Malware Trouble

Y

yukukuhi

New member
My PC is infected with Mallware and some other junks as well. Please Help. Please Reply And Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:50 PM, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVerTV\QuickTV.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - C:\PROGRA~1\Ofb1\Ofb1.dll (file missing)
O2 - BHO: (no name) - {484FFC3E-5891-BD10-0BED-75DFED1D8FA1} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdneu.exe] C:\WINDOWS\system32\kdneu.exe
O4 - HKLM\..\Run: [Amok web bash obj] C:\Documents and Settings\All Users\Application Data\seek film amok web\Mail proc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DOES WEB] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\For That Data.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7456 bytes

Link to my previous thread: http://forums.spybot.info/showthread.php?p=261228
 
Hi yukukuhi

Disable resident protections (Antivirus...); you'll re-enable them after the scan

DownloadLop S&D here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (C:\lopR.txt)
 
Lop S&D

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 02/22/06 23:50:09 Ver: 08.00.10
USER : s.s.ram ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:2 Go)
E:\ (Local Disk) - NTFS - Total:90 Go (Free:2 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Mon 12/08/2008|19:40 )

--------------------\\ Listing folders in APPLIC~1

[09/08/2007|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/08/2007|04:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[04/15/2007|06:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[01/13/2008|04:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[01/12/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[01/12/2008|04:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[11/15/2007|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/15/2007|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/23/2008|04:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[05/05/2007|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[09/25/2007|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[04/19/2007|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/22/2008|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[06/04/2007|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[09/03/2007|01:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterVideo
[01/14/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Metacafe
[04/13/2007|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/05/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[04/14/2007|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Plan log bias support
[06/17/2007|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[11/22/2008|06:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> seek film amok web
[06/04/2007|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[11/21/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[04/15/2007|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[12/07/2008|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/03/2007|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[04/15/2007|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/13/2007|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[05/02/2007|06:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[04/13/2007|09:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[11/23/2008|02:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[06/04/2007|08:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio

[11/23/2008|02:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[04/16/2007|06:31] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> .BitTornado
[09/16/2007|06:56] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AccurateRip
[07/05/2008|12:12] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Adobe
[04/16/2007|09:20] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Ahead
[04/14/2007|09:19] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> ANTI SCR HOLE
[01/13/2008|04:06] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AOL
[04/20/2007|09:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Apple Computer
[12/08/2008|06:59] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Avant Browser
[04/16/2007|02:18] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AVS Video Converter
[04/22/2007|01:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AVSMedia
[11/22/2008|06:38] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> bleh bat
[04/01/2008|05:51] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Cuttermaran
[09/25/2007|09:47] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> CyberLink
[09/05/2008|11:21] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> DAEMON Tools
[02/28/2008|09:57] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> dBpoweramp
[05/12/2007|09:06] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> DivX
[02/09/2008|09:02] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Dr. DivX 2.0 OSS
[02/11/2008|02:45] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> FLV Extract
[10/10/2007|02:28] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> GetRightToGo
[04/19/2007|03:25] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Google
[04/18/2007|03:00] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Help
[04/13/2007|10:21] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Identities
[03/25/2008|11:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> iLike
[03/01/2008|08:29] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Jasc
[09/01/2007|10:11] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> LEAPS
[05/15/2008|06:04] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Macromedia
[02/09/2008|08:36] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Media Player Classic
[12/08/2008|07:01] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> MegauploadToolbar
[11/23/2008|02:38] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Microsoft
[11/11/2007|04:14] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Moyea
[02/06/2008|08:22] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Mozilla
[04/16/2007|09:47] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> NetPumper
[09/08/2007|04:59] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Opera
[06/05/2008|11:05] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Orbit
[04/24/2007|05:16] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Pegasys Inc
[04/14/2007|09:18] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Proxy Byte Rule
[03/31/2008|02:07] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Real
[10/16/2007|10:44] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Rediff.com
[06/04/2007|08:12] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Roxio
[04/15/2007|03:17] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/06/2007|06:31] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Symantec
[12/07/2008|12:46] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> U3
[09/03/2007|02:29] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Ulead Systems
[05/02/2008|02:28] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Uniblue
[05/06/2007|10:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> VideoReDoPlus
[12/07/2008|08:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> VideoReDo-TVSuite
[04/14/2007|09:47] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> WinRAR
[11/11/2007|06:19] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Xilisoft Corporation
[04/14/2007|02:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> yahoo!


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/08/2008 07:00 PM][--ah-----] C:\WINDOWS\tasks\AFB1EB1C918E9C84.job
[12/06/2008 02:53 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/02/2008 09:00 PM][--a------] C:\WINDOWS\tasks\At22.job
[10/23/2008 11:00 PM][--a------] C:\WINDOWS\tasks\At24.job
[11/22/2008 10:00 PM][--a------] C:\WINDOWS\tasks\At23.job
[12/08/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At20.job
[12/07/2008 08:00 PM][--a------] C:\WINDOWS\tasks\At21.job
[12/08/2008 06:00 PM][--a------] C:\WINDOWS\tasks\At19.job
[12/08/2008 05:00 PM][--a------] C:\WINDOWS\tasks\At18.job
[12/07/2008 01:00 PM][--a------] C:\WINDOWS\tasks\At14.job
[12/07/2008 02:00 PM][--a------] C:\WINDOWS\tasks\At15.job
[12/08/2008 03:00 PM][--a------] C:\WINDOWS\tasks\At16.job
[12/08/2008 04:00 PM][--a------] C:\WINDOWS\tasks\At17.job
[12/08/2008 12:00 PM][--a------] C:\WINDOWS\tasks\At13.job
[12/08/2008 10:00 AM][--a------] C:\WINDOWS\tasks\At11.job
[12/08/2008 11:00 AM][--a------] C:\WINDOWS\tasks\At12.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At7.job
[09/15/2008 08:00 AM][--a------] C:\WINDOWS\tasks\At9.job
[12/05/2008 09:00 AM][--a------] C:\WINDOWS\tasks\At10.job
[04/30/2008 07:00 AM][--a------] C:\WINDOWS\tasks\At8.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At5.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At6.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At4.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At3.job
[11/14/2008 01:00 AM][--a------] C:\WINDOWS\tasks\At2.job
[10/22/2008 12:00 AM][--a------] C:\WINDOWS\tasks\At1.job
[12/08/2008 02:34 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09/01/2004 01:30 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AFB1EB1C918E9C84.job )=( c:\docume~1\ss1611~1.ram\applic~1\blehba~1\livehidecity.exe )

