Big problems!

N

necw00

New member
Here it is a printscreen with all the problems that i have :
bitch.gif


1) i can not use command promt*says it has been disabled by administrator??*
2)every time i shutdown/restart at the begging of the windows they will scan using*chkdsk* my second partition*not the one were the windows is*
3)sidebar doesn't work...you can check the error in the printscreen
4)no msn and yahoo messenger are working.even if i try to uninstall it says the same error
5)windows task manager is blocked*meanning that it will show the same processes , cpu Usage and Commit Charge untill i close and i open it again*

Norton says that i have Vundo.I use the program to fixvundo but it doesn't detect anything.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58 AM, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\Windows\Temp\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Webteh\BSplayerPro\bsplayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
D:\miranda\MirandaPortable\MirandaPortable.exe
D:\miranda\MirandaPortable\App\miranda\miranda32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhf.exe
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DT PHL] C:\Program Files\Philips Display\SmartControl II\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Windows\Temp\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\WINDOWS\Temp\RarSFX0\YAHOOM~3.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Visual Task Tips.lnk = C:\ppApps\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CA26613-9F84-46B6-AE0E-CB6F5CD6A5FC}: NameServer = 89.34.200.2,193.19.192.2
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
also i can not uninstall those programs and they won't work...if i install them after the next reboot all the folders will be deleted...
 
now i had to uninstall my firewall and antivirus because both of them gave errors and didn't function but they occupied all the cpu memory.

please i really need help now :|
 
now i had to uninstall my firewall and antivirus because both of them gave errors and didn't function but they occupied all the cpu memory.

please i really need help now :|

i have something in task manager : swdsvc.exe which uses 100% of my cpu
 
i am sorry for the delay but because of my pc it was hard to scan with kaspersky :

Thursday, December 13, 2007 9:34:53 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/12/2007
Kaspersky Anti-Virus database records: 481736
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\Windows\Temp\
Scan Statistics
Total number of scanned objects 18238
Number of viruses found 4
Number of infected objects 5
Number of suspicious objects 0
Duration of the scan process 00:44:26

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S4E995525.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{669800B2-842E-43E0-A06D-B35E6A20E68C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\mljgebx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\WINDOWS\system32\nqfgjgyo.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wcdjcxmd.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\wrbtfkpr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\Temp\fla418.tmp Object is locked skipped
C:\WINDOWS\Temp\~DF3D3F.tmp Object is locked skipped
C:\WINDOWS\Temp\~DF55C1.tmp Object is locked skipped
C:\WINDOWS\Temp\~DFCE96.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Windows\Temp\fla418.tmp Object is locked skipped
C:\Windows\Temp\fla4C6.tmp Object is locked skipped
C:\Windows\Temp\~DF3D3F.tmp Object is locked skipped
C:\Windows\Temp\~DF55C1.tmp Object is locked skipped
C:\Windows\Temp\~DFCE96.tmp Object is locked skipped
 
Hi necw00 and welcome to Safer Networking Forums :)

Rename HijackThis.exe to necw00.exe and post back a fresh HijackThis log, please.
 
here it is :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:26 AM, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\keqmrphq.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Philips Display\SmartControl II\DTHtml.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Greatis\RegRunSuite\lsoon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\Temp\RarSFX0\YAHOOM~3.EXE
C:\ppApps\VisualTaskTips\VisualTaskTips.exe
C:\Windows\Temp\AAWTray.exe
C:\Windows\Temp\HPWuSchd2.exe
C:\Windows\Temp\DTHtml.exe
C:\Windows\Temp\DataLayer.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\necw.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhf.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {f4541240-316b-cc88-9204-423f59d0be05} - {50eb0d95-f324-4029-88cc-b6130421454f} - C:\WINDOWS\system32\awtcupgw.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B437DA33-AFCD-4B92-811F-7E9817F7316E} - C:\WINDOWS\system32\pmkhf.dll
O2 - BHO: (no name) - {CD0DED2A-749C-43A0-87FA-58F8DE5D8190} - (no file)
O2 - BHO: (no name) - {e6343b00-60e7-4ff8-9f76-7a451e623f95} - (no file)
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DT PHL] C:\Program Files\Philips Display\SmartControl II\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Windows\Temp\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\WINDOWS\Temp\RarSFX0\YAHOOM~3.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Visual Task Tips.lnk = C:\ppApps\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CA26613-9F84-46B6-AE0E-CB6F5CD6A5FC}: NameServer = 89.34.200.2,193.19.192.2
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\keqmrphq.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

--
End of file - 8571 bytes
 
Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Post:

- a fresh HijackThis log
- combofix report
 
ComboFix 07-12-16.4 - Administrator 2007-12-17 11:53:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.173 [GMT 2:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\keqmrphq.exe
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\TEMP.\cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))
.

