11dc-9b64-00508dc81bb9}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5efef848-661d-11dc-9b5b-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{2c26e2f9-3f4f-d3b6-4151-63afdbf79b67} - C:\WINDOWS\system32\smrckkjoqrjtwe.dll
MSConfigStartUp-CAVRID - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
MSConfigStartUp-cctray - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 16:41:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-24 16:42:05
ComboFix-quarantined-files.txt 2008-09-24 20:41:59
ComboFix2.txt 2008-09-21 21:24:14
Pre-Run: 182,869,291,008 bytes free
Post-Run: 182,884,892,672 bytes free
212 --- E O F --- 2008-09-17 23:34:55
Hi
Looks like you posted old ComboFix log. Could you post the one created after the latest run (should be in c:\ComboFix.txt)? :)
snakes300
2008-09-25, 19:36
ok sorry i think this is the one :)
ComboFix 08-09-24.11 - Hurricane 2008-09-25 8:48:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1592 [GMT -4:00]
Running from: C:\Documents and Settings\Hurricane\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hurricane\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\aylsjjfgbfolbovd.dll-uninst.exe
C:\WINDOWS\system32\g15.exe
C:\WINDOWS\SYSTEM32\LoveFly.dll
C:\WINDOWS\system32\wgjonxvfsowvtsexe.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\Chin Seek.exe
C:\Documents and Settings\Hurricane\Application Data\LimeWire
C:\Documents and Settings\Hurricane\Application Data\LimeWire\.AppSpecialShare\Patches.torrent.bak
C:\Documents and Settings\Hurricane\Application Data\LimeWire\414splashfree.png
C:\Documents and Settings\Hurricane\Application Data\LimeWire\active.mojito
C:\Documents and Settings\Hurricane\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\Hurricane\Application Data\LimeWire\downloads.dat
C:\Documents and Settings\Hurricane\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\Hurricane\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\Hurricane\Application Data\LimeWire\filters.props
C:\Documents and Settings\Hurricane\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\Hurricane\Application Data\LimeWire\installation.props
C:\Documents and Settings\Hurricane\Application Data\LimeWire\library.dat
C:\Documents and Settings\Hurricane\Application Data\LimeWire\limewire.props
C:\Documents and Settings\Hurricane\Application Data\LimeWire\mojito.props
C:\Documents and Settings\Hurricane\Application Data\LimeWire\passive.mojito
C:\Documents and Settings\Hurricane\Application Data\LimeWire\promotion\promodb.properties
C:\Documents and Settings\Hurricane\Application Data\LimeWire\promotion\promodb.script
C:\Documents and Settings\Hurricane\Application Data\LimeWire\questions.props
C:\Documents and Settings\Hurricane\Application Data\LimeWire\responses.cache
C:\Documents and Settings\Hurricane\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\Hurricane\Application Data\LimeWire\spam.dat
C:\Documents and Settings\Hurricane\Application Data\LimeWire\tables.props
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\logo.png
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\notsearching.png
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\searching.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\splash.png
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\splashpro.png
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\version.txt
C:\Documents and Settings\Hurricane\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\ttree.cache
C:\Documents and Settings\Hurricane\Application Data\LimeWire\ttrees.cache
C:\Documents and Settings\Hurricane\Application Data\LimeWire\ttroot.cache
C:\Documents and Settings\Hurricane\Application Data\LimeWire\version.xml
C:\Documents and Settings\Hurricane\Application Data\LimeWire\versions.props
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\data\audio.sxml2
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\data\delete_me
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\misc\application.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\misc\audio.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\misc\document.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\misc\image.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\misc\video.gif
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\schemas\application.xsd
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\schemas\audio.xsd
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\schemas\document.xsd
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\schemas\image.xsd
C:\Documents and Settings\Hurricane\Application Data\LimeWire\xml\schemas\video.xsd
C:\Documents and Settings\Hurricane\Application Data\stophtmmanager
C:\Documents and Settings\Hurricane\Application Data\stophtmmanager\0
C:\Documents and Settings\Hurricane\Application Data\stophtmmanager\czjlvzve.exe
C:\Documents and Settings\Hurricane\Application Data\stophtmmanager\size title corn.exe
C:\Documents and Settings\Hurricane\Application Data\stophtmmanager\STUPIDENC4.exe
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\BitDownload-4.5.0.0-setup.exe
C:\Program Files\BitTorrent Fastest Tool\BitP.exe
C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
C:\Program Files\Conduit
C:\Program Files\stophtmmanager
C:\Program Files\torrent_search
C:\WINDOWS\system32\aylsjjfgbfolbovd.dll-uninst.exe
C:\WINDOWS\system32\g15.exe
C:\WINDOWS\SYSTEM32\LoveFly.dll
C:\WINDOWS\system32\wgjonxvfsowvtsexe.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 )))))))))))))))))))))))))))))))
.