--------------------\\ Listing Folders in C:\Program Files

[09/08/2007|05:16] C:\Program Files\<DIR> Adobe
[08/13/2007|02:24] C:\Program Files\<DIR> Ahead
[06/05/2008|11:59] C:\Program Files\<DIR> AMVapp
[04/10/2008|02:32] C:\Program Files\<DIR> Anti-Leech
[11/15/2007|04:00] C:\Program Files\<DIR> Apple Software Update
[11/29/2008|07:23] C:\Program Files\<DIR> ARWizard3
[06/28/2008|05:28] C:\Program Files\<DIR> Avant Browser
[06/22/2007|11:17] C:\Program Files\<DIR> AVerMedia
[11/29/2008|08:18] C:\Program Files\<DIR> AVerTV
[11/23/2008|02:41] C:\Program Files\<DIR> AVG
[06/17/2007|04:46] C:\Program Files\<DIR> AVI MPEG WMV RM to MP3 Converter
[12/05/2008|08:03] C:\Program Files\<DIR> avisplit
[06/05/2008|11:58] C:\Program Files\<DIR> AviSynth 2.5
[03/02/2008|02:11] C:\Program Files\<DIR> AVSMedia
[04/14/2007|05:40] C:\Program Files\<DIR> BitTornado
[11/22/2008|06:33] C:\Program Files\<DIR> bleh bat
[03/30/2008|01:12] C:\Program Files\<DIR> Boilsoft Video Joiner
[03/28/2008|08:52] C:\Program Files\<DIR> Boilsoft Video Splitter
[11/09/2008|11:57] C:\Program Files\<DIR> Common Files
[11/07/2007|03:14] C:\Program Files\<DIR> Coolwallpaper
[10/01/2007|06:40] C:\Program Files\<DIR> CyberLink
[09/05/2008|11:05] C:\Program Files\<DIR> Disciples Demo
[01/28/2008|06:16] C:\Program Files\<DIR> DivX
[04/02/2008|08:10] C:\Program Files\<DIR> DVD Decrypter
[06/04/2008|07:27] C:\Program Files\<DIR> ffdshow
[05/07/2008|04:01] C:\Program Files\<DIR> Google
[02/16/2008|04:37] C:\Program Files\<DIR> Illustrate
[04/01/2008|11:43] C:\Program Files\<DIR> InstallShield Installation Information
[11/09/2008|11:58] C:\Program Files\<DIR> Intel
[02/11/2008|02:40] C:\Program Files\<DIR> Internet Explorer
[11/15/2007|04:03] C:\Program Files\<DIR> iPod
[05/17/2007|01:08] C:\Program Files\<DIR> Ipwindows
[06/03/2008|10:57] C:\Program Files\<DIR> iTunes
[09/01/2007|01:03] C:\Program Files\<DIR> MegauploadToolbar
[04/13/2007|10:06] C:\Program Files\<DIR> Messenger
[04/13/2007|10:24] C:\Program Files\<DIR> Microsoft ActiveSync
[04/13/2007|10:11] C:\Program Files\<DIR> microsoft frontpage
[11/09/2008|11:56] C:\Program Files\<DIR> Microsoft Games
[04/13/2007|10:23] C:\Program Files\<DIR> Microsoft Office
[06/17/2007|08:04] C:\Program Files\<DIR> Mobile Action
[04/13/2007|10:08] C:\Program Files\<DIR> Movie Maker
[12/08/2008|07:04] C:\Program Files\<DIR> Mozilla Firefox
[10/14/2007|02:16] C:\Program Files\<DIR> MSN
[04/13/2007|10:06] C:\Program Files\<DIR> MSN Gaming Zone
[02/11/2008|10:44] C:\Program Files\<DIR> NetMeeting
[11/23/2008|05:29] C:\Program Files\<DIR> NetPumper
[06/05/2008|11:47] C:\Program Files\<DIR> New Folder
[04/13/2007|10:06] C:\Program Files\<DIR> Online Services
[04/13/2007|10:07] C:\Program Files\<DIR> Outlook Express
[11/09/2008|02:07] C:\Program Files\<DIR> Panda Security
[11/15/2007|04:02] C:\Program Files\<DIR> QuickTime
[04/16/2007|07:00] C:\Program Files\<DIR> Real
[05/12/2007|02:36] C:\Program Files\<DIR> Realtek
[07/11/2008|06:31] C:\Program Files\<DIR> Replay Media Catcher
[06/04/2008|08:59] C:\Program Files\<DIR> Smallvideosoft
[04/04/2008|08:21] C:\Program Files\<DIR> SourceForge
[11/20/2008|08:39] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/21/2008|12:28] C:\Program Files\<DIR> Trend Micro
[09/03/2007|01:40] C:\Program Files\<DIR> Ulead Systems
[04/13/2007|10:21] C:\Program Files\<DIR> Uninstall Information
[11/13/2007|11:32] C:\Program Files\<DIR> Veoh Networks
[10/13/2008|04:19] C:\Program Files\<DIR> VideoReDoTVSuite
[09/03/2007|01:42] C:\Program Files\<DIR> Windows Media Components
[04/13/2007|10:06] C:\Program Files\<DIR> Windows Media Player
[04/13/2007|10:05] C:\Program Files\<DIR> Windows NT
[04/13/2007|10:09] C:\Program Files\<DIR> WindowsUpdate
[04/14/2007|09:46] C:\Program Files\<DIR> WinRAR
[04/01/2008|05:13] C:\Program Files\<DIR> Womble Multimedia
[04/13/2007|10:11] C:\Program Files\<DIR> xerox
[06/04/2008|02:13] C:\Program Files\<DIR> Xilisoft
[06/05/2008|11:49] C:\Program Files\<DIR> Xvid
[04/13/2007|11:30] C:\Program Files\<DIR> Yahoo!
[03/28/2008|03:34] C:\Program Files\<DIR> Yamb

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/08/2007|05:15] C:\Program Files\Common Files\<DIR> Adobe
[09/08/2007|05:13] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[08/13/2007|02:17] C:\Program Files\Common Files\<DIR> Ahead
[06/22/2007|11:17] C:\Program Files\Common Files\<DIR> AVerMedia
[09/13/2007|06:26] C:\Program Files\Common Files\<DIR> AVSMedia
[04/13/2007|10:24] C:\Program Files\Common Files\<DIR> Designer
[06/17/2007|09:40] C:\Program Files\Common Files\<DIR> InstallShield
[02/11/2008|02:40] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/13/2007|10:08] C:\Program Files\Common Files\<DIR> MSSoap
[04/15/2007|06:51] C:\Program Files\Common Files\<DIR> Nero
[04/13/2007|09:58] C:\Program Files\Common Files\<DIR> ODBC
[04/16/2007|07:00] C:\Program Files\Common Files\<DIR> Real
[06/17/2007|09:40] C:\Program Files\Common Files\<DIR> Roxio Shared
[04/15/2007|05:28] C:\Program Files\Common Files\<DIR> Scanner
[04/13/2007|10:08] C:\Program Files\Common Files\<DIR> Services
[04/13/2007|09:58] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/02/2008|03:45] C:\Program Files\Common Files\<DIR> SWF Studio
[11/11/2007|01:59] C:\Program Files\Common Files\<DIR> Symantec Shared
[04/13/2007|10:07] C:\Program Files\Common Files\<DIR> System
[01/14/2008|06:08] C:\Program Files\Common Files\<DIR> TV
[09/03/2007|01:41] C:\Program Files\Common Files\<DIR> Ulead Systems
[04/16/2007|07:00] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 33 Processes )