2007-12-17 11:57 . 2007-12-17 11:57 329,824 --------- C:\WINDOWS\system32\pmkhf.dll
2007-12-17 11:43 . 2007-12-17 11:58 333,312 --a------ C:\WINDOWS\system32\pmkhf.exe
2007-12-17 10:50 . 2007-12-17 11:39 <DIR> d-------- C:\VundoFix Backups
2007-12-15 06:20 . 2007-12-15 06:20 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-15 06:06 . 2007-12-15 06:06 <DIR> d-------- C:\Program Files\ImTOO
2007-12-13 22:40 . 2007-12-14 08:49 934,218 ---hs---- C:\WINDOWS\system32\dwnbunpq.ini
2007-12-13 20:20 . 2007-12-13 20:20 <DIR> d-------- C:\Users\All Users\Application Data\Kaspersky Lab
2007-12-13 10:59 . 2007-12-13 10:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-13 10:36 . 2007-12-13 10:36 <DIR> d-------- C:\Users\All Users\Application Data\comodo
2007-12-13 10:36 . 2007-12-13 20:02 <DIR> d-------- C:\Users\Administrator\Application Data\Comodo
2007-12-13 10:35 . 2007-12-13 20:02 <DIR> d-------- C:\Program Files\COMODO
2007-12-13 10:10 . 2007-12-13 10:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-13 09:55 . 2007-12-13 09:55 <DIR> d-------- C:\Users\All Users\Application Data\Yahoo! Companion
2007-12-13 09:47 . 2007-12-13 12:10 <DIR> d-------- C:\Users\All Users\Application Data\Spybot - Search & Destroy
2007-12-13 09:05 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-12 20:33 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-12-12 20:33 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-12-12 20:33 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-12-12 20:33 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-12-12 20:31 . 2007-12-12 20:31 <DIR> d-------- C:\Program Files\HP
2007-12-12 20:31 . 2007-12-12 20:34 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-12 20:30 . 2007-12-12 20:34 833,155 --a------ C:\WINDOWS\hpdj3740.his
2007-12-12 20:30 . 2007-12-12 20:34 10,649 --a------ C:\WINDOWS\hpdj3740.ini
2007-12-12 20:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-11 21:14 . 2007-07-06 14:46 660,992 --------- C:\WINDOWS\system32\dllcache\mqqm.dll
2007-12-11 21:14 . 2007-07-06 14:46 471,552 --------- C:\WINDOWS\system32\dllcache\mqutil.dll
2007-12-11 21:14 . 2007-07-06 14:46 177,152 --------- C:\WINDOWS\system32\dllcache\mqrt.dll
2007-12-11 21:14 . 2007-07-06 14:46 138,240 --------- C:\WINDOWS\system32\dllcache\mqad.dll
2007-12-11 21:14 . 2007-07-06 14:46 95,744 --------- C:\WINDOWS\system32\dllcache\mqsec.dll
2007-12-11 21:14 . 2007-07-06 12:05 72,960 --------- C:\WINDOWS\system32\dllcache\mqac.sys
2007-12-11 21:14 . 2007-07-06 14:46 48,640 --------- C:\WINDOWS\system32\dllcache\mqupgrd.dll
2007-12-11 21:14 . 2007-07-06 14:46 47,104 --------- C:\WINDOWS\system32\dllcache\mqdscli.dll
2007-12-11 21:14 . 2007-07-06 14:46 16,896 --------- C:\WINDOWS\system32\dllcache\mqise.dll
2007-12-11 21:12 . 2007-10-30 00:43 1,287,680 --------- C:\WINDOWS\system32\dllcache\quartz.dll
2007-12-11 21:01 . 2007-12-11 21:01 333,312 --a------ C:\WINDOWS\system32\RCX2B.tmp
2007-12-11 00:30 . 2007-12-11 00:35 <DIR> d-------- C:\Program Files\webcamXP
2007-12-10 09:16 . 2007-12-10 09:16 0 --a------ C:\WINDOWS\vpc32.INI
2007-12-10 09:09 . 2007-12-10 09:09 <DIR> d-------- C:\Users\LocalService\Application Data\Yahoo!
2007-12-10 08:36 . 2007-12-13 19:52 <DIR> d-------- C:\Users\All Users\Application Data\Symantec
2007-12-10 08:36 . 2007-12-13 19:53 <DIR> d-------- C:\Program Files\Symantec
2007-12-10 08:36 . 2007-12-13 19:54 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-07 11:28 . 2007-12-07 11:29 <DIR> d-------- C:\Users\Administrator\Application Data\Media Player Classic
2007-12-05 23:10 . 2007-12-05 23:10 <DIR> d-------- C:\D
2007-12-05 18:40 . 2007-12-17 11:58 78 --a------ C:\WINDOWS\lsoon.ini
2007-12-05 10:02 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-12-05 09:54 . 2007-12-05 09:54 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-12-05 09:52 . 2007-12-05 09:52 <DIR> d-------- C:\Users\Administrator\Application Data\Regrun
2007-12-05 09:46 . 2007-12-05 09:46 <DIR> d-------- C:\Program Files\Greatis
2007-12-05 09:35 . 2007-12-05 09:35 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-04 11:25 . 2007-12-04 11:26 <DIR> d-------- C:\Program Files\Professional Registry Doctor
2007-12-04 10:06 . 2007-12-04 10:06 <DIR> d-------- C:\WINDOWS\Sun
2007-12-03 22:33 . 2007-12-03 22:33 <DIR> d-------- C:\Users\Administrator\Application Data\Sports Interactive
2007-11-30 20:48 . 2007-12-13 10:07 <DIR> d-------- C:\Users\Administrator\Application Data\Yahoo!
2007-11-30 07:28 . 2007-11-30 07:28 <DIR> d-------- C:\Users\All Users\Application Data\ESET
2007-11-29 21:34 . 2007-12-12 09:43 0 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-29 20:43 . 2007-11-29 20:43 <DIR> d-------- C:\Users\Administrator\Application Data\PolyEdit
2007-11-27 12:13 . 2007-11-27 12:13 <DIR> d-------- C:\Program Files\Cheating-Death