2008-09-24 16:15 . 2008-09-24 16:15 <DIR> d-------- C:\Program Files\Sun
2008-09-24 08:44 . 2008-09-24 08:44 <DIR> d-------- C:\rsit
2008-09-21 18:49 . 2008-09-21 18:49 <DIR> d-------- C:\Program Files\Bluehell Productions
2008-09-21 14:13 . 2008-09-21 14:13 <DIR> d-------- C:\Program Files\Zone Labs
2008-09-21 14:12 . 2008-09-21 14:13 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-09-20 21:16 . 2008-09-20 21:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 21:16 . 2008-09-20 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-20 14:30 . 2008-09-20 14:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-19 20:36 . 2008-09-19 20:36 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-19 20:36 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-19 17:19 . 2008-09-19 17:21 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-16 22:40 . 2008-09-16 22:40 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-16 22:38 . 2008-09-16 22:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-16 22:33 . 2008-09-16 22:33 <DIR> d-------- C:\WINDOWS\EHome
2008-09-16 19:53 . 2008-08-06 15:27 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-09-16 19:53 . 2008-08-06 15:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-09-14 15:10 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-07 12:00 . 2008-09-07 12:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-07 12:00 . 2008-09-10 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-02 01:12 . 2008-09-02 01:12 <DIR> d-------- C:\Documents and Settings\Hurricane\Application Data\GoldWaveCDDB
2008-09-02 01:12 . 2008-09-02 01:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
2008-09-01 23:08 . 2008-09-01 23:08 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2008-09-01 23:08 . 2008-09-01 23:08 3,625 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-09-01 23:06 . 2008-09-01 23:06 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Wave64 Codec.bmp
2008-09-01 23:06 . 2008-09-01 23:06 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.bmp
2008-09-01 23:06 . 2008-09-01 23:05 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp
2008-09-01 23:06 . 2008-09-01 23:06 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.bmp
2008-09-01 23:06 . 2008-09-01 23:06 11,473 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2008-09-01 23:06 . 2008-09-01 23:06 2,228 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2008-09-01 23:06 . 2008-09-01 23:06 1,844 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2008-09-01 23:06 . 2008-09-01 23:06 1,224 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
2008-09-01 22:58 . 2008-09-01 23:01 <DIR> d-------- C:\Documents and Settings\Hurricane\Application Data\dBpoweramp
2008-09-01 22:48 . 2008-09-01 22:48 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2008-09-01 22:48 . 2008-09-01 22:48 3,400 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2008-09-01 22:40 . 2008-09-01 22:40 <DIR> d-------- C:\Documents and Settings\Hurricane\Application Data\AccurateRip
2008-09-01 22:40 . 2008-09-01 22:40 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-09-01 22:40 . 2008-09-01 22:40 13,783 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 01:08 --------- d-----w C:\Program Files\World of Warcraft
2008-09-24 20:14 --------- d-----w C:\Program Files\Java
2008-09-24 13:19 --------- d-----w C:\Program Files\Steam
2008-09-21 14:03 --------- d-----w C:\Program Files\Warcraft III
2008-09-21 01:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 03:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-20 03:13 --------- d-----w C:\Program Files\NCSoft
2008-09-02 03:08 1,073,528 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-21 21:57 24 ----a-w C:\Documents and Settings\Hurricane\jagex_runescape_preferences.dat
2008-07-28 22:50 --------- d-----w C:\Program Files\Windows Live
2008-07-28 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-28 22:40 --------- d-----w C:\Documents and Settings\Hurricane\Application Data\MSNInstaller
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-12-06 22:01 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-17 01:36 12,449 ----a-w C:\Documents and Settings\Hurricane\monster_spray.zip
2007-11-17 01:34 18,349 ----a-w C:\Documents and Settings\Hurricane\yamiarcticfakev2.zip
2007-11-08 03:21 3,420,904 ----a-w C:\Documents and Settings\Hurricane\xfire_installer_28504.exe
2007-11-07 01:34 22,951 ----a-w C:\Documents and Settings\Hurricane\slipknot_2.zip
.
((((((((((((((((((((((((((((( snapshot@2008-09-21_17.23.32.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-21 18:40:21 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-25 12:40:15 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-21 18:40:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-25 12:40:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-21 18:40:21 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-25 12:40:15 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-30 23:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-19 02:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-07-30 23:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-19 02:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-30 23:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-19 02:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-19 02:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-30 23:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 02:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-30 23:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-19 02:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-30 23:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 02:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-09-25 12:52:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 20:12 169984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-30 08:35:41 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-28 09:35 1271032 c:\Program Files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-27 17:16 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-09-12 04:58 16264192 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 06:04 2879488 C:\WINDOWS\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\Steam\\SteamApps\\warstick\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Bluehell Productions\\Red Alert - A Path Beyond\\renalert.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 10:35 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37 20560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40e7809a-67ae-11dc-9b64-00508dc81bb9}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5efef848-661d-11dc-9b5b-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
.
Hi
Yes, that seems to be the correct one :)
Those Kaspersky findings (mirc.exe related entry can be ignored) will be removed when you uninstall ComboFix. Instructions below.
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
Download SpywareBlaster
Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
kill bits
in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
You can download SpywareBlaster here here (http://majorgeeks.com/downloadget.php?id=2859&file=11&evp=61b0e8ad41924a03c37615f4682b4cef)
SpywareBlaster tutorial (http://www.bleepingcomputer.com/forums/tutorial49.html)
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
See here (http://www.freebyte.com/antivirus/#firewalls) to choose one if you don't have a 3rd party firewall installed.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
snakes300
2008-09-25, 22:34
thanks, my computer is running faster, and i dont have to worry about that nasty keylogger anymore :), thanks alot.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.