IEXPLORE.EXE ~ [PID:1664]
IEXPLORE.EXE ~ [PID:2212]

--------------------\\ Searching with S_Lop

C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\bweibtvz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\digmqanm.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\For That Data.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\hvauqfgi.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\hweabytw.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\kmqiwkzb.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\livehidecity.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\mjbboleg.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\mqbdiwdq.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\shzydvaz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\trjopohz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\ydntujqc.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\ztslisjw.exe

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web
C:\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web\Mail proc.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\bweibtvz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\digmqanm.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\For That Data.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\hvauqfgi.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\hweabytw.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\kmqiwkzb.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\livehidecity.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\mjbboleg.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\mqbdiwdq.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\shzydvaz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\trjopohz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\ydntujqc.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\ztslisjw.exe
C:\Program Files\blehba~1
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper\s.s.ram.1.ini
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper\s.s.ram.ini
C:\Program Files\NetPumper
C:\Program Files\NetPumper\AddUrl.htm
C:\Program Files\NetPumper\Anti-Leech
C:\Program Files\NetPumper\help
C:\Program Files\NetPumper\NetPumper.exe
C:\Program Files\NetPumper\README.txt
C:\Program Files\NetPumper\unins000.dat
C:\Program Files\NetPumper\unins000.exe
C:\Program Files\NetPumper\x.bat
C:\Program Files\NetPumper\ZM
C:\WINDOWS\Tasks\AFB1EB1C918E9C84.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spam start build]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\SS1611~1.RAM\\APPLIC~1\\BLEHBA~1\\For That Data.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DOES WEB"="C:\\DOCUME~1\\SS1611~1.RAM\\APPLIC~1\\BLEHBA~1\\For That Data.exe"
"DOES WEB"="C:\\DOCUME~1\\SS1611~1.RAM\\APPLIC~1\\BLEHBA~1\\For That Data.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amok web bash obj"="C:\\Documents and Settings\\All Users\\Application Data\\seek film amok web\\Mail proc.exe"

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 19:41:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job



[F:43][D:103]-> C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\Temp
[F:6][D:0]-> C:\DOCUME~1\SS1611~1.RAM\Cookies
[F:636][D:4]-> C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - Mon 12/08/2008|19:42 - Option : [1]

--------------------\\ Scan completed at 19:42:06
 
Restart Lop S&D

This time choose Option 2 (Fix + Hosts)
Don't close the window during suppression!
Post the log which is created: (C:\lopR.txt)
 
Option 2 (Fix + Hosts)

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 02/22/06 23:50:09 Ver: 08.00.10
USER : s.s.ram ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:2 Go)
E:\ (Local Disk) - NTFS - Total:90 Go (Free:4 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( Wed 12/10/2008|12:09 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web\Mail proc.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\bweibtvz.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\digmqanm.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\For That Data.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\hvauqfgi.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\hweabytw.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\kmqiwkzb.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\livehidecity.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\mjbboleg.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\mqbdiwdq.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\shzydvaz.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\trjopohz.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\ydntujqc.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\ztslisjw.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper\s.s.ram.1.ini
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper\s.s.ram.ini
Deleted! - C:\Program Files\NetPumper\AddUrl.htm
Deleted! - C:\Program Files\NetPumper\Anti-Leech
Deleted! - C:\Program Files\NetPumper\help
Deleted! - C:\Program Files\NetPumper\NetPumper.exe
Deleted! - C:\Program Files\NetPumper\README.txt
Deleted! - C:\Program Files\NetPumper\unins000.dat
Deleted! - C:\Program Files\NetPumper\unins000.exe
Deleted! - C:\Program Files\NetPumper\x.bat
Deleted! - C:\Program Files\NetPumper\ZM
Deleted! - C:\WINDOWS\Tasks\AFB1EB1C918E9C84.job
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1
Deleted! - C:\Program Files\blehba~1
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper
Deleted! - C:\Program Files\NetPumper
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[09/08/2007|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/08/2007|04:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[04/15/2007|06:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[01/13/2008|04:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[01/12/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[01/12/2008|04:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[11/15/2007|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/15/2007|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/23/2008|04:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[05/05/2007|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[09/25/2007|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[04/19/2007|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/22/2008|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[06/04/2007|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[09/03/2007|01:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterVideo
[01/14/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Metacafe
[04/13/2007|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/05/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[04/14/2007|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Plan log bias support
[06/17/2007|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[06/04/2007|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[11/21/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[04/15/2007|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[12/07/2008|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/03/2007|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[04/15/2007|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/13/2007|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[05/02/2007|06:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[04/13/2007|09:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[11/23/2008|02:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[06/04/2007|08:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio

[11/23/2008|02:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[04/16/2007|06:31] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> .BitTornado
[09/16/2007|06:56] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AccurateRip
[07/05/2008|12:12] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Adobe
[04/16/2007|09:20] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Ahead
[04/14/2007|09:19] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> ANTI SCR HOLE
[01/13/2008|04:06] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AOL
[04/20/2007|09:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Apple Computer
[12/10/2008|10:08] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Avant Browser
[04/16/2007|02:18] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AVS Video Converter
[04/22/2007|01:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AVSMedia
[04/01/2008|05:51] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Cuttermaran
[09/25/2007|09:47] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> CyberLink
[09/05/2008|11:21] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> DAEMON Tools
[02/28/2008|09:57] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> dBpoweramp
[05/12/2007|09:06] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> DivX
[02/09/2008|09:02] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Dr. DivX 2.0 OSS
[02/11/2008|02:45] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> FLV Extract
[10/10/2007|02:28] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> GetRightToGo
[04/19/2007|03:25] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Google
[04/18/2007|03:00] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Help
[04/13/2007|10:21] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Identities
[03/25/2008|11:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> iLike
[03/01/2008|08:29] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Jasc
[09/01/2007|10:11] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> LEAPS
[05/15/2008|06:04] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Macromedia
[02/09/2008|08:36] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Media Player Classic
[12/10/2008|12:06] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> MegauploadToolbar
[11/23/2008|02:38] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Microsoft
[11/11/2007|04:14] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Moyea
[02/06/2008|08:22] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Mozilla
[09/08/2007|04:59] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Opera
[06/05/2008|11:05] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Orbit
[04/24/2007|05:16] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Pegasys Inc
[04/14/2007|09:18] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Proxy Byte Rule
[03/31/2008|02:07] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Real
[10/16/2007|10:44] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Rediff.com
[06/04/2007|08:12] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Roxio
[04/15/2007|03:17] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/06/2007|06:31] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Symantec
[12/07/2008|12:46] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> U3
[09/03/2007|02:29] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Ulead Systems
[05/02/2008|02:28] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Uniblue
[05/06/2007|10:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> VideoReDoPlus
[12/07/2008|08:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> VideoReDo-TVSuite
[04/14/2007|09:47] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> WinRAR
[11/11/2007|06:19] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Xilisoft Corporation
[04/14/2007|02:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> yahoo!