2007-11-22 22:35 . 2007-12-05 09:21 <DIR> d-------- C:\Users\Administrator\Application Data\Hamachi
2007-11-22 22:30 . 2007-11-22 22:35 <DIR> d-------- C:\Program Files\Hamachi
2007-11-22 22:30 . 2007-11-22 22:30 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-22 21:16 . 2007-12-03 09:11 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-11-22 21:14 . 2007-11-22 21:14 <DIR> d--h----- C:\Users\Administrator\InstallAnywhere
2007-11-22 20:17 . 2007-11-22 20:21 <DIR> d-------- C:\Program Files\UseNeXT
2007-11-22 20:17 . 2007-11-22 20:17 160 --a------ C:\WINDOWS\system32\del32.bat
2007-11-21 10:06 . 2007-11-21 10:06 <DIR> d-------- C:\Users\Administrator\Application Data\InstallShield Installation Information
2007-11-21 09:52 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-21 09:52 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-21 09:52 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-21 09:52 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-21 09:52 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-21 09:52 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-11-21 09:51 . 2007-11-21 09:51 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-11-21 09:51 . 2007-11-21 09:51 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-11-21 07:13 . 2007-11-21 07:14 <DIR> d-------- C:\Program Files\Smugglers 3
2007-11-20 00:13 . 1992-06-10 03:10 9,279 --a------ C:\WINDOWS\TDDEBUG.386
2007-11-20 00:13 . 1992-06-10 03:10 8,096 --a------ C:\WINDOWS\GROUPS.EXE
2007-11-20 00:13 . 2007-11-20 00:13 1,191 --a------ C:\WINDOWS\GROUPS.B$$
2007-11-20 00:13 . 1992-06-10 03:10 766 --a------ C:\WINDOWS\BC.ICO
2007-11-20 00:13 . 1992-06-10 03:10 545 --a------ C:\WINDOWS\BC.PIF
2007-11-20 00:12 . 1992-06-10 03:10 130,224 --a------ C:\WINDOWS\system\BWCC.DLL
2007-11-20 00:12 . 1992-06-10 03:10 766 --a------ C:\WINDOWS\HELP.ICO
2007-11-20 00:12 . 2007-11-20 00:12 144 --a------ C:\WINDOWS\TDW.INI
2007-11-19 07:05 . 2007-11-19 07:05 268 --ah----- C:\sqmdata05.sqm
2007-11-19 07:05 . 2007-11-19 07:05 244 --ah----- C:\sqmnoopt05.sqm
2007-11-18 22:45 . 2007-11-18 22:45 <DIR> d-------- C:\Users\Administrator\Application Data\Lavasoft
2007-11-18 22:25 . 2007-11-18 22:25 268 --ah----- C:\sqmdata04.sqm
2007-11-18 22:25 . 2007-11-18 22:25 244 --ah----- C:\sqmnoopt04.sqm
2007-11-18 22:16 . 2007-11-18 22:16 268 --ah----- C:\sqmdata03.sqm
2007-11-18 22:16 . 2007-11-18 22:16 244 --ah----- C:\sqmnoopt03.sqm
2007-11-17 18:08 . 2007-11-17 18:08 268 --ah----- C:\sqmdata02.sqm
2007-11-17 18:08 . 2007-11-17 18:08 244 --ah----- C:\sqmnoopt02.sqm
2007-11-17 18:07 . 2007-11-17 18:07 <DIR> d-------- C:\Users\Administrator\Application Data\DisplayTune
2007-11-17 18:06 . 2007-11-17 18:06 <DIR> d-------- C:\Program Files\Philips Display
2007-11-17 18:06 . 2007-11-17 18:06 <DIR> d-------- C:\Program Files\Common Files\Portrait Displays
2007-11-17 16:43 . 2007-11-17 16:43 268 --ah----- C:\sqmdata01.sqm
2007-11-17 16:43 . 2007-11-17 16:43 244 --ah----- C:\sqmnoopt01.sqm
2007-11-17 06:07 . 2007-11-17 06:07 268 --ah----- C:\sqmdata00.sqm
2007-11-17 06:07 . 2007-11-17 06:07 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 09:58 --------- d-----w C:\Program Files\Windows Sidebar
2007-12-16 21:51 --------- d-----w C:\Users\Administrator\Application Data\uTorrent
2007-12-15 04:22 --------- d-----w C:\Users\Administrator\Application Data\PC Suite
2007-12-15 04:20 --------- d-----w C:\Program Files\Nokia
2007-12-15 04:20 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-11 20:25 --------- d-----w C:\Users\All Users\Application Data\Yahoo!
2007-12-11 20:24 --------- d-----w C:\Program Files\Yahoo!
2007-12-11 04:46 --------- d-----w C:\Program Files\TaskSwitchXP
2007-12-05 07:20 1,184,256 ----a-w C:\WINDOWS\system32\mmm.exe
2007-11-21 07:52 --------- d-----w C:\Program Files\DIFX
2007-11-21 07:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 09:01 --------- d-----w C:\Users\Administrator\Application Data\temp
2007-11-18 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 19:29 --------- d-----w C:\Users\Administrator\Application Data\Nokia
2007-11-16 19:27 --------- d-----w C:\Users\All Users\Application Data\Nokia
2007-11-16 19:25 --------- d-----w C:\Users\All Users\Application Data\Installations
2007-11-15 20:34 --------- d-----w C:\Program Files\HAM
2007-11-15 20:28 151,888 ----a-w C:\WINDOWS\HAM Uninstaller.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-04 11:09 --------- d-----w C:\Users\All Users\Application Data\PC Suite
2007-11-04 11:07 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-01 22:59 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-01 13:51 --------- d-----w C:\Users\Administrator\Application Data\BSplayer PRO
2007-11-01 13:39 --------- d-----w C:\Program Files\Webteh
2007-11-01 13:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-01 13:01 --------- d-----w C:\Users\Administrator\Application Data\Winamp