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/06/2008 02:53 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/09/2008 09:00 PM][--a------] C:\WINDOWS\tasks\At22.job
[12/09/2008 11:00 PM][--a------] C:\WINDOWS\tasks\At24.job
[11/22/2008 10:00 PM][--a------] C:\WINDOWS\tasks\At23.job
[12/09/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At20.job
[12/09/2008 08:00 PM][--a------] C:\WINDOWS\tasks\At21.job
[12/09/2008 05:00 PM][--a------] C:\WINDOWS\tasks\At18.job
[12/09/2008 06:00 PM][--a------] C:\WINDOWS\tasks\At19.job
[12/07/2008 01:00 PM][--a------] C:\WINDOWS\tasks\At14.job
[12/07/2008 02:00 PM][--a------] C:\WINDOWS\tasks\At15.job
[12/09/2008 03:00 PM][--a------] C:\WINDOWS\tasks\At16.job
[12/09/2008 04:00 PM][--a------] C:\WINDOWS\tasks\At17.job
[12/10/2008 12:00 PM][--a------] C:\WINDOWS\tasks\At13.job
[12/10/2008 10:00 AM][--a------] C:\WINDOWS\tasks\At11.job
[12/10/2008 11:00 AM][--a------] C:\WINDOWS\tasks\At12.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At7.job
[09/15/2008 08:00 AM][--a------] C:\WINDOWS\tasks\At9.job
[04/30/2008 07:00 AM][--a------] C:\WINDOWS\tasks\At8.job
[12/05/2008 09:00 AM][--a------] C:\WINDOWS\tasks\At10.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At5.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At6.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At4.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At3.job
[11/14/2008 01:00 AM][--a------] C:\WINDOWS\tasks\At2.job
[10/22/2008 12:00 AM][--a------] C:\WINDOWS\tasks\At1.job
[12/10/2008 09:15 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09/01/2004 01:30 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/08/2007|05:16] C:\Program Files\<DIR> Adobe
[08/13/2007|02:24] C:\Program Files\<DIR> Ahead
[12/09/2008|07:38] C:\Program Files\<DIR> AMVapp
[04/10/2008|02:32] C:\Program Files\<DIR> Anti-Leech
[11/15/2007|04:00] C:\Program Files\<DIR> Apple Software Update
[11/29/2008|07:23] C:\Program Files\<DIR> ARWizard3
[06/28/2008|05:28] C:\Program Files\<DIR> Avant Browser
[06/22/2007|11:17] C:\Program Files\<DIR> AVerMedia
[11/29/2008|08:18] C:\Program Files\<DIR> AVerTV
[11/23/2008|02:41] C:\Program Files\<DIR> AVG
[06/17/2007|04:46] C:\Program Files\<DIR> AVI MPEG WMV RM to MP3 Converter
[12/05/2008|08:03] C:\Program Files\<DIR> avisplit
[12/09/2008|07:35] C:\Program Files\<DIR> AviSynth 2.5
[03/02/2008|02:11] C:\Program Files\<DIR> AVSMedia
[04/14/2007|05:40] C:\Program Files\<DIR> BitTornado
[03/30/2008|01:12] C:\Program Files\<DIR> Boilsoft Video Joiner
[03/28/2008|08:52] C:\Program Files\<DIR> Boilsoft Video Splitter
[11/09/2008|11:57] C:\Program Files\<DIR> Common Files
[11/07/2007|03:14] C:\Program Files\<DIR> Coolwallpaper
[10/01/2007|06:40] C:\Program Files\<DIR> CyberLink
[09/05/2008|11:05] C:\Program Files\<DIR> Disciples Demo
[01/28/2008|06:16] C:\Program Files\<DIR> DivX
[04/02/2008|08:10] C:\Program Files\<DIR> DVD Decrypter
[12/09/2008|07:59] C:\Program Files\<DIR> ffdshow
[05/07/2008|04:01] C:\Program Files\<DIR> Google
[02/16/2008|04:37] C:\Program Files\<DIR> Illustrate
[04/01/2008|11:43] C:\Program Files\<DIR> InstallShield Installation Information
[11/09/2008|11:58] C:\Program Files\<DIR> Intel
[02/11/2008|02:40] C:\Program Files\<DIR> Internet Explorer
[11/15/2007|04:03] C:\Program Files\<DIR> iPod
[05/17/2007|01:08] C:\Program Files\<DIR> Ipwindows
[06/03/2008|10:57] C:\Program Files\<DIR> iTunes
[09/01/2007|01:03] C:\Program Files\<DIR> MegauploadToolbar
[04/13/2007|10:06] C:\Program Files\<DIR> Messenger
[04/13/2007|10:24] C:\Program Files\<DIR> Microsoft ActiveSync
[04/13/2007|10:11] C:\Program Files\<DIR> microsoft frontpage
[11/09/2008|11:56] C:\Program Files\<DIR> Microsoft Games
[04/13/2007|10:23] C:\Program Files\<DIR> Microsoft Office
[12/09/2008|06:52] C:\Program Files\<DIR> MKVtoolnix
[06/17/2007|08:04] C:\Program Files\<DIR> Mobile Action
[04/13/2007|10:08] C:\Program Files\<DIR> Movie Maker
[12/10/2008|12:06] C:\Program Files\<DIR> Mozilla Firefox
[10/14/2007|02:16] C:\Program Files\<DIR> MSN
[04/13/2007|10:06] C:\Program Files\<DIR> MSN Gaming Zone
[02/11/2008|10:44] C:\Program Files\<DIR> NetMeeting
[06/05/2008|11:47] C:\Program Files\<DIR> New Folder
[04/13/2007|10:06] C:\Program Files\<DIR> Online Services
[04/13/2007|10:07] C:\Program Files\<DIR> Outlook Express
[11/09/2008|02:07] C:\Program Files\<DIR> Panda Security
[11/15/2007|04:02] C:\Program Files\<DIR> QuickTime
[04/16/2007|07:00] C:\Program Files\<DIR> Real
[05/12/2007|02:36] C:\Program Files\<DIR> Realtek
[07/11/2008|06:31] C:\Program Files\<DIR> Replay Media Catcher
[06/04/2008|08:59] C:\Program Files\<DIR> Smallvideosoft
[04/04/2008|08:21] C:\Program Files\<DIR> SourceForge
[11/20/2008|08:39] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/21/2008|12:28] C:\Program Files\<DIR> Trend Micro
[09/03/2007|01:40] C:\Program Files\<DIR> Ulead Systems
[04/13/2007|10:21] C:\Program Files\<DIR> Uninstall Information
[11/13/2007|11:32] C:\Program Files\<DIR> Veoh Networks
[10/13/2008|04:19] C:\Program Files\<DIR> VideoReDoTVSuite
[09/03/2007|01:42] C:\Program Files\<DIR> Windows Media Components
[04/13/2007|10:06] C:\Program Files\<DIR> Windows Media Player
[04/13/2007|10:05] C:\Program Files\<DIR> Windows NT
[04/13/2007|10:09] C:\Program Files\<DIR> WindowsUpdate
[04/14/2007|09:46] C:\Program Files\<DIR> WinRAR
[04/01/2008|05:13] C:\Program Files\<DIR> Womble Multimedia
[04/13/2007|10:11] C:\Program Files\<DIR> xerox
[06/04/2008|02:13] C:\Program Files\<DIR> Xilisoft
[06/05/2008|11:49] C:\Program Files\<DIR> Xvid
[04/13/2007|11:30] C:\Program Files\<DIR> Yahoo!
[03/28/2008|03:34] C:\Program Files\<DIR> Yamb