2007-11-01 12:51 --------- d-----w C:\Program Files\Winamp
2007-11-01 12:50 --------- d-----w C:\Users\Administrator\Application Data\Talkback
2007-11-01 12:37 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-11-01 12:36 --------- d-----w C:\Program Files\AvRack
2007-11-01 12:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-01 12:23 --------- d-----w C:\Program Files\Windows Sidebar GadgetInstaller
2007-11-01 12:22 --------- d-----w C:\Program Files\uTorrent
2007-11-01 12:22 --------- d-----w C:\Program Files\Universal Extractor
2007-11-01 12:21 --------- d-----w C:\Program Files\Spyware Terminator
2007-11-01 12:21 --------- d-----w C:\Program Files\SetupSetupS
2007-11-01 12:21 --------- d-----w C:\Program Files\MSECache
2007-11-01 12:20 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-01 12:20 --------- d-----w C:\Program Files\Microsoft Works
2007-11-01 12:20 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-01 12:19 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-01 12:18 --------- d-----w C:\Program Files\Opera
2007-11-01 12:18 --------- d-----w C:\Program Files\My Company Name
2007-11-01 12:18 --------- d-----w C:\Program Files\Elaborate Bytes
2007-11-01 12:18 --------- d-----w C:\Program Files\Desktop
2007-11-01 12:17 --------- d-----w C:\Users\All Users\Application Data\Lavasoft
2007-11-01 12:17 --------- d-----w C:\Program Files\Lavasoft
2007-11-01 12:17 --------- d-----w C:\Program Files\AddonInstaller
2007-11-01 12:14 --------- d-----w C:\Program Files\Utilities
2007-11-01 12:08 --------- d-----w C:\Program Files\Java
2007-11-01 12:08 --------- d-----w C:\Program Files\Common Files\Java
2007-11-01 12:06 --------- d-----w C:\Program Files\Microsoft
2007-11-01 12:06 --------- d-----w C:\Program Files\Attribute Changer
2007-11-01 12:05 --------- d-----w C:\Program Files\Alky for Applications
2007-11-01 12:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-31 03:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 15:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 15:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-18 08:21 270,336 ----a-w C:\WINDOWS\system32\Settings.exe
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 12:09 114,688 ----a-w C:\WINDOWS\system32\setupold.exe
2007-10-10 12:09 114,688 ----a-w C:\WINDOWS\MyOEM.exe
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 09:42 1,134,592 ----a-w C:\WINDOWS\system32\winntbbu.dll
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-10 04:48 963,072 ----a-w C:\WINDOWS\system32\wsecedit.dll
2007-10-10 04:48 38,912 ----a-w C:\WINDOWS\system32\wpabaln.exe
2007-10-10 04:48 360,960 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2007-10-10 04:48 351,704 ----a-w C:\WINDOWS\system32\wuauclt1.exe
2007-10-10 04:48 34,816 ----a-w C:\WINDOWS\system32\write.exe
2007-10-10 04:48 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe
2007-10-10 04:48 3,862,528 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2007-10-10 04:48 194,520 ----a-w C:\WINDOWS\system32\wuaueng1.dll
2007-10-10 04:48 163,840 ----a-w C:\WINDOWS\system32\wscript.exe
2007-10-10 04:48 161,792 ----a-w C:\WINDOWS\system32\wpd_ci.dll
.
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50eb0d95-f324-4029-88cc-b6130421454f}]
C:\WINDOWS\system32\awtcupgw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D88AD145-47C3-4EA5-B8D6-A09CA6F391E0}]
2007-12-17 11:57 329824 --------- C:\WINDOWS\system32\pmkhf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" []
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" []
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-12-17 10:27]
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" []
"Registry"="C:\Program Files\Greatis\RegRunSuite\lsoon.exe" [2007-12-17 10:27]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-12-17 10:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2007-10-10 06:43 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 03:22 C:\WINDOWS\system32\nwiz.exe]
"SystemTray"="SysTray.Exe" [2001-08-23 14:00 C:\WINDOWS\system32\systray.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 12:23 C:\WINDOWS\SOUNDMAN.EXE]
"NvMediaCenter"="RUNDLL32.exe" [2007-10-10 06:43 C:\WINDOWS\system32\rundll32.exe]
"DT PHL"="C:\Program Files\Philips Display\SmartControl II\DTHtml.exe" [2007-12-17 10:27]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-12-17 11:58]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" []
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-12-17 10:27]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2007-12-17 11:18]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-12-17 11:18]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" []
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-10-11 01:55 C:\WINDOWS\system32\advpack.dll]
"NewUser"="C:\WINDOWS\System32\NewUser.cmd" [2007-10-10 14:44]

C:\Users\Administrator\Start Menu\Programs\Startup\
Visual Task Tips.lnk - C:\ppApps\VisualTaskTips\VisualTaskTips.exe [2007-11-01 14:26:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoToolbarsOnTaskbar"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoToolbarsOnTaskbar"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= C:\Program Files\Greatis\RegRunSuite\RRShell.dll [2004-11-02 10:15 368711]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\pmkhf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AAWTray"=C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
S3 ISODrive;ISO CD-ROM Device Driver;\??\C:\ppApps\UltraISO\drivers\ISODrive.sys
S3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ WebClient LmHosts upnphost SSDPSRV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe -q

*Newly Created Service* - ASPI32
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 12:00:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\pmkhf.dll
-> C:\ppApps\VisualTaskTips\VttHooks.dll
-> C:\Program Files\Common Files\Portrait Displays\Shared\dthook.dll
-> C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
.
Completion time: 2007-12-17 12:00:56 - machine was rebooted
.
2007-12-13 09:03:20 --- E O F ---
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:57 PM, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Windows\Temp\AAWTray.exe
C:\Windows\Temp\DTHtml.exe
C:\Windows\Temp\DataLayer.exe
C:\ppApps\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\necw.exe
C:\WINDOWS\system32\Notepad2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhf.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {f4541240-316b-cc88-9204-423f59d0be05} - {50eb0d95-f324-4029-88cc-b6130421454f} - C:\WINDOWS\system32\awtcupgw.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {D88AD145-47C3-4EA5-B8D6-A09CA6F391E0} - C:\WINDOWS\system32\pmkhf.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DT PHL] C:\Program Files\Philips Display\SmartControl II\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Visual Task Tips.lnk = C:\ppApps\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CA26613-9F84-46B6-AE0E-CB6F5CD6A5FC}: NameServer = 89.34.200.2,193.19.192.2
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