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/08/2007|05:15] C:\Program Files\Common Files\<DIR> Adobe
[09/08/2007|05:13] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[08/13/2007|02:17] C:\Program Files\Common Files\<DIR> Ahead
[06/22/2007|11:17] C:\Program Files\Common Files\<DIR> AVerMedia
[09/13/2007|06:26] C:\Program Files\Common Files\<DIR> AVSMedia
[04/13/2007|10:24] C:\Program Files\Common Files\<DIR> Designer
[06/17/2007|09:40] C:\Program Files\Common Files\<DIR> InstallShield
[02/11/2008|02:40] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/13/2007|10:08] C:\Program Files\Common Files\<DIR> MSSoap
[04/15/2007|06:51] C:\Program Files\Common Files\<DIR> Nero
[04/13/2007|09:58] C:\Program Files\Common Files\<DIR> ODBC
[04/16/2007|07:00] C:\Program Files\Common Files\<DIR> Real
[06/17/2007|09:40] C:\Program Files\Common Files\<DIR> Roxio Shared
[04/15/2007|05:28] C:\Program Files\Common Files\<DIR> Scanner
[04/13/2007|10:08] C:\Program Files\Common Files\<DIR> Services
[04/13/2007|09:58] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/02/2008|03:45] C:\Program Files\Common Files\<DIR> SWF Studio
[11/11/2007|01:59] C:\Program Files\Common Files\<DIR> Symantec Shared
[04/13/2007|10:07] C:\Program Files\Common Files\<DIR> System
[01/14/2008|06:08] C:\Program Files\Common Files\<DIR> TV
[09/03/2007|01:41] C:\Program Files\Common Files\<DIR> Ulead Systems
[04/16/2007|07:00] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 32 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\Temp\nsisdt.dll

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 12:11:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job



[F:49][D:103]-> C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\Temp
[F:28][D:0]-> C:\DOCUME~1\SS1611~1.RAM\Cookies
[F:1683][D:4]-> C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - Mon 12/08/2008|19:42 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Wed 12/10/2008|12:11 - Option : [2]

--------------------\\ Scan completed at 12:11:45
 
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
uninstall_list

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
AMVapp 2.1
AMVapp Audio Apps 2.0
AMVapp Support Tools 2.0
Apple Software Update
Audio Record Wizard v3.98
Avant Browser (remove only)
AVerTV GO 007 FM Plus
AVG Free 8.0
AVI MPEG WMV RM to MP3 Converter 1.6.8
AVI Splitter
AviSynth 2.5
Avisynth Filters 2.5x
AVS DVD Player version 2.4
BitTornado 0.3.8
Boilsoft Video Joiner 5.01
Boilsoft Video Splitter 5.01
dBpowerAMP
dBpoweramp DSP Effects
dBpoweramp Music Converter
DGMPEGDec 1.2.1
DivX Web Player
DVD Decrypter (Remove Only)
ffdshow [rev 1846] [2008-02-05]
Google Toolbar for Internet Explorer
Helix YUV Codecs (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-11-17
iTunes
Lossless Codecs
Megaupload Toolbar
Microsoft .NET Framework 2.0
Microsoft Age of Empires Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
MKVtoolnix 2.4.1
Mozilla Firefox (2.0.0.18)
MSN
Nero Suite
Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
Panda ActiveScan 2.0
PhotoNow! 1.0
PremiereAVSPlugin 1.5
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Replay Media Catcher
Spybot - Search & Destroy
Ulead VideoStudio 11
VeohTV BETA
VideoReDo TVSuite Version 3.1.4.549
VirtualDubMod 1.5.4.1
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Xiph QuickTime Components
XMLinst
Xvid 1.1.3 final uninstall
Yahoo! extras
Yahoo! Messenger
Yahoo! Toolbar
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTornado 0.3.8

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.
 
new uninstall list

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
AMVapp 2.1
AMVapp Audio Apps 2.0
AMVapp Support Tools 2.0
Apple Software Update
Audio Record Wizard v3.98
Avant Browser (remove only)
AVerTV GO 007 FM Plus
AVG Free 8.0
AVI MPEG WMV RM to MP3 Converter 1.6.8
AVI Splitter
AviSynth 2.5
Avisynth Filters 2.5x
AVS DVD Player version 2.4
dBpowerAMP
dBpoweramp DSP Effects
dBpoweramp Music Converter
DGMPEGDec 1.2.1
DivX Web Player
DVD Decrypter (Remove Only)
ffdshow [rev 1846] [2008-02-05]
Google Toolbar for Internet Explorer
Helix YUV Codecs (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-11-17
iTunes
Lossless Codecs
Megaupload Toolbar
Microsoft .NET Framework 2.0
Microsoft Age of Empires Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.18)
MSN
Nero Suite
Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
PhotoNow! 1.0
PremiereAVSPlugin 1.5
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Replay Media Catcher
Spybot - Search & Destroy
Ulead VideoStudio 11
VeohTV BETA
VideoReDo TVSuite Version 3.1.4.549
VirtualDubMod 1.5.4.1
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Xiph QuickTime Components
XMLinst
Xvid 1.1.3 final uninstall
Yahoo! extras
Yahoo! Messenger
Yahoo! Toolbar
 
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
 
RSIT.exe Error

RSIT.exe is not working when it's running: Performing Registry Dump .

Autolt Error

Line -1:
Error: Error parsing function call.
 
Please then try this instead.