--
End of file - 7400 bytes
 
Hi

It looks like that some your startup programs might be modified by malware.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
 
All the files we're visible before the scan because i always set windows to show invisible files.


File: AAWTray.exe
Status:
INFECTED/MALWARE
MD5: 66adefb8083948eaf02585c51b198e75
Packers detected:
-
Bit9 reports: File not found
A-Squared
Found nothing
AntiVir
Found TR/Vundo.Gen
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found Dropper.Generic.SLT
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
 
404 Not Found
The requested URL '/sUBs/beta/ComboFix.exe' was not found on this server.
thttpd/2.25b 29dec2003
 
i have to tell you that before you repley'd to my post i made a vundoscan fix:


VundoFix V6.7.7

Checking Java version...

Scan started at 10:50:00 AM 17/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtcupgw.dll
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\keqmrphq.exe
C:\WINDOWS\system32\mljgebx.dll
C:\WINDOWS\system32\nqfgjgyo.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmkhf.exe
C:\WINDOWS\system32\qpnubnwd.dll
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\wcdjcxmd.dll
C:\WINDOWS\system32\wrbtfkpr.dll
C:\WINDOWS\Temp\hpcmpmgr.exe
C:\WINDOWS\Temp\mmm.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtcupgw.dll
C:\WINDOWS\system32\awtcupgw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\fhkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\keqmrphq.exe
C:\WINDOWS\system32\keqmrphq.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mljgebx.dll
C:\WINDOWS\system32\mljgebx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\nqfgjgyo.dll
C:\WINDOWS\system32\nqfgjgyo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmkhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhf.exe
C:\WINDOWS\system32\pmkhf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpnubnwd.dll
C:\WINDOWS\system32\qpnubnwd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wcdjcxmd.dll
C:\WINDOWS\system32\wcdjcxmd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wrbtfkpr.dll
C:\WINDOWS\system32\wrbtfkpr.dll Has been deleted!

Attempting to delete C:\WINDOWS\Temp\hpcmpmgr.exe
C:\WINDOWS\Temp\hpcmpmgr.exe Has been deleted!

Attempting to delete C:\WINDOWS\Temp\mmm.exe
C:\WINDOWS\Temp\mmm.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\keqmrphq.exe
C:\WINDOWS\system32\keqmrphq.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mljgebx.dll
C:\WINDOWS\system32\mljgebx.dll Has been deleted!

Performing Repairs to the registry.
Done!
 
Hi

Thanks for info.

It also showed that startup programs are infected:

Listing files found while scanning....

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

Attempting to delete C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe Has been deleted!

In other words, prepare to re-install these programs after you're clean:

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DT PHL] C:\Program Files\Philips Display\SmartControl II\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
 
ComboFix 07-12-16.4 - Administrator 2007-12-17 12:23:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.187 [GMT 2:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\pmkhf.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))
.

2007-12-17 12:27 . 2007-12-17 12:27 329,824 --------- C:\WINDOWS\system32\pmkhf.dll
2007-12-17 11:43 . 2007-12-17 12:27 333,312 --a------ C:\WINDOWS\system32\pmkhf.exe
2007-12-17 10:50 . 2007-12-17 11:39 <DIR> d-------- C:\VundoFix Backups
2007-12-15 06:20 . 2007-12-15 06:20 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-15 06:06 . 2007-12-15 06:06 <DIR> d-------- C:\Program Files\ImTOO
2007-12-13 22:40 . 2007-12-14 08:49 934,218 ---hs---- C:\WINDOWS\system32\dwnbunpq.ini
2007-12-13 20:20 . 2007-12-13 20:20 <DIR> d-------- C:\Users\All Users\Application Data\Kaspersky Lab
2007-12-13 10:59 . 2007-12-13 10:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-13 10:36 . 2007-12-13 10:36 <DIR> d-------- C:\Users\All Users\Application Data\comodo
2007-12-13 10:36 . 2007-12-13 20:02 <DIR> d-------- C:\Users\Administrator\Application Data\Comodo
2007-12-13 10:35 . 2007-12-13 20:02 <DIR> d-------- C:\Program Files\COMODO
2007-12-13 10:10 . 2007-12-13 10:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-13 09:55 . 2007-12-13 09:55 <DIR> d-------- C:\Users\All Users\Application Data\Yahoo! Companion
2007-12-13 09:47 . 2007-12-13 12:10 <DIR> d-------- C:\Users\All Users\Application Data\Spybot - Search & Destroy
2007-12-13 09:05 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-12 20:33 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-12-12 20:33 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-12-12 20:33 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-12-12 20:33 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-12-12 20:31 . 2007-12-12 20:31 <DIR> d-------- C:\Program Files\HP
2007-12-12 20:31 . 2007-12-12 20:34 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-12 20:30 . 2007-12-12 20:34 833,155 --a------ C:\WINDOWS\hpdj3740.his
2007-12-12 20:30 . 2007-12-12 20:34 10,649 --a------ C:\WINDOWS\hpdj3740.ini
2007-12-12 20:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-11 21:14 . 2007-07-06 14:46 660,992 --------- C:\WINDOWS\system32\dllcache\mqqm.dll
2007-12-11 21:14 . 2007-07-06 14:46 471,552 --------- C:\WINDOWS\system32\dllcache\mqutil.dll
2007-12-11 21:14 . 2007-07-06 14:46 177,152 --------- C:\WINDOWS\system32\dllcache\mqrt.dll
2007-12-11 21:14 . 2007-07-06 14:46 138,240 --------- C:\WINDOWS\system32\dllcache\mqad.dll
2007-12-11 21:14 . 2007-07-06 14:46 95,744 --------- C:\WINDOWS\system32\dllcache\mqsec.dll
2007-12-11 21:14 . 2007-07-06 12:05 72,960 --------- C:\WINDOWS\system32\dllcache\mqac.sys
2007-12-11 21:14 . 2007-07-06 14:46 48,640 --------- C:\WINDOWS\system32\dllcache\mqupgrd.dll
2007-12-11 21:14 . 2007-07-06 14:46 47,104 --------- C:\WINDOWS\system32\dllcache\mqdscli.dll
2007-12-11 21:14 . 2007-07-06 14:46 16,896 --------- C:\WINDOWS\system32\dllcache\mqise.dll
2007-12-11 21:12 . 2007-10-30 00:43 1,287,680 --------- C:\WINDOWS\system32\dllcache\quartz.dll
2007-12-11 21:01 . 2007-12-11 21:01 333,312 --a------ C:\WINDOWS\system32\RCX2B.tmp
2007-12-11 00:30 . 2007-12-11 00:35 <DIR> d-------- C:\Program Files\webcamXP
2007-12-10 09:16 . 2007-12-10 09:16 0 --a------ C:\WINDOWS\vpc32.INI
2007-12-10 09:09 . 2007-12-10 09:09 <DIR> d-------- C:\Users\LocalService\Application Data\Yahoo!
2007-12-10 08:36 . 2007-12-13 19:52 <DIR> d-------- C:\Users\All Users\Application Data\Symantec
2007-12-10 08:36 . 2007-12-13 19:53 <DIR> d-------- C:\Program Files\Symantec
2007-12-10 08:36 . 2007-12-13 19:54 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-07 11:28 . 2007-12-07 11:29 <DIR> d-------- C:\Users\Administrator\Application Data\Media Player Classic
2007-12-05 23:10 . 2007-12-05 23:10 <DIR> d-------- C:\D
2007-12-05 18:40 . 2007-12-17 11:58 78 --a------ C:\WINDOWS\lsoon.ini
2007-12-05 10:02 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-12-05 09:54 . 2007-12-05 09:54 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-12-05 09:52 . 2007-12-05 09:52 <DIR> d-------- C:\Users\Administrator\Application Data\Regrun
2007-12-05 09:46 . 2007-12-05 09:46 <DIR> d-------- C:\Program Files\Greatis
2007-12-05 09:35 . 2007-12-05 09:35 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-04 11:25 . 2007-12-04 11:26 <DIR> d-------- C:\Program Files\Professional Registry Doctor
2007-12-04 10:06 . 2007-12-04 10:06 <DIR> d-------- C:\WINDOWS\Sun
2007-12-03 22:33 . 2007-12-03 22:33 <DIR> d-------- C:\Users\Administrator\Application Data\Sports Interactive
2007-11-30 20:48 . 2007-12-13 10:07 <DIR> d-------- C:\Users\Administrator\Application Data\Yahoo!
2007-11-30 07:28 . 2007-11-30 07:28 <DIR> d-------- C:\Users\All Users\Application Data\ESET
2007-11-29 21:34 . 2007-12-12 09:43 0 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-29 20:43 . 2007-11-29 20:43 <DIR> d-------- C:\Users\Administrator\Application Data\PolyEdit
2007-11-27 12:13 . 2007-11-27 12:13 <DIR> d-------- C:\Program Files\Cheating-Death
2007-11-22 22:35 . 2007-12-05 09:21 <DIR> d-------- C:\Users\Administrator\Application Data\Hamachi
2007-11-22 22:30 . 2007-11-22 22:35 <DIR> d-------- C:\Program Files\Hamachi
2007-11-22 22:30 . 2007-11-22 22:30 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-22 21:16 . 2007-12-03 09:11 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-11-22 21:14 . 2007-11-22 21:14 <DIR> d--h----- C:\Users\Administrator\InstallAnywhere
2007-11-22 20:17 . 2007-11-22 20:21 <DIR> d-------- C:\Program Files\UseNeXT
2007-11-22 20:17 . 2007-11-22 20:17 160 --a------ C:\WINDOWS\system32\del32.bat
2007-11-21 10:06 . 2007-11-21 10:06 <DIR> d-------- C:\Users\Administrator\Application Data\InstallShield Installation Information
2007-11-21 09:52 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-21 09:52 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-21 09:52 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-21 09:52 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-21 09:52 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-21 09:52 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-11-21 09:51 . 2007-11-21 09:51 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-11-21 09:51 . 2007-11-21 09:51 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-11-21 07:13 . 2007-11-21 07:14 <DIR> d-------- C:\Program Files\Smugglers 3
2007-11-20 00:13 . 1992-06-10 03:10 9,279 --a------ C:\WINDOWS\TDDEBUG.386