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please copy/paste the contents of the following reports in your next reply:

DDS.txt
Attach.txt
 
Dds

DDS.txt


DDS (Version 1.0.1) - NTFSx86
Run by s.s.ram at 15:03:08.03 on Sat 12/13/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.204 [GMT 5.5:30]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Documents and Settings\s.s.ram\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mWinlogon: System=kdneu.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3E1500AC-87A5-416b-A211-82E848649DA9} - c:\progra~1\ofb1\Ofb1.dll
BHO: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [c:\windows\system32\kdneu.exe] c:\windows\system32\kdneu.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicktv.lnk - c:\program files\avertv\QuickTV.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\progra~1\yahoo!\common\yhexbmesin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\perfc000.dat,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ss1611~1.ram\applic~1\mozilla\firefox\profiles\aqzwukpa.default\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-23 26824]
R1 prcmondrv;prcmondrv;\??\c:\windows\system32\drivers\prcmondrv1041.sys [2007-10-8 18432]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-23 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-23 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-23 76040]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2008-1-14 57152]
S2 BT848;AVerMedia AVerTV WDM Video Capture (878);c:\windows\system32\drivers\Bt848.sys []
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys []
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2007-6-22 1171456]
S3 pacdcacm;pacdcacm;c:\windows\system32\drivers\pacdcacm.sys [2007-6-17 26496]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2008-12-13 12:24 6,144 a------- c:\windows\system32\ff_acm.acm
2008-12-13 11:43 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-13 11:43 1,409 a------- c:\windows\QTFont.for
2008-12-12 10:30 473,422,040 a------- C:\TV_CH68_1212_103027.mpg
2008-12-09 22:25 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-09 22:25 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-09 22:25 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-09 22:25 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-09 19:59 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2008-12-09 19:59 7,680 a------- c:\windows\system32\ff_vfw.dll
2008-12-09 19:59 <DIR> --d----- c:\program files\ffdshow
2008-12-09 19:38 58,652 a------- c:\program files\AMVapp-uninst.exe
2008-12-09 19:36 67,895 a------- c:\program files\Premiere AVS Plugin uninst.exe
2008-12-09 18:50 <DIR> --d----- c:\program files\MKVtoolnix
2008-12-08 19:08 <DIR> --d----- C:\Lop SD
2008-12-08 17:01 593,235,860 a------- C:\TV_CH68_1208_170121.mpg
2008-12-05 20:03 <DIR> --d----- c:\program files\avisplit
2008-12-03 19:32 0 a------- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
2008-12-03 19:20 <DIR> --d----- C:\[ILA] Lupin III - The Secret of Twilight Gemini
2008-11-29 19:23 <DIR> --d----- c:\program files\ARWizard3
2008-11-23 15:09 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-11-23 14:42 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-23 14:42 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-23 14:42 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-23 14:42 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-23 14:41 <DIR> --d----- c:\program files\AVG
2008-11-23 14:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-21 12:28 <DIR> --d----- c:\program files\Trend Micro
2008-11-20 20:31 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-20 20:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2008-12-09 19:37 35,365 a------- c:\windows\system32\uninstHelixYUV.exe
2008-03-09 08:18 39,208 a------- c:\docume~1\ss1611~1.ram\applic~1\GDIPFONTCACHEV1.DAT
2004-05-08 12:11 53,361 a------- c:\program files\Premiere AVS GUI.exe
2004-05-07 03:27 57,344 a------- c:\program files\IM-Avisynth.prm
2007-10-01 18:36 56 ---shr-- c:\windows\system32\FFBD8F5B1A.sys
2007-10-01 18:36 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:03:32.70 ===============


Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2007 10:18:31 PM
System Uptime: 12/13/2008 2:59:51 PM (1 hours ago)

Motherboard: Intel Corporation | | D915GAV
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 6.68 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 1.981 GiB free.
E: is FIXED (NTFS) - 90 GiB total, 1.623 GiB free.
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2D2D400&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2D2D400&0
Service: i8042prt

==== System Restore Points ===================

RP399: 11/9/2008 11:57:07 AM - Removed InterVideo DeviceService
RP400: 11/9/2008 11:57:50 AM - Removed Intel(R) PROSet for Wired Connections
RP401: 11/9/2008 11:58:31 AM - Removed Intel(R) PROSafe for Wired Connections
RP402: 11/10/2008 11:59:01 AM - System Checkpoint
RP403: 11/12/2008 10:21:13 AM - System Checkpoint
RP404: 11/13/2008 11:14:18 AM - System Checkpoint
RP405: 11/14/2008 12:47:51 PM - System Checkpoint
RP406: 11/16/2008 1:40:52 PM - System Checkpoint
RP407: 11/18/2008 9:52:12 AM - System Checkpoint
RP408: 11/19/2008 9:56:05 AM - System Checkpoint
RP409: 11/20/2008 10:04:39 AM - System Checkpoint
RP410: 11/21/2008 11:12:32 AM - System Checkpoint
RP411: 11/22/2008 4:31:32 PM - System Checkpoint
RP412: 11/22/2008 7:58:55 PM - Removed AVG 7.5
RP413: 11/22/2008 8:00:03 PM - Installed AVG 7.5
RP414: 11/23/2008 2:41:55 PM - Installed AVG Free 8.0
RP415: 11/23/2008 4:07:19 PM - Avg8 Update
RP416: 11/24/2008 5:20:48 PM - System Checkpoint
RP417: 11/27/2008 11:20:17 AM - System Checkpoint
RP418: 11/29/2008 10:24:27 AM - System Checkpoint
RP419: 11/30/2008 1:16:10 PM - System Checkpoint
RP420: 12/1/2008 1:44:05 PM - System Checkpoint
RP421: 12/2/2008 4:19:24 PM - System Checkpoint
RP422: 12/4/2008 12:49:26 PM - System Checkpoint
RP423: 12/4/2008 10:50:52 PM - Avg8 Update
RP424: 12/6/2008 9:41:49 AM - System Checkpoint
RP425: 12/7/2008 2:01:52 PM - System Checkpoint
RP426: 12/9/2008 10:05:47 AM - System Checkpoint
RP427: 12/10/2008 5:49:56 PM - System Checkpoint
RP428: 12/11/2008 6:39:53 PM - System Checkpoint
RP429: 12/12/2008 7:45:09 PM - System Checkpoint
RP430: 12/13/2008 3:02:24 PM - Avg8 Update

==== Installed Programs ======================


Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
AMVapp 2.1
AMVapp Audio Apps 2.0
AMVapp Support Tools 2.0
Apple Software Update
Audio Record Wizard v3.98
Avant Browser (remove only)
AVerTV GO 007 FM Plus
AVG Free 8.0
AVI MPEG WMV RM to MP3 Converter 1.6.8
AVI Splitter
AviSynth 2.5
Avisynth Filters 2.5x
AVS DVD Player version 2.4
dBpowerAMP
dBpoweramp DSP Effects
dBpoweramp Music Converter
DGMPEGDec 1.2.1
DivX Web Player
DVD Decrypter (Remove Only)
ffdshow [rev 1846] [2008-02-05]
Google Toolbar for Internet Explorer
Helix YUV Codecs (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-11-17
IpWins
iTunes
Lossless Codecs
Megaupload Toolbar
Microsoft .NET Framework 2.0
Microsoft Age of Empires Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
MKVtoolnix 2.4.1
Mozilla Firefox (2.0.0.18)
MSN
Nero Suite
Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
PhotoNow! 1.0
PremiereAVSPlugin 1.5
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Replay Media Catcher
Spybot - Search & Destroy
TV
Ulead VideoStudio 11
VeohTV BETA
VideoReDo TVSuite Version 3.1.4.549
VideoStudio
VirtualDubMod 1.5.4.1
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Xiph QuickTime Components
XMLinst
Xvid 1.1.3 final uninstall
Yahoo! extras
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages ===================