2007-11-20 00:13 . 1992-06-10 03:10 8,096 --a------ C:\WINDOWS\GROUPS.EXE
2007-11-20 00:13 . 2007-11-20 00:13 1,191 --a------ C:\WINDOWS\GROUPS.B$$
2007-11-20 00:13 . 1992-06-10 03:10 766 --a------ C:\WINDOWS\BC.ICO
2007-11-20 00:13 . 1992-06-10 03:10 545 --a------ C:\WINDOWS\BC.PIF
2007-11-20 00:12 . 1992-06-10 03:10 130,224 --a------ C:\WINDOWS\system\BWCC.DLL
2007-11-20 00:12 . 1992-06-10 03:10 766 --a------ C:\WINDOWS\HELP.ICO
2007-11-20 00:12 . 2007-11-20 00:12 144 --a------ C:\WINDOWS\TDW.INI
2007-11-19 07:05 . 2007-11-19 07:05 268 --ah----- C:\sqmdata05.sqm
2007-11-19 07:05 . 2007-11-19 07:05 244 --ah----- C:\sqmnoopt05.sqm
2007-11-18 22:45 . 2007-11-18 22:45 <DIR> d-------- C:\Users\Administrator\Application Data\Lavasoft
2007-11-18 22:25 . 2007-11-18 22:25 268 --ah----- C:\sqmdata04.sqm
2007-11-18 22:25 . 2007-11-18 22:25 244 --ah----- C:\sqmnoopt04.sqm
2007-11-18 22:16 . 2007-11-18 22:16 268 --ah----- C:\sqmdata03.sqm
2007-11-18 22:16 . 2007-11-18 22:16 244 --ah----- C:\sqmnoopt03.sqm
2007-11-17 18:08 . 2007-11-17 18:08 268 --ah----- C:\sqmdata02.sqm
2007-11-17 18:08 . 2007-11-17 18:08 244 --ah----- C:\sqmnoopt02.sqm
2007-11-17 18:07 . 2007-11-17 18:07 <DIR> d-------- C:\Users\Administrator\Application Data\DisplayTune
2007-11-17 18:06 . 2007-11-17 18:06 <DIR> d-------- C:\Program Files\Philips Display
2007-11-17 18:06 . 2007-11-17 18:06 <DIR> d-------- C:\Program Files\Common Files\Portrait Displays
2007-11-17 16:43 . 2007-11-17 16:43 268 --ah----- C:\sqmdata01.sqm
2007-11-17 16:43 . 2007-11-17 16:43 244 --ah----- C:\sqmnoopt01.sqm
2007-11-17 06:07 . 2007-11-17 06:07 268 --ah----- C:\sqmdata00.sqm
2007-11-17 06:07 . 2007-11-17 06:07 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 10:27 --------- d-----w C:\Program Files\Windows Sidebar
2007-12-16 21:51 --------- d-----w C:\Users\Administrator\Application Data\uTorrent
2007-12-15 04:22 --------- d-----w C:\Users\Administrator\Application Data\PC Suite
2007-12-15 04:20 --------- d-----w C:\Program Files\Nokia
2007-12-15 04:20 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-11 20:25 --------- d-----w C:\Users\All Users\Application Data\Yahoo!
2007-12-11 20:24 --------- d-----w C:\Program Files\Yahoo!
2007-12-11 04:46 --------- d-----w C:\Program Files\TaskSwitchXP
2007-12-05 07:20 1,184,256 ----a-w C:\WINDOWS\system32\mmm.exe
2007-11-21 07:52 --------- d-----w C:\Program Files\DIFX
2007-11-21 07:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 09:01 --------- d-----w C:\Users\Administrator\Application Data\temp
2007-11-18 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 19:29 --------- d-----w C:\Users\Administrator\Application Data\Nokia
2007-11-16 19:27 --------- d-----w C:\Users\All Users\Application Data\Nokia
2007-11-16 19:25 --------- d-----w C:\Users\All Users\Application Data\Installations
2007-11-15 20:34 --------- d-----w C:\Program Files\HAM
2007-11-15 20:28 151,888 ----a-w C:\WINDOWS\HAM Uninstaller.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-04 11:09 --------- d-----w C:\Users\All Users\Application Data\PC Suite
2007-11-04 11:07 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-01 22:59 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-01 13:51 --------- d-----w C:\Users\Administrator\Application Data\BSplayer PRO
2007-11-01 13:39 --------- d-----w C:\Program Files\Webteh
2007-11-01 13:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-01 13:01 --------- d-----w C:\Users\Administrator\Application Data\Winamp
2007-11-01 12:51 --------- d-----w C:\Program Files\Winamp
2007-11-01 12:50 --------- d-----w C:\Users\Administrator\Application Data\Talkback
2007-11-01 12:37 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-11-01 12:36 --------- d-----w C:\Program Files\AvRack
2007-11-01 12:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-01 12:23 --------- d-----w C:\Program Files\Windows Sidebar GadgetInstaller
2007-11-01 12:22 --------- d-----w C:\Program Files\uTorrent
2007-11-01 12:22 --------- d-----w C:\Program Files\Universal Extractor
2007-11-01 12:21 --------- d-----w C:\Program Files\Spyware Terminator
2007-11-01 12:21 --------- d-----w C:\Program Files\SetupSetupS
2007-11-01 12:21 --------- d-----w C:\Program Files\MSECache
2007-11-01 12:20 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-01 12:20 --------- d-----w C:\Program Files\Microsoft Works
2007-11-01 12:20 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-01 12:19 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-01 12:18 --------- d-----w C:\Program Files\Opera
2007-11-01 12:18 --------- d-----w C:\Program Files\My Company Name
2007-11-01 12:18 --------- d-----w C:\Program Files\Elaborate Bytes
2007-11-01 12:18 --------- d-----w C:\Program Files\Desktop
2007-11-01 12:17 --------- d-----w C:\Users\All Users\Application Data\Lavasoft
2007-11-01 12:17 --------- d-----w C:\Program Files\Lavasoft
2007-11-01 12:17 --------- d-----w C:\Program Files\AddonInstaller
2007-11-01 12:14 --------- d-----w C:\Program Files\Utilities
2007-11-01 12:08 --------- d-----w C:\Program Files\Java
2007-11-01 12:08 --------- d-----w C:\Program Files\Common Files\Java
2007-11-01 12:06 --------- d-----w C:\Program Files\Microsoft
2007-11-01 12:06 --------- d-----w C:\Program Files\Attribute Changer
2007-11-01 12:05 --------- d-----w C:\Program Files\Alky for Applications
2007-11-01 12:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-31 03:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 15:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 15:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-18 08:21 270,336 ----a-w C:\WINDOWS\system32\Settings.exe
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 12:09 114,688 ----a-w C:\WINDOWS\system32\setupold.exe
2007-10-10 12:09 114,688 ----a-w C:\WINDOWS\MyOEM.exe
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 09:42 1,134,592 ----a-w C:\WINDOWS\system32\winntbbu.dll
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-10 04:48 963,072 ----a-w C:\WINDOWS\system32\wsecedit.dll
2007-10-10 04:48 38,912 ----a-w C:\WINDOWS\system32\wpabaln.exe
2007-10-10 04:48 360,960 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2007-10-10 04:48 351,704 ----a-w C:\WINDOWS\system32\wuauclt1.exe
2007-10-10 04:48 34,816 ----a-w C:\WINDOWS\system32\write.exe
2007-10-10 04:48 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe
2007-10-10 04:48 3,862,528 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2007-10-10 04:48 194,520 ----a-w C:\WINDOWS\system32\wuaueng1.dll
2007-10-10 04:48 163,840 ----a-w C:\WINDOWS\system32\wscript.exe
2007-10-10 04:48 161,792 ----a-w C:\WINDOWS\system32\wpd_ci.dll
 
You must log in or register to reply here.
Back
Top