12/9/2008 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/9/2008 11:00:02 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
12/9/2008 10:36:12 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
12/9/2008 10:00:02 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/9/2008 9:37:20 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/9/2008 9:33:07 AM, error: Service Control Manager [7000] - The osaio service failed to start due to the following error: The system cannot find the file specified.
12/9/2008 9:33:07 AM, error: Service Control Manager [7000] - The AVerMedia AVerTV WDM Video Capture (878) service failed to start due to the following error: The system cannot find the file specified.
12/8/2008 8:00:03 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/8/2008 7:00:02 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
12/8/2008 6:00:02 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/8/2008 5:00:03 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
12/8/2008 4:00:02 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/8/2008 3:00:02 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
12/7/2008 7:34:16 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00E04D0504EA. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
12/7/2008 6:40:07 PM, error: Dhcp [1002] - The IP address lease 192.168.100.5 for the Network Card with network address 00E04D0504EA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/7/2008 2:00:02 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/7/2008 1:00:02 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
12/9/2008 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
12/9/2008 11:00:02 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
12/10/2008 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/13/2008 12:56:48 PM, error: Dhcp [1002] - The IP address lease 210.18.189.79 for the Network Card with network address 00E04D0504EA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================
 
Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
 
Kaspersky online scanner

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 13, 2008 10:49:55
Records in database: 1457562
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 112734
Threat name: 11
Infected objects: 28
Suspicious objects: 0
Duration of the scan: 04:05:00


File name / Threat name / Threats count
C:\Documents and Settings\s.s.ram\Desktop\New Folder (7)\mkvtoolnix-unicode-2.4.1-setup(3).exe Infected: Backdoor.Win32.Small.gvb 1
C:\Documents and Settings\s.s.ram\Local Settings\Temp\sta1.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web\Mail proc.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\bweibtvz.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\digmqanm.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\For That Data.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\hvauqfgi.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\hweabytw.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\kmqiwkzb.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\livehidecity.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\mjbboleg.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\mqbdiwdq.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\shzydvaz.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\trjopohz.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\ydntujqc.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\ztslisjw.exe Infected: Trojan.Win32.Obfuscated.gen 1
D:\autorun.inf Infected: Worm.Win32.AutoRun.onp 1
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1\ccsakura_ss.exe Infected: not-a-virus:AdWare.Win32.Gator.3013 1
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1.zip Infected: not-a-virus:AdWare.Win32.Gator.3013 1
D:\mIRC 6.3 + keygen.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
D:\mIRC 6.31 + Crack.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo\fo-fr71e.exe Infected: not-a-virus:FraudTool.Win32.ContaVir.d 1
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo.rar Infected: not-a-virus:FraudTool.Win32.ContaVir.d 1
D:\Softwares\gc2003.exe Infected: not-a-virus:WebToolbar.Win32.VB.e 1
D:\Softwares\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2
D:\Softwares\netpumper-1.23-setup.exe Infected: Packed.Win32.PolyCrypt.d 1
E:\autorun.inf Infected: Worm.Win32.AutoRun.oni 1

The selected area was scanned.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:50 PM, on 12/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - C:\PROGRA~1\Ofb1\Ofb1.dll (file missing)
O2 - BHO: (no name) - {484FFC3E-5891-BD10-0BED-75DFED1D8FA1} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdneu.exe] C:\WINDOWS\system32\kdneu.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7159 bytes
 
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
 
Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.31
Database version: 1499
Windows 5.1.2600 Service Pack 2

12/14/2008 8:10:21 PM
mbam-log-2008-12-14 (20-10-21).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 147301
Time elapsed: 1 hour(s), 20 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 7
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ofb1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ofb1.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7be6b643-6201-4cf7-b8b1-d79ffae57cba} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9504ae8f-1019-4258-a047-c04ccc5301e6} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a1789eb6-b263-4bd6-8830-d3daaf78949a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7467507-dd40-4123-be49-7b7df5db80c6} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{58696980-c6b3-4ad2-ab53-718f1c3c57ca} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c1bc108b-b3ef-4e18-8ee6-cf3c381e3783} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a93a1ba9-9ee8-469f-a9fe-fd1c26700bda} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a75e294e-c047-4d29-b07e-37b792881bef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a75e294e-c047-4d29-b07e-37b792881bef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AleWinSecure.EXE (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ofb1= (Trojan.Clicker) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Netscape\Netscape Navigator\Automation Protocols\ftp (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Netscape\Netscape Navigator\Automation Protocols\http (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdneu.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Ipwindows (Trojan.Rond) -> Quarantined and deleted successfully.
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
 
Re-DDS

DDS.txt


DDS (Version 1.0.1) - NTFSx86
Run by s.s.ram at 11:58:15.54 on Mon 12/15/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.182 [GMT 5.5:30]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\Documents and Settings\s.s.ram\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [c:\windows\system32\kdneu.exe] c:\windows\system32\kdneu.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicktv.lnk - c:\program files\avertv\QuickTV.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\progra~1\yahoo!\common\yhexbmesin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\perfc000.dat,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ss1611~1.ram\applic~1\mozilla\firefox\profiles\aqzwukpa.default\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-23 26824]
R1 prcmondrv;prcmondrv;\??\c:\windows\system32\drivers\prcmondrv1041.sys [2007-10-8 18432]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-23 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-23 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-23 76040]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2008-1-14 57152]
S2 BT848;AVerMedia AVerTV WDM Video Capture (878);c:\windows\system32\drivers\Bt848.sys []
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys []
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2007-6-22 1171456]
S3 pacdcacm;pacdcacm;c:\windows\system32\drivers\pacdcacm.sys [2007-6-17 26496]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2008-12-14 18:44 <DIR> --d----- c:\docume~1\ss1611~1.ram\applic~1\Malwarebytes
2008-12-14 18:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-14 18:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 18:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-14 18:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-13 17:13 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-13 17:13 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-13 12:24 6,144 a------- c:\windows\system32\ff_acm.acm
2008-12-13 11:43 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-13 11:43 1,409 a------- c:\windows\QTFont.for
2008-12-12 10:30 473,422,040 a------- C:\TV_CH68_1212_103027.mpg
2008-12-09 22:25 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-09 22:25 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-09 22:25 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-09 22:25 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-09 20:00 1,183,043,820 a------- C:\TV_CH68_1209_200008.mpg
2008-12-09 19:59 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2008-12-09 19:59 7,680 a------- c:\windows\system32\ff_vfw.dll
2008-12-09 19:59 <DIR> --d----- c:\program files\ffdshow
2008-12-09 19:38 58,652 a------- c:\program files\AMVapp-uninst.exe
2008-12-09 19:36 67,895 a------- c:\program files\Premiere AVS Plugin uninst.exe
2008-12-08 19:08 <DIR> --d----- C:\Lop SD
2008-12-08 17:01 593,235,860 a------- C:\TV_CH68_1208_170121.mpg
2008-12-05 20:03 <DIR> --d----- c:\program files\avisplit
2008-12-03 19:32 0 a------- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
2008-12-03 19:20 <DIR> --d----- C:\[ILA] Lupin III - The Secret of Twilight Gemini
2008-11-29 19:23 <DIR> --d----- c:\program files\ARWizard3
2008-11-23 15:09 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-11-23 14:42 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-23 14:42 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-23 14:42 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-23 14:42 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-23 14:41 <DIR> --d----- c:\program files\AVG
2008-11-23 14:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-21 12:28 <DIR> --d----- c:\program files\Trend Micro
2008-11-20 20:31 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-20 20:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2008-12-09 19:37 35,365 a------- c:\windows\system32\uninstHelixYUV.exe
2008-03-09 08:18 39,208 a------- c:\docume~1\ss1611~1.ram\applic~1\GDIPFONTCACHEV1.DAT
2004-05-08 12:11 53,361 a------- c:\program files\Premiere AVS GUI.exe
2004-05-07 03:27 57,344 a------- c:\program files\IM-Avisynth.prm
2007-10-01 18:36 56 ---shr-- c:\windows\system32\FFBD8F5B1A.sys
2007-10-01 18:36 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 11:58:45.76 ===============


Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2007 10:18:31 PM
System Uptime: 12/15/2008 8:45:36 AM (3 hours ago)

Motherboard: Intel Corporation | | D915GAV
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 5.188 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 1.921 GiB free.
E: is FIXED (NTFS) - 90 GiB total, 6.36 GiB free.
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2D2D400&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2D2D400&0
Service: i8042prt

==== System Restore Points ===================

RP399: 11/9/2008 11:57:07 AM - Removed InterVideo DeviceService
RP400: 11/9/2008 11:57:50 AM - Removed Intel(R) PROSet for Wired Connections
RP401: 11/9/2008 11:58:31 AM - Removed Intel(R) PROSafe for Wired Connections
RP402: 11/10/2008 11:59:01 AM - System Checkpoint
RP403: 11/12/2008 10:21:13 AM - System Checkpoint
RP404: 11/13/2008 11:14:18 AM - System Checkpoint
RP405: 11/14/2008 12:47:51 PM - System Checkpoint
RP406: 11/16/2008 1:40:52 PM - System Checkpoint
RP407: 11/18/2008 9:52:12 AM - System Checkpoint
RP408: 11/19/2008 9:56:05 AM - System Checkpoint
RP409: 11/20/2008 10:04:39 AM - System Checkpoint
RP410: 11/21/2008 11:12:32 AM - System Checkpoint
RP411: 11/22/2008 4:31:32 PM - System Checkpoint
RP412: 11/22/2008 7:58:55 PM - Removed AVG 7.5
RP413: 11/22/2008 8:00:03 PM - Installed AVG 7.5
RP414: 11/23/2008 2:41:55 PM - Installed AVG Free 8.0
RP415: 11/23/2008 4:07:19 PM - Avg8 Update
RP416: 11/24/2008 5:20:48 PM - System Checkpoint
RP417: 11/27/2008 11:20:17 AM - System Checkpoint
RP418: 11/29/2008 10:24:27 AM - System Checkpoint
RP419: 11/30/2008 1:16:10 PM - System Checkpoint
RP420: 12/1/2008 1:44:05 PM - System Checkpoint
RP421: 12/2/2008 4:19:24 PM - System Checkpoint
RP422: 12/4/2008 12:49:26 PM - System Checkpoint
RP423: 12/4/2008 10:50:52 PM - Avg8 Update
RP424: 12/6/2008 9:41:49 AM - System Checkpoint
RP425: 12/7/2008 2:01:52 PM - System Checkpoint
RP426: 12/9/2008 10:05:47 AM - System Checkpoint
RP427: 12/10/2008 5:49:56 PM - System Checkpoint
RP428: 12/11/2008 6:39:53 PM - System Checkpoint
RP429: 12/12/2008 7:45:09 PM - System Checkpoint
RP430: 12/13/2008 3:02:24 PM - Avg8 Update
RP431: 12/13/2008 5:13:09 PM - Installed Java(TM) 6 Update 11

==== Installed Programs ======================


Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
AMVapp 2.1
AMVapp Audio Apps 2.0
AMVapp Support Tools 2.0
Apple Software Update
Audio Record Wizard v3.98
Avant Browser (remove only)
AVerTV GO 007 FM Plus
AVG Free 8.0
AVI MPEG WMV RM to MP3 Converter 1.6.8
AVI Splitter
AviSynth 2.5
Avisynth Filters 2.5x
AVS DVD Player version 2.4
dBpowerAMP
dBpoweramp DSP Effects
dBpoweramp Music Converter
DGMPEGDec 1.2.1
DivX Web Player
DVD Decrypter (Remove Only)
ffdshow [rev 1846] [2008-02-05]
Google Toolbar for Internet Explorer
Helix YUV Codecs (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-11-17
IpWins
iTunes
Java(TM) 6 Update 11
Lossless Codecs
Malwarebytes' Anti-Malware
Megaupload Toolbar
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
MSN
Nero Suite
Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
PhotoNow! 1.0
PremiereAVSPlugin 1.5
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Replay Media Catcher
Spybot - Search & Destroy
TV
Ulead VideoStudio 11
VeohTV BETA
VideoReDo TVSuite Version 3.1.4.549
VideoStudio
VirtualDubMod 1.5.4.1
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Xiph QuickTime Components
XMLinst
Xvid 1.1.3 final uninstall
Yahoo! extras
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages ===================

12/10/2008 12:00:02 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/10/2008 11:00:03 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
12/10/2008 10:00:02 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/10/2008 9:20:09 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/10/2008 9:16:20 AM, error: Service Control Manager [7000] - The osaio service failed to start due to the following error: The system cannot find the file specified.
12/10/2008 9:16:20 AM, error: Service Control Manager [7000] - The AVerMedia AVerTV WDM Video Capture (878) service failed to start due to the following error: The system cannot find the file specified.
12/10/2008 9:15:04 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
12/9/2008 11:00:02 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
12/9/2008 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
12/9/2008 8:00:03 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/9/2008 7:00:03 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
12/9/2008 6:00:03 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/9/2008 5:00:03 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
12/9/2008 4:00:02 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/9/2008 3:00:03 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
12/10/2008 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/11/2008 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
12/13/2008 12:56:48 PM, error: Dhcp [1002] - The IP address lease 210.18.189.79 for the Network Card with network address 00E04D0504EA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/13/2008 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/15/2008 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402

==== End Of File ===========================
 
Let's check this next:

  1. Please download OTViewIt by OldTimer and save it to your Desktop.
  2. Close all applications and windows.
  3. Double-click on the OTViewIt.exeto start OTViewIt.
  4. Place a checkmark in the blue-colored "Scan All Users" checkbox.
  5. Click the blue Run Scan button.
  6. OTViewIt will now start its scan.
  7. When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
  8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
 
You must log in or register to reply here.
Back
Top